grafana · monodot · May 23, 2025
@@ -11,17 +11,17 @@ In this section of the workshop we will analyze log volume, using Loki's query-t
 1.  Click on the **Code** button to show the LogQL code editor. Paste the following query into the query box then press **Run query**:
 
     ```
-    {filename="/var/log/nginx/json_access.log"} |= "Googlebot"
+    {filename="/var/log/nginx/json_access.log"} |= "bot"
     ```
 
-    Notice that you get JSON log lines of googlebot requests. **Click a log line** to see its details.
+    Notice that you get JSON log lines of bot requests. **Click a log line** to see its details.
 
 1.  At this point, Loki hasn't yet parsed the JSON. It shows the log line in plain text. To parse the log line, we need to add a parser, like `json`.
 
     **Change the query** to the following and then press **Run query**:
 
     ```
-    {filename="/var/log/nginx/json_access.log"} |= "Googlebot" | json
+    {filename="/var/log/nginx/json_access.log"} |= "bot" | json
     ```
 
     Now **click a log line** to expand it. 
@@ -35,10 +35,10 @@ In this section of the workshop we will analyze log volume, using Loki's query-t
 1.  Edit the query to this and then run it:
 
     ```
-    sum by(status) (count_over_time({filename="/var/log/nginx/json_access.log"} |= `Googlebot` | json [5m]))
+    sum by(status) (count_over_time({filename="/var/log/nginx/json_access.log"} |= `bot` | json [5m]))
     ```
 
-    Now Grafana will show the amount of Googlebot requests per minute, split by (HTTP) status code.
+    Now Grafana will show the amount of bot requests per minute, split by (HTTP) status code.
 
     :::tip
 
@@ -55,25 +55,25 @@ In this section of the workshop we will analyze log volume, using Loki's query-t
     Grafana shows the results of the two queries together, in the same graph. This graph allows us to see:
 
     - The total number of requests over time
-    - The number of requests which came from Googlebot, broken down by HTTP status code
-    - The proportion of Googlebot requests, compared to all requests
+    - The number of requests which came from bots, broken down by HTTP status code
+    - The proportion of bot requests, compared to all requests
 
     This information was extracted by Loki in real time, without having to parse logs upfront.
 
 ## Calculate a metric based on a value in the log
 
 In Loki, you can also calculate metrics using values inside the log line itself -- for example, graphing the average response time, or the average payload size over time. This is called an **unwrapped range aggregation**. It uses the `unwrap` function to pass a field from the log line to a metric function, such as `avg_over_time` or `max_over_time`.
 
-1. Run the following query to extract the `bytes_sent` field from every JSON log line. This will draw a chart of how many avg bytes are requested by GoogleBot for every 5 minutes:
+1. Run the following query to extract the `bytes_sent` field from every JSON log line. This will draw a chart of how many avg bytes are requested by bots for every 5 minutes:
 
     ```
-    avg_over_time({filename="/var/log/nginx/json_access.log"} |= "Googlebot" | json | unwrap bytes_sent [5m]) by (host)
+    avg_over_time({filename="/var/log/nginx/json_access.log"} |= "bot" | json | unwrap bytes_sent [5m]) by (host)
     ```
 
 2. Click the **+ Add query** button to add another query:
 
     ```
-    max_over_time({filename="/var/log/nginx/json_access.log"} |= "Googlebot" | json | unwrap bytes_sent [5m]) by (host)
+    max_over_time({filename="/var/log/nginx/json_access.log"} |= "bot" | json | unwrap bytes_sent [5m]) by (host)
     ```
 
     :::info

@@ -22,14 +22,16 @@ We're now going to add a panel showing the 95th percentile of requests time:
 
 1. Select the **LokiNGINX** datasource.
 
+1. Ensure the **Time series** panel type is selected.
+
 1. Add the following query, which extracts the _request time_ from every log line, and calculates the 95th percentile of that value:
 
