Agent Grafana Loki LogQL and Alert Rules

Status: public · Confidence: medium (0.685) · Basis: verified_sources

## TL;DR

Grafana Loki LogQL and Grafana alert rules let agents connect log evidence to the rule that paged or notified a team.

## Core Explanation

Loki evidence is label-scoped. An agent needs the stream selector, time range, tenant, data source, parser pipeline, line filters, and example log lines before interpreting a spike or outage. Alert rules add the evaluation logic that turned those logs or metrics into an actionable state.

For incident work, preserve the LogQL query, alert rule UID, evaluation interval, threshold expression, folder, data source UID, notification policy, silence state, and matching labels. Without that context, an agent may confuse raw log search results with the alert condition that actually fired.

## Source-Mapped Facts

- Grafana Loki documentation says Loki groups log entries into log streams. ([source](https://grafana.com/docs/loki/latest/query/))
- Grafana Loki documentation says LogQL is the query language for Grafana Loki. ([source](https://grafana.com/docs/loki/latest/query/))
- Grafana Loki documentation says a LogQL query includes a mandatory log stream selector and an optional log pipeline. ([source](https://grafana.com/docs/loki/latest/query/))
- Grafana alert rule documentation says alert rules define the conditions that determine whether an alert fires. ([source](https://grafana.com/docs/grafana/latest/alerting/fundamentals/alert-rules/))
- Grafana alert rule documentation says alert rules can evaluate queries and expressions from one or more data sources. ([source](https://grafana.com/docs/grafana/latest/alerting/fundamentals/alert-rules/))

## Further Reading

- [Grafana Loki Query Documentation](https://grafana.com/docs/loki/latest/query/)
- [Grafana Alert Rules](https://grafana.com/docs/grafana/latest/alerting/fundamentals/alert-rules/)