loki.enrich

This is documentation for the next version of Alloy. For the latest stable release, go to the latest version.

Documentationbreadcrumb arrow Grafana Alloybreadcrumb arrow Referencebreadcrumb arrow Componentsbreadcrumb arrow lokibreadcrumb arrow loki.enrich
Experimental

loki.enrich

EXPERIMENTAL: This is an experimental component. Experimental components are subject to frequent breaking changes, and may be removed with no equivalent replacement. The stability.level flag must be set to experimental to use the component.

The loki.enrich component enriches logs with additional labels from service discovery targets. It matches a label from incoming logs against a label from discovered targets, and copies specified labels from the matched target to the log entry.

Usage

alloy 
loki.enrich "<LABEL>" {
  // List of targets from a discovery component
  targets = <DISCOVERY_COMPONENT>.targets
  
  // Which label from discovered targets to match against
  match_label = "<LABEL>"
  
  // Which label from incoming logs to match against
  source_label = "<LABEL>"
  
  // List of labels to copy from discovered targets to logs
  labels_to_copy = ["<LABEL>", ...]
  
  // Where to send enriched logs
  forward_to = [<RECEIVER_LIST>]
}

Arguments

The following arguments are supported:

NameTypeDescriptionDefaultRequired
forward_to[]loki.LogsReceiverList of receivers to send enriched logs to.yes
target_match_labelstringThe label from discovered targets to match against, for example, "__inventory_consul_service".yes
targets[]discovery.TargetList of targets from a discovery. component.yes
labels_to_copy[]stringList of labels to copy from discovered targets to logs. If empty, all labels will be copied.no
logs_match_labelstringThe label from incoming logs to match against discovered targets, for example "service_name".target_match_labelno

Blocks

The loki.enrich component doesn’t support any blocks. You can configure this component with arguments.

Exports

The following values are exported:

NameTypeDescription
receiverloki.LogsReceiverA receiver that can be used to send logs to this component.

Example

alloy 
// Configure HTTP discovery
discovery.http "default" {
    url = "http://network-inventory.example.com/prometheus_sd"
}

discovery.relabel "default" {
    targets = discovery.http.default.targets
    rule {
        action        = "replace"
        source_labels = ["__inventory_rack"]
        target_label  = "rack"
    }
    rule {
        action        = "replace"
        source_labels = ["__inventory_datacenter"]
        target_label  = "datacenter"
    }
    rule {
        action        = "replace"
        source_labels = ["__inventory_environment"]
        target_label  = "environment"
    }
    rule {
        action        = "replace"
        source_labels = ["__inventory_tenant"]
        target_label  = "tenant"
    }
    rule {
        action        = "replace"
        source_labels = ["__inventory_primary_ip"]
        target_label  = "primary_ip"
    }
}

// Receive syslog messages
loki.source.syslog "incoming" {
    listener {
        address = ":514"
        protocol = "tcp"
        labels = {
            job = "syslog"
        }
    }
    forward_to = [loki.enrich.default.receiver]
}

// Enrich logs using HTTP discovery
loki.enrich "default" {
    // Use targets from HTTP discovery (after relabeling)
    targets = discovery.relabel.default.output

    // Match hostname from logs to DNS name
    target_match_label = "primary_ip"

    forward_to = [loki.write.default.receiver]
}

Component Behavior

The component matches logs to discovered targets and enriches them with additional labels:

  1. For each log entry, it looks up the value of logs_match_label from the log’s labels or target_match_label if logs_match_label is not specified.
  2. It matches this value against the target_match_label in discovered targets.
  3. If a match is found, it copies the requested labels_to_copy from the discovered target to the log entry. If labels_to_copy is empty, all labels are copied.
  4. The log entry, enriched or unchanged, is forwarded to the configured receivers.

Caution

By default, loki.enrich is ready as soon as it starts, even if no targets have been discovered. If telemetry is sent to this component before the metadata is synced, then it will be passed though as-is, without enrichment. This is most likely to impact loki.enrich on startup for a short time before the discovery components have sent a new list of targets.

Compatible components

loki.enrich can accept arguments from the following components:

loki.enrich has exports that can be consumed by the following components:

Note

Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.