Fluentd

Loki has a Fluentd output plugin calledfluent-plugin-grafana-loki that enables shipping logs to a private Lokiinstance or Grafana Cloud.

The plugin offers two line formats and uses protobuf to send compressed data toLoki.

Key features:

  • extra_labels: Labels to be added to every line of a log file, useful fordesignating environments
  • label_keys: Customizable list of keys for stream labels
  • line_format: Format to use when flattening the record to a log line (json or key_value).

Installation

  1. $ gem install fluent-plugin-grafana-loki

Usage

In your Fluentd configuration, use @type loki. Additional configuration isoptional. Default values look like this:

  1. <match **>
  2.   @type loki
  3.   url "https://logs-us-west1.grafana.net"
  4.   username "#{ENV['LOKI_USERNAME']}"
  5.   password "#{ENV['LOKI_PASSWORD']}"
  6.   extra_labels {"env":"dev"}
  7.   flush_interval 10s
  8.   flush_at_shutdown true
  9.   buffer_chunk_limit 1m
  10. </match>

Multi-worker usage

Loki doesn’t currently support out-of-order inserts - if you try to insert a logentry with an earlier timestamp after a log entry with with identical labels buta later timestamp, the insert will fail with the messageHTTP status code: 500, message: rpc error: code = Unknown desc = Entry out of order. Therefore, in order to use this plugin in a multi-worker Fluentd setup,you’ll need to include the worker ID in the labels sent to Loki.

For example, usingfluent-plugin-record-modifier:

  1. <filter mytag>
  2.     @type record_modifier
  3.     <record>
  4.         fluentd_worker "#{worker_id}"
  5.     </record>
  6. </filter>
  8. <match mytag>
  9.   @type loki
  10.   # ...
  11.   label_keys "fluentd_worker"
  12.   # ...
  13. </match>

Docker Image

There is a Docker image grafana/fluent-plugin-grafana-loki:master whichcontains default configuration files to git log informationa host’s /var/log directory, and from the host’s journald. To use it, you can setthe LOKI_URL, LOKI_USERNAME, and LOKI_PASSWORD environment variables(LOKI_USERNAME and LOKI_PASSWORD can be left blank if Loki is not protectedbehind an authenticating proxy).

An example Docker Swarm Compose configuration looks like:

  1. services:
  2.   fluentd:
  3.     image: grafana/fluent-plugin-grafana-loki:master
  4.     command:
  5.       - "fluentd"
  6.       - "-v"
  7.       - "-p"
  8.       - "/fluentd/plugins"
  9.     environment:
  10.       LOKI_URL: http://loki:3100
  11.       LOKI_USERNAME:
  12.       LOKI_PASSWORD:
  13.     deploy:
  14.       mode: global
  15.     configs:
  16.       - source: loki_config
  17.         target: /fluentd/etc/loki/loki.conf
  18.     networks:
  19.       - loki
  20.     volumes:
  21.       - host_logs:/var/log
  22.       # Needed for journald log ingestion:
  23.       - /etc/machine-id:/etc/machine-id
  24.       - /dev/log:/dev/log
  25.       - /var/run/systemd/journal/:/var/run/systemd/journal/
  26.     logging:
  27.       options:
  28.          tag: infra.monitoring

Configuration

Proxy Support

Starting with version 0.8.0, this gem uses excon, which supports proxy withenvironment variables - https://github.com/excon/excon#proxy-support

url

The URL of the Loki server to send logs to. When sending data the publish path(/loki/api/v1/push) will automatically be appended. By default the URL is set tohttps://logs-us-west1.grafana.net, the URL of the Grafana Labs hostedLoki service.

username / password

Specify a username and password if the Loki server requires authentication.If using the Grafana Labs’ hosted Loki, the username needs to be set to yourinstanceId and the password should be a grafana.com API Key.

tenant

Loki is a multi-tenant log storage platform and all requests sent must include atenant. For some installations (like Hosted Loki) the tenant will be setautomatically by an authenticating proxy. Otherwise you can define a tenant tobe passed through. The tenant can be any string value.

output format

Loki is intended to index and group log streams using only a small set oflabels and is not intended for full-text indexing. When sending logs to Loki,the majority of log message will be sent as a single log “line”.

There are few configurations settings to control the output format:

  • extra_labels: (default: nil) set of labels to include with every Lokistream. (e.g., {"env":"dev", "datacenter": "dc1"})

  • remove_keys: (default: nil) comma separated list of record keys toremove. All other keys will be placed into the log line.

  • label_keys: (default: “job,instance”) comma separated list of keys to use asstream labels.

  • line_format: format to use when flattening the record to a log line. Validvalues are json or key_value. If set to json the log line sent to Lokiwill be the fluentd record (excluding any keys extracted out as labels) dumpedas json. If set to key_value, the log line will be each item in the recordconcatenated together (separated by a single space) in the format<key>=<value>.

  • drop_single_key: if set to true, when the set of extracted label_keys after dropping with remove_keys, the log line sent to Loki will just be the value of the single remaining record key.

Buffer options

fluentd-plugin-loki extends Fluentd’s builtin Outputplugin and usesthe compat_parameters plugin helper. It adds the following options:

  1. buffer_type memory
  2. flush_interval 10s
  3. retry_limit 17
  4. retry_wait 1.0
  5. num_threads 1