Mailing List Archive

Output plugin for loki?
I wondered if anyone has looked at writing an rsyslog output plugin for
loki <https://github.com/grafana/loki> yet?

The API <https://github.com/grafana/loki/blob/master/docs/loki/api.md>
is a simple HTTP POST, containing batches of logs sharing the same label
set.  So the plugin would need:

- a formatter for the log to be stored ("line")

- a formatter (or other way) to select a set of labels and label
values.  Typically these would be facility, priority, source IP; they
need to be low-cardinality values since each label set is a distinct
time series.  If it's done as a formatter, there needs to be escaping of
" to \"

I guess it could either be an extension to omhttp
<https://www.rsyslog.com/doc/v8-stable/configuration/modules/omhttp.html>,
or a fork of it.  An extension would involve a more complex batching
mechanism where you could group batches by a second templated value, so
I think a dedicated module would be simpler.

The current options for integrating loki seem to be: (1) write to a file
and use promtail to read the file; or (2) forward logs to fluentd and
use fluent-plugin-grafana-loki
<https://github.com/grafana/loki/tree/master/fluentd/fluent-plugin-grafana-loki>.
Both are a bit icky, and make it difficult to preserve the labels you want.

Regards,

Brian.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Output plugin for loki? [ In reply to ]
I have not heard of loki before, so I doubt that anyone has written a module for
it yet.

it can get added to the todo list, but given that I haven't heard of it, it
would probably end up well down on the list.

In the past when I've had this sort of thing, I've contacted Adiscon about
sponsoring the development of such a module. If you can talk to your company
about doing that, it can work out well.

David Lang

On Sat, 7 Sep 2019, Brian Candler via
rsyslog wrote:

> Date: Sat, 7 Sep 2019 08:35:55 +0100
> From: Brian Candler via rsyslog <rsyslog@lists.adiscon.com>
> To: Brian Candler via rsyslog <rsyslog@lists.adiscon.com>
> Cc: Brian Candler <b.candler@pobox.com>
> Subject: [rsyslog] Output plugin for loki?
>
> I wondered if anyone has looked at writing an rsyslog output plugin for
> loki <https://github.com/grafana/loki> yet?
>
> The API <https://github.com/grafana/loki/blob/master/docs/loki/api.md>
> is a simple HTTP POST, containing batches of logs sharing the same label
> set.  So the plugin would need:
>
> - a formatter for the log to be stored ("line")
>
> - a formatter (or other way) to select a set of labels and label
> values.  Typically these would be facility, priority, source IP; they
> need to be low-cardinality values since each label set is a distinct
> time series.  If it's done as a formatter, there needs to be escaping of
> " to \"
>
> I guess it could either be an extension to omhttp
> <https://www.rsyslog.com/doc/v8-stable/configuration/modules/omhttp.html>,
> or a fork of it.  An extension would involve a more complex batching
> mechanism where you could group batches by a second templated value, so
> I think a dedicated module would be simpler.
>
> The current options for integrating loki seem to be: (1) write to a file
> and use promtail to read the file; or (2) forward logs to fluentd and
> use fluent-plugin-grafana-loki
> <https://github.com/grafana/loki/tree/master/fluentd/fluent-plugin-grafana-loki>.
> Both are a bit icky, and make it difficult to preserve the labels you want.
>
> Regards,
>
> Brian.
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Output plugin for loki? [ In reply to ]
On 07/09/2019 08:57, David Lang wrote:
> I have not heard of loki before, so I doubt that anyone has written a
> module for it yet.

In case anyone finds it useful, I just made an omprog module for it. 
Since it has a HTTP API the overhead should be relatively insignificant.

https://github.com/candlerb/rsyslog-omprog-loki

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Output plugin for loki? [ In reply to ]
cool - would you be intersted in contributing this into the rsyslog source tree?

Rainer

El lun., 16 sept. 2019 a las 14:21, Brian Candler via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> On 07/09/2019 08:57, David Lang wrote:
> > I have not heard of loki before, so I doubt that anyone has written a
> > module for it yet.
>
> In case anyone finds it useful, I just made an omprog module for it.
> Since it has a HTTP API the overhead should be relatively insignificant.
>
> https://github.com/candlerb/rsyslog-omprog-loki
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Output plugin for loki? [ In reply to ]
On 16/09/2019 16:14, Rainer Gerhards wrote:
> cool - would you be intersted in contributing this into the rsyslog source tree?

Certainly - might be a good idea to get a few more users trying it out
first though!

Cheers,

Brian.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.