In general, you should avoid having too many labels. From fluentd you should do as little parsing as possible to get the labels you want / need. It has the benefit of keeping your log pipeline simpler, as well as avoiding have too much cardinality in Loki labels.
A few thought I have had while transitioning from Elastic Stack to Loki.
Just looking at the log message. The labels were already covered
The need for “pre-parsing” the log message is limited with Loki, as the message is not indexed as fields, but rather as just a plain string. Having a well structured log line will however make parsing at query-time a nicer experience.
So pre-parse your log messages, if you need to, so your log messages are easy to parse at query-time. Hope that makes sense.
On a different note, JSON is not a particularly human friendly log format so I’m expecting many of our teams to possibly switch to logfmt as at least I find it easier to read. But who knows…