LogQL : How to get the last values?
Question
I am parsing access logs from Squid (proxy) with Loki and Grafana.
I am trying to do something simple: display top 10 requested domains (or IP) in the last 24h.
To do so, I created a Loki label which extract the domain from the log line in the Loki pipeline with a regex.
So in the LogQL query I have access to a label named 'connection' which is the domain.
I don't manage to extract the top 10 domains. Here is what I tried:
LogQL query: topk(3, sum by(connection) (count_over_time({container_name="squid"} [1d])))
Data visualisation:
We can see that the last displayed line are the top 10 domains, but there is also many domains that were in the top 10 at some moment and they are still returned by the query.
I would like to keep only the top 10 domains at the and of the window of 24h...
In that way if I choose to display a bar gauge I will get only 10 entries. Currently I have this (with the same request): Bar gauge with the request
Does someone have a solution?
1 answers
solution1
0 2022-11-16 22:57:18
Ok I found out: In the query options, you have to change "range" to "instant"
and that works, it keeps the result of the query at the end of the time window !
Now I finally have my bar gauge, but it is not sorted... Next issue I guess;)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.