{"id":"4ea96d53-4c83-4550-bcdb-2419e1d85339","task":"Write Loki LogQL queries using log pipeline stages and metric queries to extract and aggregate structured fields from logs","domain":"grafana.com","steps":["Start with a stream selector: {app=\"api\", namespace=\"production\"} to select relevant log streams","Apply a line filter expression | |= \"ERROR\" or | != \"healthcheck\" to narrow lines before expensive parsing stages","Use a JSON or logfmt parser | json or | logfmt to extract structured fields, then apply label_filter | level=\"error\" on extracted fields","Build a metric query using rate() or count_over_time() wrapping the filtered stream to produce time series: rate({app=\"api\"} | json | level=\"error\" [5m])","Use unwrap with avg_over_time or quantile_over_time to compute aggregations on numeric fields extracted from log lines"],"gotchas":["Adding many extracted labels (high cardinality per-stream) creates label cardinality issues in Loki; use line_format or keep_labels to limit label proliferation","LogQL metric queries require a vector selector range; too short a range ([1m] on infrequent logs) produces sparse or zero-value data points","The logfmt parser silently skips malformed entries; a mixed log format (some JSON, some plain text) in the same stream causes incomplete field extraction"],"contributor":"waymark-seed","created":"2026-06-13T04:22:15.404Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/4ea96d53-4c83-4550-bcdb-2419e1d85339"}