search

grafana / clickhouse-datasource

Grafana Plugin for ClickHouse
Apache License 2.0
141 stars 66 forks source link

Adhoc filter doesn't not work in log view #1063

Open zfy0701 opened 2 weeks ago

zfy0701 commented 2 weeks ago

What happened:

When use filter value in log view Image it construct wrong query filter key that doesn't work, e.g. Image

What you expected to happen:

Either ad-hoc filter should convert the label filter in query, or the UI should convert label filter into proper adhoc query key.

How to reproduce it (as minimally and precisely as possible):

  1. go to log view, with default otel column setup
  2. click filter for value

Screenshots

Anything else we need to know?:

Environment:

SpencerTorres commented 2 weeks ago

Hey thanks for submitting this issue. Ad-hoc filtering is always a challenge since everyone's tables and data look different. Can you provide the query, some sample data, and your table schema? I see you mention the default otel schema, but I'd like to see how you have the query builder set up, as well as what the actual SQL is. With this information I will be able to see how these filters are added for your use case.

Thanks!

zfy0701 commented 1 week ago

everything pretty standard schema:

CREATE TABLE default.otel_logs
(
    `Timestamp` DateTime64(9) CODEC(Delta(8), ZSTD(1)),
    `TimestampTime` DateTime DEFAULT toDateTime(Timestamp),
    `TraceId` String CODEC(ZSTD(1)),
    `SpanId` String CODEC(ZSTD(1)),
    `TraceFlags` UInt8,
    `SeverityText` LowCardinality(String) CODEC(ZSTD(1)),
    `SeverityNumber` UInt8,
    `ServiceName` LowCardinality(String) CODEC(ZSTD(1)),
    `Body` String CODEC(ZSTD(1)),
    `ResourceSchemaUrl` LowCardinality(String) CODEC(ZSTD(1)),
    `ResourceAttributes` Map(LowCardinality(String), String) CODEC(ZSTD(1)),
    `ScopeSchemaUrl` LowCardinality(String) CODEC(ZSTD(1)),
    `ScopeName` String CODEC(ZSTD(1)),
    `ScopeVersion` LowCardinality(String) CODEC(ZSTD(1)),
    `ScopeAttributes` Map(LowCardinality(String), String) CODEC(ZSTD(1)),
    `LogAttributes` Map(LowCardinality(String), String) CODEC(ZSTD(1)),
    INDEX idx_trace_id TraceId TYPE bloom_filter(0.001) GRANULARITY 1,
    INDEX idx_res_attr_key mapKeys(ResourceAttributes) TYPE bloom_filter(0.01) GRANULARITY 1,
    INDEX idx_res_attr_value mapValues(ResourceAttributes) TYPE bloom_filter(0.01) GRANULARITY 1,
    INDEX idx_scope_attr_key mapKeys(ScopeAttributes) TYPE bloom_filter(0.01) GRANULARITY 1,
    INDEX idx_scope_attr_value mapValues(ScopeAttributes) TYPE bloom_filter(0.01) GRANULARITY 1,
    INDEX idx_log_attr_key mapKeys(LogAttributes) TYPE bloom_filter(0.01) GRANULARITY 1,
    INDEX idx_log_attr_value mapValues(LogAttributes) TYPE bloom_filter(0.01) GRANULARITY 1,
    INDEX idx_body Body TYPE tokenbf_v1(32768, 3, 0) GRANULARITY 8,
    INDEX inv_idx Body TYPE full_text(3) GRANULARITY 1
)
ENGINE = ReplicatedMergeTree('/clickhouse/tables/{cluster}/default/otel_logs/{shard}/{uuid}', '{replica}')
PARTITION BY toDate(TimestampTime)
PRIMARY KEY (ServiceName, TimestampTime)
ORDER BY (ServiceName, TimestampTime, Timestamp)
TTL TimestampTime + toIntervalDay(30)
SETTINGS index_granularity = 8192, ttl_only_drop_parts = 1

