-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathlabels-scrape.alloy
234 lines (200 loc) · 6.2 KB
/
labels-scrape.alloy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
/*
Module Components: labels_scrape
Description: Scrapes targets for logs based on Docker Containers labels
Following labels are available:
logs.grafana.com/scrape: true
allow containers to declare what tenant their logs should be written to,
the following label is supported:
logs.grafana.com/tenant: "primary"
*/
declare "labels_scrape" {
/*****************************************************************
* ARGUMENTS
*****************************************************************/
argument "forward_to" {
comment = "Must be a list(LogsReceiver) where collected logs should be forwarded to"
}
argument "instance_name" {
optional = true
}
argument "label_prefix" {
comment = "The label_prefix to use Auto-Scraping (default: logs.grafana.com)"
default = "logs.grafana.com"
optional = true
}
argument "__sd_label" {
optional = true
comment = "The logic is used to transform the label_prefix argument into a valid label name by removing unsupported characters."
default = string.replace(string.replace(string.replace(coalesce(argument.label_prefix.value, "logs.grafana.com"), ".", "_"), "/", "_"), "-", "_")
}
argument "cluster" {
optional = true
default = "docker-compose"
}
argument "namespace" {
optional = true
default = "monitoring-system"
}
argument "tenant" {
comment = "The tenant to write logs to. This does not have to be the tenantId, this is the value to look for in the logs.grafana.com/tenant label, and this can be a regex. (default: (.*))"
optional = true
default = "(.*)"
}
// find all containers
discovery.docker "dd_logs" {
host = "unix:///var/run/docker.sock"
refresh_interval = "30s"
filter {
name = "status"
values = ["running"]
}
}
// filter logs by docker compose labels
discovery.relabel "label_logs_filter" {
targets = discovery.docker.dd_logs.targets
// allow resources to declare their metrics scraped or not
// Example Annotation:
// logs.grafana.com/scrape: false
rule {
action = "replace"
source_labels = [
"__meta_docker_container_label_" + argument.__sd_label.value + "_scrape",
]
separator = ";"
regex = "^(?:;*)?(true|false).*$"
replacement = "$1"
target_label = "__tmp_scrape"
}
// drop any targets that have scrape: false
rule {
action = "drop"
source_labels = ["__tmp_scrape"]
regex = "false"
}
// allow resources to declare their metrics the tenant their metrics should be sent to,
// Example Annotation:
// logs.grafana.com/tenant: primary
rule {
action = "keep"
source_labels = [
"__meta_docker_container_label_" + argument.__sd_label.value + "_tenant",
]
regex = "^(" + argument.tenant.value + ")$"
}
// set a default job label to be the namespace/service_name
rule {
action = "replace"
source_labels = [
"__meta_docker_container_label_com_docker_compose_service",
]
regex = "^(?:;*)?([^;]+).*$"
replacement = argument.namespace.value + "/$1"
target_label = "job"
}
// allow resources to declare their the job label value to use when collecting their logs, the default value is "",
rule {
action = "replace"
source_labels = [
"__meta_docker_container_label_" + argument.__sd_label.value + "_job",
]
separator = ";"
regex = "^(?:;*)?([^;]+).*$"
replacement = "$1"
target_label = "job"
}
rule {
source_labels = ["__meta_docker_container_name"]
regex = "/(.*)"
target_label = "pod"
}
rule {
source_labels = ["__meta_docker_container_name"]
regex = "/(.*)"
target_label = "container"
}
rule {
action = "replace"
source_labels = [
"__meta_docker_container_label_com_docker_compose_service",
]
regex = "^(?:;*)?([^;]+).*$"
replacement = "$1"
target_label = "app"
}
rule {
action = "replace"
source_labels = [
"__meta_docker_container_label_app",
]
regex = "^(?:;*)?([^;]+).*$"
replacement = "$1"
target_label = "app"
}
// make all labels on the pod available to the pipeline as labels(for loki process),
// they are omitted before write via label allow unless explicitly set
rule {
action = "labelmap"
regex = "__meta_docker_container_label_(.+)"
}
/********************************************
* Handle Setting Common Labels
********************************************/
rule {
action = "replace"
replacement = argument.cluster.value
target_label = "cluster"
}
rule {
action = "replace"
replacement = argument.namespace.value
target_label = "namespace"
}
rule {
replacement = "docker"
target_label = "tmp_container_runtime"
}
}
loki.source.docker "lsd_docker_logs" {
host = "unix:///var/run/docker.sock"
targets = discovery.relabel.label_logs_filter.output
relabel_rules = discovery.relabel.label_logs_filter.rules
labels = {"source" = "docker"}
forward_to = [loki.process.parse.receiver]
}
// parse the log based on the container runtime
loki.process "parse" {
forward_to = argument.forward_to.value
/*******************************************************************************
* Container Runtime Parsing
********************************************************************************/
// if the label tmp_container_runtime from above is containerd parse using cri
stage.match {
selector = "{tmp_container_runtime=\"containerd\"}"
// the cri processing stage extracts the following k/v pairs: log, stream, time, flags
stage.cri { }
// Set the extract flags and stream values as labels
stage.labels {
values = {
flags = "",
stream = "",
}
}
}
// if the label tmp_container_runtime from above is docker parse using docker
stage.match {
selector = "{tmp_container_runtime=\"docker\"}"
// the docker processing stage extracts the following k/v pairs: log, stream, time
stage.docker { }
// Set the extract stream value as a label
stage.labels {
values = {
stream = "",
}
}
}
// drop the temporary container runtime label as it is no longer needed
stage.label_drop {
values = ["tmp_container_runtime"]
}
}
}