Menu
Open source

Get started with Grafana Loki

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.

Because all Loki implementations are unique, the installation process is different for every customer. But there are some steps in the process that should be common to every installation.

To collect logs and view your log data generally involves the following steps:

Loki implementation steps

  1. Install Loki on Kubernetes in simple scalable mode, using the recommended Helm chart. Supply the Helm chart with your object storage authentication details.
  2. Deploy the Grafana Agent to collect logs from your applications.
    1. On Kubernetes, deploy the Grafana Agent using the Helm chart. Configure Grafana Agent to scrape logs from your Kubernetes cluster, and add your Loki endpoint details. See the following section for an example Grafana Agent Flow configuration file.
    2. Add labels to your logs following our best practices. Most Loki users start by adding labels which describe where the logs are coming from (region, cluster, environment, etc.).
  3. Deploy Grafana or Grafana Cloud and configure a Loki datasource.
  4. Select the Explore feature in the Grafana main menu. To view logs in Explore:
    1. Pick a time range.
    2. Choose the Loki datasource.
    3. Use LogQL in the query editor, use the Builder view to explore your labels, or select from sample pre-configured queries using the Kick start your query button.

Next steps: Learn more about Loki’s query language, LogQL.

Example Grafana Agent configuration file to ship Kubernetes Pod logs to Loki

To deploy Grafana Agent to collect Pod logs from your Kubernetes cluster and ship them to Loki, you an use the Grafana Agent Helm chart, and a values.yaml file.

  1. Install Loki with the Helm chart.
  2. Deploy the Grafana Agent, using the Grafana Agent Helm chart and this example values.yaml file updating the value for forward_to = [loki.write.endpoint.receiver]:
yaml
agent:
  mounts:
    varlog: true
  configMap:
    content: |
      logging {
        level  = "info"
        format = "logfmt"
      }

      discovery.kubernetes "k8s" {
        role = "pod"
      }

      discovery.relabel "k8s" {
        targets = discovery.kubernetes.k8s.targets

        rule {
          source_labels = ["__meta_kubernetes_pod_name"]
          action = "replace"
          target_label = "pod"
        }
        rule {
          source_labels = ["__meta_kubernetes_pod_container_name"]
          action = "replace"
          target_label = "container"
        }

        rule {
          source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_label_name"]
          target_label  = "job"
          separator     = "/"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
          target_label  = "__path__"
          separator     = "/"
          replacement   = "/var/log/pods/*$1/*.log"
        }
      }

      local.file_match "pods" {
        path_targets = discovery.relabel.k8s.output
      }

      loki.source.file "pods" {
        targets = local.file_match.pods.targets
        forward_to = [loki.write.endpoint.receiver]
      }

      loki.write "endpoint" {
        endpoint {
            url = "http://loki-gateway:80/loki/api/v1/push"
            tenant_id = "cloud"
        }
      }
  1. Then install Grafana Agent in your Kubernetes cluster using:

    bash
    helm upgrade -f values.yaml agent grafana/grafana-agent 

This sample file is configured to:

  • Install Grafana Agent to discover Pod logs.
  • Add container and pod labels to the logs.
  • Push the logs to your Loki cluster using the tenant ID cloud.