-
Notifications
You must be signed in to change notification settings - Fork 123
/
Copy pathlogs.alloy
135 lines (120 loc) · 3.49 KB
/
logs.alloy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
// Pod Logs
discovery.kubernetes "pods" {
role = "pod"
selectors {
role = "pod"
field = "spec.nodeName=" + env("HOSTNAME")
}
}
discovery.relabel "pod_logs" {
targets = discovery.kubernetes.pods.targets
rule {
source_labels = ["__meta_kubernetes_namespace"]
action = "replace"
target_label = "namespace"
}
rule {
source_labels = ["__meta_kubernetes_pod_name"]
action = "replace"
target_label = "pod"
}
rule {
source_labels = ["__meta_kubernetes_pod_container_name"]
action = "replace"
target_label = "container"
}
rule {
source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_container_name"]
separator = "/"
action = "replace"
replacement = "$1"
target_label = "job"
}
rule {
source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
separator = "/"
action = "replace"
replacement = "/var/log/pods/*$1/*.log"
target_label = "__path__"
}
// set the container runtime as a label
rule {
action = "replace"
source_labels = ["__meta_kubernetes_pod_container_id"]
regex = "^(\\w+):\\/\\/.+$"
replacement = "$1"
target_label = "tmp_container_runtime"
}
}
discovery.relabel "filtered_pod_logs" {
targets = discovery.relabel.pod_logs.output
rule { // Drop anything with a "falsy" annotation value
source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_logs_autogather"]
regex = "(false|no|skip)"
action = "drop"
}
}
local.file_match "pod_logs" {
path_targets = discovery.relabel.filtered_pod_logs.output
}
loki.source.file "pod_logs" {
targets = local.file_match.pod_logs.targets
forward_to = [loki.process.pod_logs.receiver]
}
loki.process "pod_logs" {
stage.match {
selector = "{tmp_container_runtime=\"containerd\"}"
// the cri processing stage extracts the following k/v pairs: log, stream, time, flags
stage.cri {}
// Set the extract flags and stream values as labels
stage.labels {
values = {
flags = "",
stream = "",
}
}
}
// if the label tmp_container_runtime from above is docker parse using docker
stage.match {
selector = "{tmp_container_runtime=\"docker\"}"
// the docker processing stage extracts the following k/v pairs: log, stream, time
stage.docker {}
// Set the extract stream value as a label
stage.labels {
values = {
stream = "",
}
}
}
// Drop the filename label, since it's not really useful in the context of Kubernetes, where we already have
// cluster, namespace, pod, and container labels.
// Also drop the temporary container runtime label as it is no longer needed.
stage.label_drop {
values = ["filename", "tmp_container_runtime"]
}
forward_to = [loki.process.logs_service.receiver]
}
// Logs Service
remote.kubernetes.secret "logs_service" {
name = "loki-k8s-monitoring"
namespace = "default"
}
loki.process "logs_service" {
stage.static_labels {
values = {
cluster = "default-values-test",
}
}
forward_to = [loki.write.logs_service.receiver]
}
// Loki
loki.write "logs_service" {
endpoint {
url = nonsensitive(remote.kubernetes.secret.logs_service.data["host"]) + "/loki/api/v1/push"
tenant_id = nonsensitive(remote.kubernetes.secret.logs_service.data["tenantId"])
basic_auth {
username = nonsensitive(remote.kubernetes.secret.logs_service.data["username"])
password = remote.kubernetes.secret.logs_service.data["password"]
}
}
}