data

INSERT INTO table (`Timestamp`, `TimestampTime`, `TraceId`, `SpanId`, `TraceFlags`, `SeverityText`, `SeverityNumber`, `ServiceName`, `Body`, `ResourceSchemaUrl`, `ResourceAttributes`, `ScopeSchemaUrl`, `ScopeName`, `ScopeVersion`, `ScopeAttributes`, `LogAttributes`) VALUES ('2024-11-29 06:53:29.169943245', '2024-11-29 06:53:29', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-all-logs-2024.11.29-2024.11.29-000001/WXBO4iC4Qc-2JQbREsz7HA] update_mapping [_doc]', '', {'k8s.node.name':'sea-dg-1','service.name':'cluster-0-es-master-nodes','k8s.pod.name':'cluster-0-es-master-nodes-2','k8s.container.restart_count':'0','k8s.container.name':'elasticsearch','k8s.namespace.name':'elastic','k8s.statefulset.name':'cluster-0-es-master-nodes'}, '', '', '', {}, {'elasticsearch.node.id':'xa_w-rthQpilSaECrLTEfQ','log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','elasticsearch.cluster.name':'cluster-0','log.level':'INFO','elasticsearch.node.name':'cluster-0-es-master-nodes-2','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-2][masterService#updateTask][T#6369]','elasticsearch.cluster.uuid':'JsltgzWkR72TiRIWRdgUEw','@timestamp':'2024-11-29T06:53:29.169Z','service.name':'ES_ECS','event.dataset':'elasticsearch.server','ecs.version':'1.2.0'}), ('2024-11-29 07:19:52.171700572', '2024-11-29 07:19:52', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-all-logs-2024.11.29-2024.11.29-000001/WXBO4iC4Qc-2JQbREsz7HA] update_mapping [_doc]', '', {'k8s.pod.name':'cluster-0-es-master-nodes-2','k8s.container.restart_count':'0','k8s.statefulset.name':'cluster-0-es-master-nodes','k8s.node.name':'sea-dg-1','service.name':'cluster-0-es-master-nodes','k8s.container.name':'elasticsearch','k8s.namespace.name':'elastic'}, '', '', '', {}, {'elasticsearch.cluster.name':'cluster-0','log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','ecs.version':'1.2.0','elasticsearch.cluster.uuid':'JsltgzWkR72TiRIWRdgUEw','elasticsearch.node.name':'cluster-0-es-master-nodes-2','log.level':'INFO','service.name':'ES_ECS','event.dataset':'elasticsearch.server','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-2][masterService#updateTask][T#6375]','elasticsearch.node.id':'xa_w-rthQpilSaECrLTEfQ','@timestamp':'2024-11-29T07:19:52.171Z'}), ('2024-11-29 07:43:14.251761778', '2024-11-29 07:43:14', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-all-logs-2024.11.29-2024.11.29-000001/WXBO4iC4Qc-2JQbREsz7HA] update_mapping [_doc]', '', {'k8s.container.name':'elasticsearch','k8s.namespace.name':'elastic','k8s.pod.name':'cluster-0-es-master-nodes-2','k8s.container.restart_count':'0','k8s.statefulset.name':'cluster-0-es-master-nodes','k8s.node.name':'sea-dg-1','service.name':'cluster-0-es-master-nodes'}, '', '', '', {}, {'elasticsearch.node.id':'xa_w-rthQpilSaECrLTEfQ','@timestamp':'2024-11-29T07:43:14.251Z','elasticsearch.cluster.name':'cluster-0','log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-2][masterService#updateTask][T#6381]','elasticsearch.cluster.uuid':'JsltgzWkR72TiRIWRdgUEw','service.name':'ES_ECS','log.level':'INFO','ecs.version':'1.2.0','elasticsearch.node.name':'cluster-0-es-master-nodes-2','event.dataset':'elasticsearch.server'}), ('2024-11-29 07:46:38.166464090', '2024-11-29 07:46:38', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-all-logs-2024.11.29-2024.11.29-000001/WXBO4iC4Qc-2JQbREsz7HA] update_mapping [_doc]', '', {'k8s.container.restart_count':'0','k8s.statefulset.name':'cluster-0-es-master-nodes','k8s.node.name':'sea-dg-1','service.name':'cluster-0-es-master-nodes','k8s.container.name':'elasticsearch','k8s.namespace.name':'elastic','k8s.pod.name':'cluster-0-es-master-nodes-2'}, '', '', '', {}, {'elasticsearch.cluster.uuid':'JsltgzWkR72TiRIWRdgUEw','event.dataset':'elasticsearch.server','elasticsearch.node.name':'cluster-0-es-master-nodes-2','@timestamp':'2024-11-29T07:46:38.166Z','ecs.version':'1.2.0','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-2][masterService#updateTask][T#6382]','elasticsearch.cluster.name':'cluster-0','log.level':'INFO','log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','elasticsearch.node.id':'xa_w-rthQpilSaECrLTEfQ','service.name':'ES_ECS'}), ('2024-11-29 07:51:38.689210721', '2024-11-29 07:51:38', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-logs-prod-2024.11.29-2024.11.29-000001/iSIyJzg2RWKgRJmO7QHLlw] update_mapping [_doc]', '', {'k8s.namespace.name':'elastic','k8s.pod.name':'cluster-0-es-master-nodes-2','k8s.container.restart_count':'0','k8s.statefulset.name':'cluster-0-es-master-nodes','k8s.node.name':'sea-dg-1','service.name':'cluster-0-es-master-nodes','k8s.container.name':'elasticsearch'}, '', '', '', {}, {'@timestamp':'2024-11-29T07:51:38.689Z','elasticsearch.node.name':'cluster-0-es-master-nodes-2','event.dataset':'elasticsearch.server','service.name':'ES_ECS','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-2][masterService#updateTask][T#6384]','ecs.version':'1.2.0','elasticsearch.node.id':'xa_w-rthQpilSaECrLTEfQ','elasticsearch.cluster.name':'cluster-0','log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','elasticsearch.cluster.uuid':'JsltgzWkR72TiRIWRdgUEw','log.level':'INFO'}), ('2024-11-29 07:52:07.705538363', '2024-11-29 07:52:07', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-all-logs-2024.11.29-2024.11.29-000001/Xu8MHpPvSuC7rYNhlaFeZA] update_mapping [_doc]', '', {'k8s.statefulset.name':'cluster-0-es-master-nodes','k8s.node.name':'gke-sentio-gke-stable-n2d-standard-64-78bdb325-n5kb','service.name':'cluster-0-es-master-nodes','k8s.container.restart_count':'0','k8s.container.name':'elasticsearch','k8s.namespace.name':'elastic','k8s.pod.name':'cluster-0-es-master-nodes-0'}, '', '', '', {}, {'elasticsearch.cluster.uuid':'g6a4OBTkSiCV1DnktmUGRg','@timestamp':'2024-11-29T07:52:07.703Z','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-0][masterService#updateTask][T#1792]','elasticsearch.node.name':'cluster-0-es-master-nodes-0','event.dataset':'elasticsearch.server','log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','service.name':'ES_ECS','elasticsearch.cluster.name':'cluster-0','ecs.version':'1.2.0','elasticsearch.node.id':'yOgdb7NTRaeToD9d4YUgqg','log.level':'INFO'}), ('2024-11-29 07:53:39.186857284', '2024-11-29 07:53:39', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-logs-test-2024.11.29-2024.11.29-000001/OKf_WzZiRz-7HbZhN-4Gvg] update_mapping [_doc]', '', {'k8s.container.restart_count':'0','k8s.statefulset.name':'cluster-0-es-master-nodes','k8s.node.name':'sea-dg-1','service.name':'cluster-0-es-master-nodes','k8s.container.name':'elasticsearch','k8s.namespace.name':'elastic','k8s.pod.name':'cluster-0-es-master-nodes-2'}, '', '', '', {}, {'log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','elasticsearch.cluster.name':'cluster-0','elasticsearch.node.name':'cluster-0-es-master-nodes-2','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-2][masterService#updateTask][T#6385]','ecs.version':'1.2.0','event.dataset':'elasticsearch.server','service.name':'ES_ECS','elasticsearch.node.id':'xa_w-rthQpilSaECrLTEfQ','log.level':'INFO','elasticsearch.cluster.uuid':'JsltgzWkR72TiRIWRdgUEw','@timestamp':'2024-11-29T07:53:39.186Z'}), ('2024-11-29 07:55:00.296321278', '2024-11-29 07:55:00', '', '', 0, '', 0, 'cluster-0-es-master-nodes', '[.ds-fluentbit-logs-test-2024.11.29-2024.11.29-000001/PLO09batQU6CTSU-wBg9FQ] update_mapping [_doc]', '', {'k8s.container.restart_count':'0','k8s.container.name':'elasticsearch','k8s.statefulset.name':'cluster-0-es-master-nodes','k8s.node.name':'gke-sentio-gke-stable-n2d-standard-64-78bdb325-n5kb','service.name':'cluster-0-es-master-nodes','k8s.namespace.name':'elastic','k8s.pod.name':'cluster-0-es-master-nodes-0'}, '', '', '', {}, {'elasticsearch.node.name':'cluster-0-es-master-nodes-0','log.logger':'org.elasticsearch.cluster.metadata.MetadataMappingService','log.level':'INFO','process.thread.name':'elasticsearch[cluster-0-es-master-nodes-0][masterService#updateTask][T#1793]','event.dataset':'elasticsearch.server','@timestamp':'2024-11-29T07:55:00.281Z','ecs.version':'1.2.0','elasticsearch.node.id':'yOgdb7NTRaeToD9d4YUgqg','service.name':'ES_ECS','elasticsearch.cluster.uuid':'g6a4OBTkSiCV1DnktmUGRg','elasticsearch.cluster.name':'cluster-0'}), ('2024-11-29 06:56:13.289751076', '2024-11-29 06:56:13', '', '', 0, '', 0, 'cluster-0-kb', '[2024-11-29T06:56:13.289+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"num_host_urls":0}}', '', {'k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'cluster-0-kb-7f9cc7ccbd','service.name':'cluster-0-kb','k8s.pod.name':'cluster-0-kb-7f9cc7ccbd-ct4tt','k8s.container.restart_count':'1','k8s.container.name':'kibana','k8s.namespace.name':'elastic','k8s.deployment.name':'cluster-0-kb'}, '', '', '', {}, {}), ('2024-11-29 06:57:15.352069582', '2024-11-29 06:57:15', '', '', 0, '', 0, 'cluster-0-kb', '[2024-11-29T06:57:15.351+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"inactive":0,"unenrolled":0,"num_host_urls":0},"license_issued_to":"cluster-0"}', '', {'k8s.node.name':'sea-admin','service.name':'cluster-0-kb','k8s.container.name':'kibana','k8s.namespace.name':'elastic','k8s.pod.name':'cluster-0-kb-d49bf8bd4-8fhbm','k8s.container.restart_count':'2','k8s.replicaset.name':'cluster-0-kb-d49bf8bd4','k8s.deployment.name':'cluster-0-kb'}, '', '', '', {}, {});

