Using Grafana Variables to Create Dynamic Dashboards

Count Logs Matching a Specific Pattern

Count all logs containing the word "error":

count_over_time({host="$host"} |= "error" [1m])

Calculate the rate of logs containing "timeout" over a 5-minute window:

rate({host="$host"} |= "timeout" [5m])

Create a histogram of log message sizes:

histogram_over_time({host="$host"} | line_format "{{.message}}" [10m])

Calculate the error rate for each service using the level label:

rate({level="error"}[1m])

Find the hosts with the highest log volume over a 5-minute interval:

topk(5, count_over_time({host="$host"}[5m]))

Visualize the frequency of a log message pattern:

count_over_time({host="$host"} |= "error" [1m])

Calculate the log rate per namespace:

sum by (detected_level) (rate({host="$host"}[5m]))

Compare the rates of info and error logs:

rate({level="info"}[5m]) / rate({level="error"}[5m])

Parse log messages to extract a custom field and sum values:

sum by (service) (
  rate({job="api"} | json | unwrap request_time [5m])
)