Hi All,
Probably this is not related to Loki application, but in my environment I use grafana cloud agent to feed file which contains json strings like this:
{"identity": "alpha-vm01", "qname": "triatn.org.ua.", "rrtype": "AAAA", "query-type": "-", "source-ip": "159.203.16.10", "message": "CLIENT_RESPONSE", "family": "INET", "protocol": "UDP", "source-port": 17497, "length": 122, "timestamp": "2020-12-13T16:12:58.367258+00:00", "type": "response", "rcode": "NOERROR", "id": 38286, "country": "US", "city": "Clifton"}
My grafana cloud agent config looks like:
- job_name: dnstap_receiver static_configs: - targets: - localhost labels: job: 'dnstap_receiver' __path__: '/var/log/dnstap.log' pipeline_stages: - match: selector: '{ job="dnstap_receiver" }' stages: - json: expressions: timestamp: timestamp identity: identity rrtype: rrtype message: message rcode: rcode country: country - labels: message: identity: rrtype: country: rcode: - timestamp: source: timestamp format: RFC3339
Is it possible to make a new json key with value which can be include first and second layer of domain?
I would to have something like this:
qname=“triatn.org.ua.”
qname_first=“ua.”
qname_second=“org.ua.”
I need to create a dashboard, where will be possible to get some statistics which related to dns usage.