** loki配置使用**1 1. Loki is the latest open source project of the Grafana Labs team. It is a horizontally scalable, highly available, multi-tenant log aggregation system. Its design is very cost-effective and easy to operate because it does not index log content, but configures a set of tags for each log stream. The project was inspired by Prometheus. The official introduction is: Like Prometheus, but for logs, similar to Prometheus' log system.
2. 和其他日志系统不同的是,Loki 只会对你的日志元数据标签(就像 Prometheus 的标签一样)进行索引,而不会对原始的日志数据进行全文索引。然后日志数据本身会被压缩,并以 chunks(块)的形式存储在对象存储(比如 S3 或者 GCS)甚至本地文件系统。一个小的索引和高度压缩的 chunks 可以大大简化操作和降低 Loki 的使用成本。- Compare with other logging systems
EFK (Elasticsearch, Fluentd, Kibana) is used to obtain, visualize and query logs from various sources.
The data in Elasticsearch is stored on disk in the form of unstructured JSON objects. The key of each object and the content of each key are indexed. You can then use JSON objects to define queries (called Query DSL) or query data through Lucene query language.
In contrast, Loki in single binary mode can store data on disk, but in horizontally scalable mode, data storage needs to be in a cloud storage system, such as S3, GCS, or Cassandra. The log is stored in the form of plain text and is marked with the name and value of a set of tags, of which only the tags will be indexed. This trade-off makes it cheaper to operate than a full index. Logs in Loki are queried using LogQL. Due to this design trade-off, a LogQL query that filters based on content (ie, the text in the log line) needs to load all blocks in the search window that match the tags defined in the query.
Fluentd is usually used to collect logs and forward them to Elasticsearch. Fluentd is called a data collector. It can collect logs from many sources, process them, and forward them to one or more targets.
In contrast, Promtail is tailor-made for Loki. Its main mode of operation is to discover log files stored on disk and forward the log files associated with a set of tags to Loki. Promtail can do service discovery for Kubernetes Pods running on the same node. As a Docker log driver, it reads logs from a specified folder and continuously obtains systemd logs.
Loki uses a set of tags to represent logs similar to the way Prometheus represents metrics. When deployed in an environment with Prometheus, logs from Promtail usually have the same tags as your application metrics due to the same service discovery mechanism used. With logs and indicators of the same level, users can seamlessly switch between indicators and logs to help perform root cause analysis.
Kibana is used to visualize and search Elasticsearch data, and it is very powerful in analyzing these data. Kibana provides many visualization tools for data analysis, such as maps, machine learning for anomaly detection, and relationship graphs. Alarms can also be configured, and users can be notified when unexpected situations occur.
In contrast, Grafana is specifically tailored for time series data from data sources such as Prometheus and Loki. The dashboard can be set as a visual indicator (coming soon log support), or you can use the exploratory view to query the data temporarily. Like Kibana, Grafana also supports alarms based on your metrics.
3. Installation
为了方便,我们使用helm安装(其他安装方法可参考github上的方式https://grafana.com/docs/loki/latest/installation/)-
First, you need to ensure that the Kubernetes cluster has been deployed, and the Helm client is installed and configured, and then add Loki's chart warehouse:
Here we are using the version of helm3
helm repo add loki https://grafana.github.io/loki/charts
helm repo add loki
update chart warehouse
helm repo update
[root@k8s-1 ~]# helm repo list
NAME URL
nginx-stable https://helm.nginx.com/stable
incubator http://mirror.azure.cn/kubernetes/charts-incubator/
jetstack https://charts.jetstack.io
harbor https://helm.goharbor.io
loki https://grafana.github.io/loki/charts
You can check whether the chart package has been added to
install using namespace
helm upgrade --install loki --namespace=loki loki/loki
Can be created if there is no namespace
kubectl create ns loki
[root@k8s-1 ~]# kubectl get pods -n loki
NAME READY STATUS RESTARTS AGE
loki-0 1/1 Running 1 17h
promtail-dpdx7 1/1 Running 0 31m
promtail-kndlm 1/1 Running 0 31m
promtail-w7gbw 1/1 Running 0 31m
You can see that loki's pod is already running.
Let's install Promtail (for other installation methods, please refer to the document https://grafana.com/docs/loki/latest/clients/promtail/installation/)
is also installed using helm
helm repo add loki https://grafana.github.io/loki/charts
helm repo update
helm upgrade --install promtail loki/promtail --namespace=loki --set "loki.serviceName=loki" (指定namespace)
[root@k8s-1 ~]# kubectl get pods -n loki
NAME READY STATUS RESTARTS AGE
loki-0 1/1 Running 1 17h
promtail-dpdx7 1/1 Running 0 31m
promtail-kndlm 1/1 Running 0 31m
promtail-w7gbw 1/1 Running 0 31m
You can see that the promtail pod is already running.
Next, we configure
it on the grafana page. Because I have already installed grafana, so there is no grafana installed here.
Let’s configure the datasource first.
[root@k8s-1 ~]# kubectl get svc -n loki
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
loki ClusterIP 10.10.42.224 <none> 3100/TCP 17h
loki-headless ClusterIP None <none> 3100/TCP 17h
First check the cluster ip to 
add the datasource, 
you can see that the data source has been added successfully. 
According to the arrow selection, 
you can use this method to select, 
or you can use this method to select,
you can see that there is already log information below