# [[Loki Community Call - October 2024 - All About Logs Drilldown]] [Google Docs agenda](https://gra.fan/lokicc) ![[Loki Community Call - October 2024 - All About Logs Drilldown]] <iframe width="560" height="315" src="https://www.youtube.com/embed/XJMQbEuBeMc" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> Related:: "" ## Timestamps 00:00:00 Introductions 00:01:25 Announcement - Promtail bug 00:03:15 What is Explore Logs? 00:06:10 Explore vs Explore Logs - Code, Low Code, and No Code modes 00:07:44 Installing Explore Logs as a Grafana plugin 00:15:16 Demo of Explore Logs 00:19:37 How are fields detected? Is structured metadata required? 00:23:25 How can we use Explore Logs for Grafana Enterprise? 00:25:49 Pattern ingestion for Explore Logs 00:31:05 Can I have custom labels inferred by Explore Logs? 00:35:20 Do patterns work on unstructured logs? 00:39:10 How to install Explore Logs 00:46:20 Is there a difference between OSS and Grafana Cloud Explore Logs? 00:48:03 Future of Explore Logs 00:51:47 Difficulties while developing Explore Logs 00:56:02 Streaming support for Explore Logs ## Cards to add 00:27:41 Log patterns https://grafana.com/docs/grafana-cloud/visualizations/simplified-exploration/logs/patterns/ 00:40:50 What is Loki video where we go through how to use Explore Logs: https://www.youtube.com/watch?v=1uk8LtQqsZQ ## Talking points - Intros - (Jay) Quick note about the Promtail bug. - ObservabilityCON 2024 announcements - What are we talking about this week - Explore Logs - Explore vs Explore Logs - How does it fit in with the other Explore Apps? - Explore Logs - What problem does Explore Logs solve? - Code/low code/no code - What is visualized? - Structured metadata - Where can you find Explore logs? - How to install the Explore Logs? - This is also available in Grafana Cloud - any differences between the two? - Are there any special configurations needed for the Loki deployment? - Volume? - Pattern Ingester? - allow_structured_metadata - Why? - Which version of Loki includes Explore Logs? Which version of Grafana? - Will Grafana 11.3 have it by default? - Do users need to change how logs are ingested to make use of Explore logs? - Labels - Structured metadata - Format type - Implementation - Explore Logs - How does the app interact with loki? - Endpoints - Queries - What type of patterns were implemented and how does the app discover these within the logs? - Are then any performance implications / design decisions the user should be aware of when using the app? - Can we change the dashboards that come with Explore Logs? - Future of Explore Logs - What's next for Explore Logs? - "streaming support" for graphs and log lines shown for faster query times - What are other ways that people can get started with Loki without using LogQL? ## Extra notes - Pattern ingester is solely for Explore Logs, not [[Bloom filters in Loki]]. - Drain algorithm pulls out high-cardinality values like the timestamp - Custom labels? - `service_name` - if this is sent, we use this - `service` - `app` - `application` - `name` - `app_kubernetes_io_name` - `container` - `container_name` - `k8s_container_name` - `component` - `workload` - `job` - `k8s_job_name` - We are actively working on this. Eventually you'll be able to supply additional labels. The list above is a per-tenant config (runtime Loki `config.yaml` file) - Patterns work only on logs that have some sort of structure, but it doesn't have to be structured metadata (OTel) - [[How to enable Explore Logs for Loki]] - Grafana v11.2.0 or later - Loki v3.2.0 or later - In `config.yaml` - `volume_enabled: true` - (for best experience) - `pattern_ingester` enabled - `allow_structured_metadata: true` - Install as Grafana plugin - `schema: v13` or higher is required in `config.yaml` to allow structured metadata - Streaming support in the future of Explore Logs - For log queries: we cap at 1000 log lines by default - For metrics: we have to ingest everything - Metrics are typically sliced into time chunks, and that's why Explore log metrics data is filled in right to left (most recent first, then older ones are loaded)-- vertical splitting - Streaming: horizontal sharding - Loki wants to create streams of the same size. The UI can leverage this same sharding. - currently being tested for metrics, and eventually this will work for logs too-- and bloom filters! - %% # Text Elements # Drawing ```json {"type":"excalidraw","version":2,"source":"https://github.com/zsviczian/obsidian-excalidraw-plugin/releases/tag/2.0.25","elements":[],"appState":{"theme":"dark","gridSize":null,"viewBackgroundColor":"#ffffff"}} ``` %%