I am using Alloy to send Kubernetes log to Loki and Explore/Drilldown to visualize the log. Here is the Alloy config snippet that I use to specify the labels and structured metadata:
discovery.relabel "default_pod_logs" {
<omitted>
rule {
source_labels = ["__meta_kubernetes_namespace"]
action = "replace"
target_label = "namespace"
}
rule {
source_labels = ["__meta_kubernetes_pod_name"]
action = "replace"
target_label = "pod"
}
rule {
source_labels = ["__meta_kubernetes_pod_container_name"]
action = "replace"
target_label = "container"
}
rule {
source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
action = "replace"
target_label = "app"
}
<omitted>
}
loki.process "java_pod_logs" {
<omitted>
stage.structured_metadata {
values = {
java_service_name = "",
level = "",
primary_context = "",
secondary_context = "",
retention = "",
}
}
<omitted>
stage.output {
source = "message"
}
<omitted>
}
and here is the details of the log as seen in Explore:
which is as I expected: the labels and structured metadata fields are what I specified with several auto-added label from Alloy’s discovery component.
But when seen in Drilldown, there are additional “parsed labels”:
I am guessing that there is a mechanism in somewhere that automatically detect the log format and parse it, maybe mistakenly as Logfmt.
My questions are
- Why is this happening?
- I don’t want the parsed labels to be shown at all in Drilldown, including in the Fields tab. Is it possible?
