Menu
Open source RSS

Get started with Grafana Loki

Loki is a horizontally scalable, highly available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost-effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.

Because all Loki implementations are unique, the installation process is different for every customer. But there are some steps in the process that should be common to every installation.

To collect logs and view your log data generally involves the following steps:

Loki implementation steps

  1. Install Loki on Kubernetes in simple scalable mode, using the recommended Helm chart. Supply the Helm chart with your object storage authentication details.
  2. Deploy Grafana Alloy to collect logs from your applications.
    1. On Kubernetes, deploy Grafana Alloy using the Helm chart. Configure Grafana Alloy to scrape logs from your Kubernetes cluster, and add your Loki endpoint details. See the following section for an example Grafana Alloy configuration file.
    2. Add labels to your logs following our best practices. Most Loki users start by adding labels that describe where the logs are coming from (region, cluster, environment, etc.).
  3. Deploy Grafana or Grafana Cloud and configure a Loki data source.
  4. Select the Explore feature in the Grafana main menu. To view logs in Explore:
    1. Pick a time range.
    2. Choose the Loki data source.
    3. Use LogQL in the query editor, use the Builder view to explore your labels, or select from sample pre-configured queries using the Kick start your query button.

Next steps: Learn more about the Loki query language, LogQL.

Example Grafana Alloy and Agent configuration files to ship Kubernetes Pod logs to Loki

To deploy Grafana Alloy or Agent to collect Pod logs from your Kubernetes cluster and ship them to Loki, you can use a Helm chart, and a values.yaml file.

This sample values.yaml file is configured to:

  • Install Grafana Agent to discover Pod logs.
  • Add container and pod labels to the logs.
  • Push the logs to your Loki cluster using the tenant ID cloud.
  1. Install Loki with the Helm chart.

  2. Deploy either Grafana Alloy or the Grafana Agent, using the Helm chart:

  3. Create a values.yaml file, based on the following example, making sure to update the value for forward_to = [loki.write.endpoint.receiver]:

    yaml-alloy
    alloy:
      mounts:
        varlog: true
      configMap:
        content: |
          logging {
            level  = "info"
            format = "logfmt"
          }
    
          discovery.kubernetes "pods" {
            role = "pod"
          }
    
          loki.source.kubernetes "pods" {
            targets    = discovery.kubernetes.pods.targets
            forward_to = [loki.write.endpoint.receiver]
          }
    
          loki.write "endpoint" {
            endpoint {
                url = "http://loki-gateway.default.svc.cluster.local:80/loki/api/v1/push"
                tenant_id = "local"
            }
          }
    yaml-static-agent
    agent:
      mounts:
        varlog: true
      configMap:
        content: |
          logging {
            level  = "info"
            format = "logfmt"
          }
    
          discovery.kubernetes "k8s" {
            role = "pod"
          }
    
          discovery.relabel "k8s" {
            targets = discovery.kubernetes.k8s.targets
    
            rule {
              source_labels = ["__meta_kubernetes_pod_name"]
              action = "replace"
              target_label = "pod"
            }
            rule {
              source_labels = ["__meta_kubernetes_pod_container_name"]
              action = "replace"
              target_label = "container"
            }
    
            rule {
              source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_label_name"]
              target_label  = "job"
              separator     = "/"
            }
    
            rule {
              source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
              target_label  = "__path__"
              separator     = "/"
              replacement   = "/var/log/pods/*$1/*.log"
            }
          }
    
          local.file_match "pods" {
            path_targets = discovery.relabel.k8s.output
          }
    
          loki.source.file "pods" {
            targets = local.file_match.pods.targets
            forward_to = [loki.write.endpoint.receiver]
          }
    
          loki.write "endpoint" {
            endpoint {
                url = "http://loki-gateway:80/loki/api/v1/push"
                tenant_id = "cloud"
            }
          }
  4. Then install Alloy or the Agent in your Kubernetes cluster using:

    alloy
    helm install alloy grafana/alloy -f ./values.yml    
    agent
    helm upgrade -f values.yaml agent grafana/grafana-agent