Menu
Grafana Cloud

Logs

Logs are files that list things that have happened, events related to things like a computer’s operating system or software running on that system. These are typically recorded as a list of messages in a file, often including a time stamp to record when the event occurred.

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be cost-effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.

Note: Loki has a maximum item size of 64KB.

How to use Loki with Grafana Cloud

See Collect logs with Grafana Agent or Collect logs with Promtail to begin.

Read Labels to learn how to use labels effectively for the best experience.

This is how you might integrate logs into a panel in Grafana Cloud.

Sample visualization dashboard

A deeper introduction to Loki

Compared to other log aggregation systems, Loki:

  • Does not do full text indexing on logs. By storing compressed, unstructured logs and only indexing metadata, Loki is simpler to operate and cheaper to run.
  • Indexes and groups log streams using the same labels you’re already using with Prometheus, enabling you to seamlessly switch between metrics and logs using the same labels that you’re already using with Prometheus.
  • Is an especially good fit for storing Kubernetes Pod logs. Metadata such as Pod labels is automatically scraped and indexed.
  • Has native support in Grafana (needs Grafana v6.0+).

A Loki-based logging stack consists of three components:

  • promtail is the agent, responsible for gathering logs and sending them to Loki.
  • loki is the main server, responsible for storing logs and processing queries.
  • Grafana for querying and displaying the logs.

Loki is like Prometheus, but for logs: we prefer a multidimensional label-based approach to indexing, and want a single-binary, easy to operate system with no dependencies. Loki differs from Prometheus by focusing on logs instead of metrics, and delivering logs via push, instead of pull.

Next steps

To learn more, continue with the full Loki Documentation to query your logs, use the HTTP API, and more.

Query with PromQL

Loki comes with its own PromQL-inspired language for queries called LogQL. LogQL is intended for use in Grafana to create panels or with the Explore function. It is also used in the API.

Documentation

Get help

If you have any questions or feedback about Loki:

Your feedback is always welcome.

Further reading

This annotated list of additional resources is provided for both context and to help you discover ways to use Loki with greater success and ease.

Drop logs and use labels

Use labels with logs

Using labels in Loki can make your log queries faster and easier.

To learn more about labels, see The concise guide to labels in Loki and Loki labels.

Note: Read Labels to learn how to use labels effectively for the best experience.

Send logs from multiple machines

To send logs from multiple sources, deploy an instance of Promtail to each one and configure each to send to Grafana Cloud. At the same time, change the job_name in the configuration YAML file to something unique to each source. Then, you may query for the different jobs in your LogQL query using queries like in these examples:

{job="spam_instance"} |= "error"

or

{job="eggs_instance"} |= "error"

Send Cloudwatch logs

To send Cloudwatch logs to Loki, see how to use an intermediary Lambda Promtail function created especially for this task.

Context and history