Back to guidesGuide

Fix Loki label cardinality before incident logs disappear

A practical guide to audit streams, redesign labels, validate canaries, and avoid rate limits without losing useful context.

Learn how to detect explosive Loki labels, move volatile context out of the index, and validate that critical logs remain available during incidents.

Created: July 12, 2026

Published: July 12, 2026

Estimated time35 min
LevelAdvanced
Before you startAccess to logcli or a LogQL-compatible UI
PlatformsLinux / Docker
WhatsAppXLinkedIn

Linux

Audit cardinality with logcli/curl, apply labeldrop in the pipeline, and validate Loki metrics before promotion.

logclicurljqpromtool
Count streams
logcli series '{namespace="prod-eu-a",service="checkout-api"}' --since=1h | jq length
Inspect limit-driven drops
curl -s http://loki:3100/metrics | egrep 'loki_discarded_samples_total|loki_ingester_streams_created_total'
Validate rules
promtool test rules loki-label-policy.test.yaml

Content locked

This guide requires both steps before full content is available.

  • Click “Like” on this guide.
  • Share on WhatsApp, X, LinkedIn, or copy the link.

Access is automatically unlocked as soon as both steps are completed.