--- title: "Set up a Grafana Enterprise Logs cluster | Grafana Enterprise Logs documentation" description: "Describes how to set up a cluster for Grafana Enterprise Logs." --- # Set up a Grafana Enterprise Logs cluster Grafana Enterprise Logs (GEL) is available as a pre-compiled binary, a Docker image, as well as via common OS-specific packaging. For a list of available download options, refer to the [Releases page](/docs/enterprise-logs/latest/release-notes/releases/). > Note > > You can use [Grafana Cloud](/products/cloud/features/#cloud-logs) to avoid installing, maintaining, and scaling your own instance of GEL. The free forever plan includes 50GB of free logs. [Create an account to get started](/auth/sign-up/create-user?pg=docs-enterprise-logs&plcmt=in-text). ## Get a GEL license A valid Grafana Enterprise Logs license token is required to run GEL’s many added features. Without a valid license token, not all of GEL’s added features will run. However, GEL will still run with all of the functionality of an open-source Loki binary. If you already have a license for GEL, download it: 1. From [https://grafana.com](/), select **Login**. 2. From the left-hand menu, select **Licenses** to download the license token. If you do not yet have a license token to run GEL, [contact a Grafana Labs representative](/contact?about=grafana-enterprise-logs&%3Bpg=prod-gme&%3Bplcmt=hero-btn-1). ### Choose a name for your GEL cluster GEL licenses are issued on a per-cluster basis. Each cluster of GEL that you plan to deploy requires a unique license. When we issue a GEL license, we must have a unique cluster name with which to associate the license. A cluster name must meet the following criteria: - is 3 to 63 characters long - contains lowercase letters, numbers, underscores (\_), or hyphens (-) - begins with a letter or number - ends with a letter or number ## Create admin token secret (Required for Provisioner) If you are using the enterprise provisioner to automatically create tenant tokens, you must first create an admin token secret. Create this secret before deploying the Helm chart so your overrides file can reference it during installation. 1. Generate an admin token using the Loki CLI: Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```bash docker run grafana/enterprise-logs:latest -target=tokengen -tokengen.token-file=/tmp/token ``` 2. Copy the generated token from the container Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```bash docker cp :/tmp/token ./admin-token ``` 3. Create the admin token secret: Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```bash kubectl create secret generic loki-admin-token \ --from-file=token=./admin-token \ --namespace {KUBERNETES_NAMESPACE} ``` 4. Update your overrides file to reference this secret and enable the provisioner. For example, the following configuration creates a tenant named `loki-a`: YAML ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```yaml enterprise: adminToken: secret: loki-admin-token provisioner: enabled: true additionalTenants: - name: loki-a secretNamespace: loki ``` An additional tenant for monitoring is also created based on the value of `.Values.monitoring.selfMonitoring.tenant`. ## Deploy your GEL cluster After you have a Grafana GEL license with an associated cluster name, choose a deployment method. Our recommended approach is to run GEL on Kubernetes and deploy it via our Helm chart, as described in [Deploy on Kubernetes using Helm](helm). For GEL installations, use the chart maintained in the Loki repository by Grafana Labs (not the OSS community chart). > Note > > Monitoring with Grafana Cloud is required for all GEL installations. Refer to [Monitor GEL](/docs/enterprise-logs/latest/manage/meta-monitoring/) and [Deploy GEL meta-monitoring](/docs/enterprise-logs/latest/manage/meta-monitoring/deploy/) for more information. Professional services will assist you in configuring monitoring for your GEL installation. ### Get tenant tokens from the provisioner If you enabled the provisioner, after you have installed the Helm chart, retrieve the generated tenant tokens from the provisioner logs: Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```bash # Get provisioner job logs kubectl logs -l job-name=loki-provisioner --namespace {KUBERNETES_NAMESPACE} ``` The provisioner outputs tokens for each configured tenant. You must manually create Kubernetes secrets for each tenant using these tokens: Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```bash # Example for creating a tenant secret kubectl create secret generic \ --from-literal=token-write= \ --from-literal=token-read= \ --namespace ``` ## Manual token generation (without provisioner) If you’re not using the provisioner, you can manually generate tokens: 1. Port-forward to the Loki service: Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```bash kubectl port-forward svc/loki-gateway 3100:80 --namespace {KUBERNETES_NAMESPACE} ``` 2. Use the admin token to create tenant tokens via the Admin API: Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```bash # Example: Create a token for a tenant curl -X POST http://localhost:3100/admin/api/v1/tokens \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{"name": "my-tenant", "displayName": "My Tenant", "access_policy": "logs:write,logs:read"}' ``` Take note of these tokens, you will need them when connecting Grafana Enterprise Logs to Grafana.