Logging with Grafana Loki
Tom Miller
Loki is a highly scalable, horizontally scalable, and highly available log aggregation system. It was developed by Grafana Labs and is designed to store, index, and search large amounts of logs. Loki is a powerful tool for troubleshooting, debugging, and monitoring applications and services in real-time. In this blog post, we will provide an introduction to Loki, a short section on how to install it with Helm, and some example queries.
Loki is built to be a cost-effective solution for log aggregation and storage. It is designed to work seamlessly with other components of the Prometheus ecosystem, including Grafana, Alertmanager, and Promtail. With Loki, you can store all your logs in a central location, making it easy to monitor and analyze your logs in real-time.
Loki is based on the LogQL query language, which is similar to PromQL. LogQL provides a powerful set of operators for querying logs, including filtering by labels, regular expressions, and time ranges. LogQL also supports aggregation functions like sum, count, and topk, allowing you to extract meaningful insights from your logs.
How to Install Loki with Helm
Loki can be installed on Kubernetes using Helm, which is a popular package manager for Kubernetes. Helm makes it easy to deploy, upgrade, and manage Kubernetes applications.
To install Loki with Helm, follow these steps:
- Add the Loki Helm repository:
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
helm install loki grafana/loki-stack --set grafana.enabled=true
Example Queries in Loki
Now that you have Loki installed, let's look at some example queries you can run on your logs.
Count the Number of Requests by Status Code
Suppose you want to count the number of requests by HTTP status code in your logs. You can use the count_over_time function in LogQL to achieve this:
count_over_time({app="web"} |= "status=" [200, 300, 400, 500] | logfmt | line_format "{{.status}}"[5m])
This query will filter logs by the app label and then select logs that contain the status field with a value of 200, 300, 400, or 500. The logfmt function is used to parse the log line, and the line_format function is used to extract the status field value. The count_over_time function is then used to count the number of logs that match the filter over a 5-minute period.
Find the Top HTTP Routes by Request Count
Suppose you want to find the top HTTP routes by the number of requests in your logs. You can use the topk function in LogQL to achieve this:
topk(10, sum by (route) (count_over_time({app="web"} | logfmt | line_format "{{.route}}"[5m])))
This query will filter logs by the app label, parse the log line with logfmt, and extract the route field value with line_format. The count_over_time function is then used to count the number of logs that match the filter over a 5-minute period. The sum_by function is used to aggregate the counts.
In conclusion, Loki is a powerful log aggregation system that can help you store, index, and search large amounts of logs in a cost-effective and efficient manner. With its integration with the Prometheus ecosystem and LogQL query language, Loki can provide valuable insights into your application's performance, health, and behavior.
Installing Loki using Helm is a straightforward process that can be customized to fit your specific needs. With the ability to query and analyze logs in real-time, Loki is an excellent tool for troubleshooting and monitoring your applications and services.
In this blog post, we have provided an introduction to Loki, a brief guide on how to install it using Helm, and some example queries that you can use to extract meaningful insights from your logs. We hope that this post has been helpful in getting you started with Loki and that you can leverage its capabilities to improve your application's performance and reliability.