     ```
     quantile_over_time(0.95,{filename="/var/log/nginx/json_access.log"} 
         | json 
         | upstream_cache_status="MISS" 
         | unwrap request_time 
-        |  __error__=""  [5m]) by (host)
+        |  __error__=""  [5m]) by (server_name)
     ```
 
     This query gives you insight into the near-worst-case performance of requests that weren't served from cache, broken down by host. 
@@ -39,37 +41,43 @@ We're now going to add a panel showing the 95th percentile of requests time:
 1. Click **+ Add query** to add a second query to this panel, to show the max request time within every 1 min interval:
 
     ```
-    max_over_time({filename="/var/log/nginx/json_access.log"} | json | upstream_cache_status="MISS" | unwrap request_time |  __error__=""  [1m]) by (host)
+    max_over_time({filename="/var/log/nginx/json_access.log"} 
+        | json 
+        | upstream_cache_status="MISS" 
+        | unwrap request_time 
+        |  __error__=""  [1m]) by (server_name)
     ```
 
 1. Click on the **Options** panel underneath each query, and:
 
-    - set the **Legend** value of the 95th percentile query to : `{{host}} - 95%` 
+    - set the **Legend** value of the 95th percentile query to : `{{server_name}} - 95%` 
 
-    - set the **Legend** value of the max_over_time query to `{{host}} - max`
+    - set the **Legend** value of the max_over_time query to `{{server_name}} - max`
 
     :::info
 
-    The `{{host}}` placeholder tells Grafana to insert the `host` label from the Loki metric query result.
+    The `{{server_name}}` placeholder tells Grafana to insert the `server_name` label from the Loki metric query result.
 
     :::
 
 1.  In the **Panel options** sidebar, set the Panel Title to **95th percentile of Request Time** and then click the **Back to dashboard** button.
 
 1.  Click **Save dashboard** to save your fine work so far!
 
-### Add a percentage of requests by Googlebot panel
+### Add a percentage of requests by bots panel
 
-We're now going to add a panel showing the percentage of request made by Google's webspider, Googlebot.
+We're now going to add a panel showing the percentage of requests made by bots to our website.
 
 1. From the the upper right corner, click **Add** -> **Visualization**.
 
 2. Select the **LokiNGINX** datasource
 
-3. Add the following query. Notice we are doing some math here with Loki metrics! In this case, we are calculating the percentage of requests from Googlebot compared with requests from any browser (`Mozilla`), per 10-minute interval: 
+3. Add the following query. Notice we are doing some math here with Loki metrics! In this case, we are calculating the percentage of requests from bots compared with requests from any browser (`Mozilla`), per 10-minute interval: 
 
     ```
-    sum(rate(({job="nginx_access_log"} |= "Googlebot")[10m])) / (sum(rate(({job="nginx_access_log"} |= "Mozilla")[10m])) / 100)
+    sum(rate(({filename="/var/log/nginx/json_access.log"} |= "bot")[10m])) 
+    / 
+    (sum(rate(({filename="/var/log/nginx/json_access.log"} |= "Mozilla")[10m])) / 100)
     ```
 
 4. We want to show it as a total number, so in the panel settings on the right, choose the Stat visualisation.
@@ -78,13 +86,13 @@ We're now going to add a panel showing the percentage of request made by Google'
 
 6. We want to make clear this metric is a percentage.  Under the **Standard Options** heading, find the **Unit** dropdown and choose **Misc -> Percent (0-100)**.
 
-8. Set the Panel Title to **Current % of request by Google** and click **Back to dashboard**.
+8. Set the Panel Title to **Current % of requests by bots** and click **Back to dashboard**.
 
 9.  Don't forget to save your dashboard with the **Save dashboard** button.
 
-### Geomap panel 
+### Add a Geomap panel 
 
-Geomap using the country code that was added by geocoding the IP address. 
+Next, we'll add a Geomap of requests, using the country code that is contained in the logs, by geolocating the client's IP address. 
 
 1. Ensure you're in Edit mode in your dashboard. (From Grafana 11 onwards, you need to click the **Edit** button in the top right corner.)