INSERT INTO table (`Timestamp`, `TimestampTime`, `TraceId`, `SpanId`, `TraceFlags`, `SeverityText`, `SeverityNumber`, `ServiceName`, `Body`, `ResourceSchemaUrl`, `ResourceAttributes`, `ScopeSchemaUrl`, `ScopeName`, `ScopeVersion`, `ScopeAttributes`, `LogAttributes`) VALUES ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb','k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb','k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb','k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb','k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'service.name':'lb','k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202513724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - aptos-movement-porto [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  98 - "Go-http-client/1.1" 8087 "/upstreams" "-" "-"', '', {'k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0','k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb'}, '', '', '', {}, {}), ('2024-11-29 01:56:51.202710724', '2024-11-29 01:56:51', '', '', 0, '', 0, 'lb', '10.8.16.71 - - [29/Nov/2024:01:56:51 +0000] "GET /upstreams HTTP/1.1" 200  161 "-" "Go-http-client/1.1" "-"', '', {'k8s.container.name':'nginx','k8s.namespace.name':'nodes','k8s.deployment.name':'lb','k8s.node.name':'gke-sentio-gke-spot-n2d-highmem-16-09b803d5-ng5h','k8s.replicaset.name':'lb-6694fbddbf','service.name':'lb','k8s.pod.name':'lb-6694fbddbf-4wwbd','k8s.container.restart_count':'0'}, '', '', '', {}, {});

then just use the default log setup for the plugin Image

the actual query is:

SELECT Timestamp as "timestamp", Body as "body", SeverityText as "level", LogAttributes as "labels", TraceId as "traceID" FROM "default"."otel_logs" WHERE ( timestamp >= $__fromTime AND timestamp <= $__toTime ) ORDER BY timestamp DESC LIMIT 1000