Calculating Unique System Counts per Error Message with Loki Query in Grafana Dashboard
I am currently working on a Grafana dashboard where I visualize various errors logged in different systems and count the number of times these errors occur. I am using Loki to send journal logs to Grafana. I've managed to create a query that groups error messages and counts their occurrences over a span of 7 days.
Here is my current Loki query:
topk(10, sum by(message)(count_over_time({job="systemd-journal"} |~ `ERROR:` | regexp `(?P<message>ERROR:.*)` [7d])))
The output from this query is as follows:
Now, I would like to extend this functionality to include an additional value which indicates from how many different systems these errors are coming. Ideally, this would be displayed next to the current value in the dashboard.
I tried adding a "Group by" transformation in Grafana, grouping by the message field and counting unique system identifiers (like hostname) associated with each error message. Here was my attempted query modification:
sum by(message, hostname)(count_over_time({job="systemd-journal"} |~ `ERROR:` | regexp `(?P<message>ERROR:.*)` [7d]))
I expected to see an additional column indicating the count of unique systems per error message. However, this approach doesn't seem to work, as I end up with no data when adding the "Group by" transformation in Grafana.
My output for the query above without the group by transformation:
Solved it with markalex suggestion count by(hostname) ( <your attempt sum by(message, hostname) ...> )
- How to add release number from pipeline into K6-InfluxDB-Grafana stack so that in grafana we can filter results based on Release Number as well
- Can i create a multi column variable in grafana?
- How to determine which services did not send logs in the last 24h Grafana Loki LogQL
- Create a count on a Grafana Dashboard
- Grafana: Datasource (Prometheus ) query 403
- How to mount a GCP Cloud Storage volume in GCP Cloud Run service?
- Java Micrometer - What to do with metrics of type *_bucket
- Nginx reverse proxy fails to access prometheus container
- How do I monitor whether a docker container is running with Grafana?
- divide multiple series by each other in grafana
- Unable to add Grafana Loki datasource in Kubernetes
- Grafana Prometheus Variable using multiple metrics
- How to create a Grafana variable that uses only one element of a Grafana query variable containing a list
- Grafana Pod is in Init Error state after adding an existing PVC
- Grafana Dashboard with Loki to display a single number
- Changing Prometheus job label in scraper for cAdvisor breaks Grafana dashboards
- Error Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
- Histogram of values grouped by a label
- How to transform a variable value before passing to a query in Grafana
- Grafana variable dropdown with name and value with QuestDB data source
- Grafana colour categories based on column
- Containerized Grafana unable to connect Containerized Prometheus
- ServiceMonitor Prometheus not working in another namespace
- Grafana dashboards vs. console templates in Prometheus
- How to measure the replication in PostgreSQL with Grafana
- How to set up alerts in Grafana using last() reduce function if the latest value ​change
- How can I sort the legend by series name in Prometheus/Grafana
- CORS in Grafana API
- Query multiple tables with same structure dynamically
- Is there any way to represent POD CPU usage in terms of CPU cores using prometheus metrics