Patterns for Request ID (High Cardinality)

It’s a specific example in the docs that requestId would be too high cardinality for Loki and the docs mention just a text or regex scan on a known pattern embedded in the line, (but not extracted as a label). E.g. |= "[requestId=abc123def45N]"

Is there a good pattern for discovering requestIds for some other labelled entity (within a time-range maybe)

Ideally, we like to just show all the requests for a thing, then grab all the lines for a single request.

I’ve thought about creating an explicit label {initial=YES} at the point when the requestId is set - so we’d have some indexed labels we can query for

{ thing="cafebabe", initial="YES" }

This query would then bring back lines that we can grok on …

2022-05-17T12:00:01 INFO new request [requestId=3456yujhgtfrvc] {thing=cafebabe, inital=YES} 
2022-05-17T12:01:01 INFO new request [requestId=mnhtrtfgvbfd34] {thing=cafebabe, inital=YES} 
2022-05-17T12:02:01 INFO new request [requestId=8uhy56trf2wt5h] {thing=cafebabe, inital=YES} 

Then we can do a time-range query that starts on this initial for a reasonable duration of a request for this query:

    "query": "{ thing=cafebabe } |= '[requestId=3456yujhgtfrvc]'",
    "start": "2022-05-17T12:00:01",
    "end": "2022-05-17T12:01:01",

However, maybe someone else has a better pattern.

Thanks, R