Skip to main content

Push logs to Grafana Loki

In this section we are going to learn how to push logs to Grafana Loki.

Push logs using Promtail

In this case we are going to use Promtail to push logs to the platform. Let use this configuration file where we need to specify what are the logs that we want to push to the platform. In this example we are collecting logs from the journal of the host.

Install Promtail

Download the latest version of Promtail.

curl -O -L "https://github.com/grafana/loki/releases/download/v2.8.2/promtail-linux-amd64.zip"

Unzip the file.

unzip promtail-linux-amd64.zip

Make it executable.

sudo chmod a+x "promtail-linux-amd64"

Move it to the /usr/local/bin directory.

sudo mv "promtail-linux-amd64" /usr/local/bin/promtail

Create a configuration file

Now, lets create a configuration file for Promtail. Let's call it promtail-config.yaml.

sudo nano /etc/promtail-config.yaml

We can paste the following configuration. Make sure that change the URL and add the user and password that you received in your email.

server:
  http_listen_port: 3100
  grpc_listen_port: 0

clients:
  - url: https://5x59xs9c.customers.voltmetrix.io/loki/api/v1/push
    basic_auth:
      username: loki-user
      password: <password> # You received this password in your email.

positions:
  filename: /opt/promtail/positions.yaml

scrape_configs:
  - job_name: ecs/journal
    journal:
      json: false
      max_age: 12h
      path: /var/log/journal
      labels:
        job: ecs/systemd-journal
    relabel_configs:
      - action: drop
        source_labels: ["__journal__transport"]
        regex: "kernel"
      - source_labels: ["__journal__systemd_unit"]
        target_label: "unit"
      - source_labels: ["__journal__hostname"]
        target_label: "host_name"
      - source_labels: ["__journal__transport"]
        target_label: "transport"
      - source_labels: ["__journal__cmdline"]
        target_label: "_cmdline"
      - source_labels: ["__journal_priority"]
        target_label: "_priority"
      - source_labels: ["__journal_priority_keyword"]
        target_label: "priority"
      - source_labels: ["__journal_syslog_identifier"]
        target_label: "syslog_identifier"
      - source_labels: ["__journal_syslog_message_severity"]
        target_label: "level"
      - source_labels: ["__journal_syslog_message_facility"]
        target_label: "syslog_facility"

Run Promtail

Once we have everything ready, we can run Promtail.

sudo promtail -config.file /etc/promtail-config.yaml

The output should be something like this.

level=info ts=2023-06-19T23:26:04.309804187Z caller=promtail.go:133 msg="Reloading configuration file" md5sum=9386e033f4b9dfb7f312d8a292191f16
level=info ts=2023-06-19T23:26:04.31245475Z caller=server.go:323 http=[::]:3100 grpc=[::]:45539 msg="server listening on addresses"
level=info ts=2023-06-19T23:26:04.312674622Z caller=main.go:174 msg="Starting Promtail" version="(version=2.8.2, branch=HEAD, revision=9f809eda7)"
level=warn ts=2023-06-19T23:26:04.313566917Z caller=promtail.go:265 msg="enable watchConfig"
level=info ts=2023-06-19T23:26:04.313597797Z caller=promtail.go:267 msg="Start tailing 1 files"

Check the logs

Now, we can check the logs in Grafana. Go to the Explore section and select the ecs/journal job. You should see the logs.

loki_logs