February 2021

Grafana Labs brings us a new log aggregation system. It is described as "a set of components that can be composed into a fully featured logging stack". In this article we will see how to deploy and run this set as a whole service in your virtual machine.

It’s not the goal of this article to install and run Loki in a containerized environment, but to have it running as a single service in a single machine.

Like Prometheus, but for Logs!

Like Prometheus, but for Logs!

Why Loki?

Loki was inspired by Prometheus in such that data model and query languages look and feel very similar. More interesting is that Loki doesn't index all the data like ElasticSearch would do. Based on labels (just like Prometheus labels) it only indexes the metadata while log data itself is compressed and stored in chunks. This creates an environment where a small index and highly compressed chunks simplify the operation and lower the cost of running Loki.

Besides as you might have guessed, it works great with Grafana and is Kubernetes ready💡that’s in fact the most common environment for Loki. Teams deploy the different parts of Loki as pods usually via Helm. However I wanted to give it a try in a older setup, where containers weren’t used yet so here we go.


How to send Loki your data

Before we dive in Loki we first need to discuss how will the logs gonna reach it. To this date there are several log shippers that excel at sending logs from a file-based data source to a supported output destination. Tools like Logstash, FluentD or Fluentbit have been doing it for a while and bring support for Loki. They have their pros and cons and to assess each would take several articles. However what we are looking for here is for the best Loki integration and that's where Grafana labs brings a new player: Promtail

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/c199845e-eecb-4659-bd79-b0d349555663/promtail.png

Promtail

This agent was built with Kubernetes in mind. It uses the same service discovery as Prometheus which aids to configure Promtail to find the containers' logs running in the node.

It's also the choice on bare-metal since it can be configured to tail logs from all files given a host path. It's the easiest way to send logs to Loki from plain-text files (e.g., things that log to /var/log/*.log).

Installing Promtail

Configuring Promtail