Time difference between 2 loglines

toon2 · March 3, 2025, 10:48am

Hello, using loki with logQL. I am trying to get the difference in time between consecutive log lines. My goal is to get the total time that the state machine was in a certain state (attributes_target). I cannot seem to do operations on the timestamps of the logs
Here is a example of the logs that show to state transitions from source to target state.

1739968397584	{"body":"State transition","severity":"INFO","attributes":{"NAME":"StateMachineHandler","source":"ReconnectingConnectedModem","target":"WaitingForFirstFrame"},"resources":{"service.name":"tablet","service.version":"0.0.1"},"instrumentation_scope":{"name":"tablet::state_machine::tablet_statemachine_handler"}}
1739968396771	{"body":"State transition","severity":"INFO","attributes":{"NAME":"StateMachineHandler","source":"Interrupted","target":"ReconnectingConnectedModem"},"resources":{"service.name":"tablet","service.version":"0.0.1"},"instrumentation_scope":{"name":"tablet::state_machine::tablet_statemachine_handler"}}
1739968392724	{"body":"State transition","severity":"INFO","attributes":{"NAME":"StateMachineHandler","source":"Playing","target":"Interrupted"},"resources":{"service.name":"tablet","service.version":"0.0.1"},"instrumentation_scope":{"name":"tablet::state_machine::tablet_statemachine_handler"}}

tonyswumac · March 3, 2025, 5:16pm

I don’t think this is possible by using Loki alone. Logs are processed line by line, it’s hard to do calculate across. You might be able to do it in Grafana, I am not entirely sure, but I think it’s worth a try:

Create three queries, one for each abbributes_target, and use line_format to output the timestamp as nanoseconds.
In Grafana dashboard, use transformation to join all three metrics into one.
Use another transformation to do calculation.

It would be great if your source can determine the duration of state for you (for example, perhaps have another log line that says something to the effect of exiting a state with duration).

toon2 · March 4, 2025, 1:24pm

Thanks for the answer! In my example there are only 3 log lines, but normally have have to get the time difference between all the logs lines (>1000).

which transformation would you use operate between the different cumulative timestamps and always show the difference (in a new column)
how do you transfer the timestamp to unix nanoseconds? I converted it to seconds with

| line_format " {{ __timestamp__ | unixEpoch}}"

Topic		Replies	Views
How to get the difference between two time epochs in logs after correlating them Dashboards promql , logs , grafana , logql	1	13	March 14, 2025
Loki query to find difference between 2 timestamps Grafana Loki loki	8	3750	September 5, 2024
Time difference between two logs Grafana Loki	1	75	October 2, 2024
Perform set difference on label, where the difference between queries is timestamp Grafana Loki loki , transformations , logql	1	25	November 12, 2024
Calculating Response Time based off Timestamps Grafana Loki loki , query-help	1	62	January 22, 2025

Time difference between 2 loglines

Related topics