Talos Logs Dashboard
Talos service and kernel logs collected by Vector and stored in Loki.
Talos Logs Dashboard
Grafana dashboard for visualizing Talos Linux service and kernel logs collected via Vector and stored in VictoriaLogs.
This dashboard uses the native VictoriaMetrics Logs datasource plugin and LogsQL queries. It is not compatible with Loki or Grafana's built-in Loki datasource.
Requirements
| Component | Purpose |
|---|---|
| VictoriaLogs | Log storage backend |
| VictoriaMetrics Logs datasource plugin | Grafana plugin for querying VictoriaLogs |
| Vector | Log collection and forwarding agent |
Pipeline architecture
Talos node (TCP :6050)
└─► Vector agent (DaemonSet)
└─► Vector aggregator (vector protocol)
└─► VictoriaLogs (Elasticsearch ingest API)
└─► Grafana (victoriametrics-logs-datasource)
Vector agent — Talos source
The Vector agent runs as a DaemonSet on every node and reads Talos logs from the local TCP socket configured in the Talos machine config:
# talos/patches/global/logging.yaml
machine:
logging:
destinations:
- endpoint: "tcp://127.0.0.1:6050/"
format: json_lines
extraTags:
cluster: main
---
apiVersion: v1alpha1
kind: KmsgLogConfig
name: vector
url: tcp://127.0.0.1:6050/
The agent parses the JSON log lines, normalizes fields (msg → message, talos-level → level, talos-service → service), drops debug logs, and forwards to the aggregator via the Vector protocol.
Vector aggregator — VictoriaLogs sink
The aggregator receives logs and ships them to VictoriaLogs using the Elasticsearch ingest API:
sinks:
talos:
type: elasticsearch
endpoints: ["http://victoria-logs:9428/insert/elasticsearch/"]
api_version: v8
compression: gzip
query:
_msg_field: message
_stream_fields: node,service,stream,cluster,source,level
_time_field: timestamp
The _stream_fields parameter defines which fields are indexed as stream labels, making them available for efficient LogsQL stream filtering.
Stream labels
Every Talos log entry is stored with the following stream labels:
| Label | Example values | Description |
|---|---|---|
source | talos | Always talos for this pipeline |
cluster | main | Cluster name from Talos machine config |
node | k8s-0, k8s-1 | Kubernetes node name |
stream | service, kernel | Log origin: systemd services or kernel (kmsg) |
service | kubelet, etcd, containerd | Service name (empty for kernel logs) |
level | info, warn, error | Log severity |
Panels
| Panel | Type | Description |
|---|---|---|
| Talos log volume by node / stream | Time series | Log rate grouped by node and stream (kernel vs service) |
| Talos warnings/errors | Time series | Rate of warn/error/crit logs grouped by node and level |
| Service logs | Logs | Raw service logs filtered by node, service, and level |
| Kernel logs | Logs | Raw kernel (kmsg) logs filtered by node and level |
| High-signal warning/error logs | Logs | All warn+ logs across both streams for quick triage |
Template variables
| Variable | Values | Description |
|---|---|---|
node | .*, k8s-0 … k8s-N | Filter by node (regex, .* = all) |
stream | kernel, service | Filter by log origin |
service | .*, or specific service name | Filter service logs by systemd unit |
level | .*, info, warn, error, crit … | Filter by severity |
Note: The node list in the
nodevariable is static. Update it to match your cluster's node names after import.
Datasource
On import, Grafana will prompt you to map the VictoriaLogs input to an installed datasource. Select your VictoriaLogs datasource (type: VictoriaMetrics Logs).
The dashboard was built and tested against VictoriaLogs v1.50.0. The Loki-compatible query API is not used — all queries use native LogsQL.
LogsQL query examples
# All Talos logs from all nodes
_stream:{source="talos"}
Only service logs from a specific node
_stream:{source="talos", stream="service", node="k8s-0"}
Only warnings and errors
_stream:{source="talos", node="k8s-.*"} level:"warn|error|crit"
Log rate over time per node
sum by (node) (count_over_time(_stream:{source="talos"}[5m]))
Data source config
Collector config:
Upload an updated version of an exported dashboard.json file from Grafana
| Revision | Description | Created | |
|---|---|---|---|
| Download |
Grafana Loki (self-hosted)
Easily monitor Grafana Loki (self-hosted), a horizontally scalable, highly available, multi-tenant log aggregation system inspired by Prometheus, with Grafana Cloud's out-of-the-box monitoring solution.
Learn more