Loki: Option to add derived fields based on labels #76162
Conversation
Loki only derives fields by a regex matcher, this limits its usage when functions such as `line_formatter` is used on top of the logs. Some users already have logs parsed in json or logfmt structure which are detected as fields in loki. This pull request allows the mapping between detected fields values and derived values by matching the fields' names. Currently the feature is behind `lokiEnableNameMatcherOption` feature toggle.
grafana-pr-automation
bot
added
type/docs
area/backend
area/frontend
datasource/Loki
pr/external
5cat
force-pushed
the
73598-loki-derived-field-from-detected-fields
branch
from
8232c69
to
7c5ee01
Compare
|
Hi @5cat, thanks a lot for your contribution. We will look into this and provide feedback in the upcoming days. While we do this, are you sure this PR will fix #73598? Thanks, |
|
Hey @svennergr, yes it fixes the issue. For example, in the past if you did add I called this matching option "Name matcher", since it matches the fields based on their names. which can be enabled from the provisioned datasource.yml via the - name: gdev-loki
type: loki
access: proxy
url: http://localhost:3100
jsonData:
derivedFields:
- name: "traceID"
enableNameMatcher: true
url: "$${__value.raw}"
datasourceUid: gdev-tempoOr in the UI like this So you can have a query such as And get derived fields correctly setup with the link. now users can add maybe @mladedav or @ThommyH can further confirm my work fixes these issues #73598 grafana/loki#9209 grafana/loki#6614 grafana/loki#9209 because they are all the same. |
|
@svennergr can we help make progress on this one? |
|
Just wanted to chime in here, we just ran into this issue in our POC of replacing our linkerd Jaeger deployment, with Linkerd/Tempo, since the integration between Loki and Tempo would be a huge plus for us. All of our logs come in structured, so while I can see the traceID in the logs, and i can copy/paste into tempo, we have no way of actually using the integration that would be its biggest feature. |
|
@jseiser you should be able to do this trough new feature in Grafana - correlations. Here is the documentation for it https://grafana.com/docs/grafana/latest/administration/correlations/ |
I've tried to set this up but it doesn't seem to work in the way we'd want? We'd want to ingest JSON and be able to show a link on the JSON key
I've attempted to use the correlations to do that, but it seems to only go off fields, so I need to use a derived field anyways, which only works if the field is itself in the query
|
It does off data frame fields. In query inspector, you can see data frame fields. And you can then use transformation on extracting the value. So if your field is in 
|
|
Hi @5cat and others, I know this PR has been open for a long time. I just wanted to let you know that I will be looking into this in the next days. |
…eld-from-detected-fields
svennergr
requested review from
svennergr
and removed request for
a team and
grafanabot
svennergr
changed the title
| /> | ||
| } | ||
| > | ||
| <Select |
There was a problem hiding this comment.
Select is too small for the "Regex in log line" option
There was a problem hiding this comment.
Also, I think the UI would be better if we had Name Type Regex/Label - to make type and regex/label more connected.
public/app/plugins/datasource/loki/configuration/DerivedField.tsx
Outdated
Show resolved
Hide resolved
| const newDerivedFields = [...fields, { name: '', matcherRegex: '', urlDisplayLabel: '', url: '' }]; | ||
| const newDerivedFields = [ | ||
| ...fields, | ||
| { name: '', matcherRegex: '', urlDisplayLabel: '', url: '', enableNameMatcher: false }, |
There was a problem hiding this comment.
Should this be labelMatcher: 'true'?
There was a problem hiding this comment.
Hmm, not sure, because that would technically break the default from "regex" to "label" and it might not be what users expect?
public/app/plugins/datasource/loki/configuration/DerivedField.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Nice job, LGTM! 🚀
Thank you so much for your contribution @5cat . This is going to be EXTREMLY useful for many users! Really appreciate your contribution. 🧡
|
Also a big thank you from my side, @5cat. As you probably have noticed we decided to release this without a feature toggle, such that every Grafana user can make use of your great feature! Hope to see further contributions from you 😊 |
|
Thank you @svennergr and @ivanahuckova for your amazing support. I'm very happy and excited to use this feature. |
|
Would this work with loki's structured metadata or just with real labels? |
Yes, this will work with loki's structured metadata. |
What is this feature?
Loki only derives fields by a regex matcher, this limits its usage when functions such as
line_formatteris used on top of the logs.Some users already have logs parsed in json or logfmt structure which are detected as fields in loki.
This pull request allows the mapping between detected fields values and derived values by matching the fields' names.
Currently the feature is behindlokiDerivedFieldsFromLabelsfeature toggle.Who is this feature for?
This feature is for users who want to have a minimal readable log lines while still having the ability to jump to traces via derived fields.
This feature is for users who prefer to offload the extraction of fields in their queries rather than being limited to what is regex can do.
Which issue(s) does this PR fix?:
Fixes #73598
Special notes for your reviewer:
I did my best to pattern match my way through this, and I dont understand the full implications of my changes so I have added a feature toggle for this.
I did my best to maintain backward compatibility and avoid any refactoring, wanted to keep my changes minimal.
Please check that: