无论是ELK、EFK还是Filebeat,都需要用到Elasticsearch来存储数据,而Elasticsearch维护难度和资源使用都是偏高的。所以一个更轻量的日志收集平台-Loki应运而生。Loki是Grafana Labs开源的一个支持水平扩展、高可用、多租户的日志聚合系统。

Loki简介

包含三个组件

  • Loki:主服务器,负责日志的存储和查询,参考了Prometheus的服务发现机制,将标签添加到日志流,而不是像其他平台一样进行全文索引。
  • Promtail:负责收集日志并将其发送给Loki,主要用于发现采集目标以及添加对应Label,最终发送给Loki。
  • Grafana:用来展示或查询相关日志,可以在页面查询指定标签Pod的日志。

Loki不对日志进行全文索引,仅索引相关日志的元数据,所以Loki操作起来更简单、更省成本。而且Loki是基于Kubernetes进行设计的,可以很方便地部署在Kubernetes上,并且对集群的Pod进行日志采集,采集时会将Kubernetes集群中的一些元数据自动添加到日志中,让技术人员可以根据命名空间、标签等字段进行日志的过滤,可以很快速地定位到相关日志。

Loki部署实战

这里用Docker方式安装,先准备镜像文件

docker pull docker.m.daocloud.io/grafana/loki:3.2.0
docker tag docker.m.daocloud.io/grafana/loki:3.2.0 10.10.200.11:5000/grafana/loki:3.2.0
docker rmi docker.m.daocloud.io/grafana/loki:3.2.0
docker push 10.10.200.11:5000/grafana/loki:3.2.0

docker pull docker.m.daocloud.io/grafana/promtail:3.2.0
docker tag docker.m.daocloud.io/grafana/promtail:3.2.0 10.10.200.11:5000/grafana/promtail:3.2.0
docker rmi docker.m.daocloud.io/grafana/promtail:3.2.0
docker push 10.10.200.11:5000/grafana/promtail:3.2.0

docker pull docker.m.daocloud.io/grafana/grafana:11.2.2
docker tag docker.m.daocloud.io/grafana/grafana:11.2.2 10.10.200.11:5000/grafana/grafana:11.2.2
docker rmi docker.m.daocloud.io/grafana/grafana:11.2.2
docker push 10.10.200.11:5000/grafana/grafana:11.2.2

compose.yaml文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

services:
  loki:
    image: 10.10.200.11:5000/grafana/loki:3.2.0
    container_name: loki
    ports:
      - "3100:3100"
    volumes:
      - ./loki-config.yaml:/etc/loki/local-config.yaml
    command: -config.file=/etc/loki/local-config.yaml

  promtail:
    image: 10.10.200.11:5000/grafana/promtail:3.2.0
    container_name: promtail
    volumes:
      - /var/log:/var/log
      - ./promtail-config.yaml:/etc/promtail/config.yml
    command: -config.file=/etc/promtail/config.yml

  grafana:
    image: 10.10.200.11:5000/grafana/grafana:11.2.2
    container_name: grafana
    ports:
      - "3000:3000"

loki-config.yaml 文件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

auth_enabled: false

server:
  http_listen_port: 3100

common:
  instance_addr: 127.0.0.1
  path_prefix: /loki
  storage:
    filesystem:
      chunks_directory: /loki/chunks
      rules_directory: /loki/rules
  replication_factor: 1
  ring:
    kvstore:
      store: inmemory

schema_config:
  configs:
    - from: 2020-10-24
      store: tsdb
      object_store: filesystem
      schema: v13
      index:
        prefix: index_
        period: 24h

ruler:
  alertmanager_url: http://localhost:9093

# By default, Loki will send anonymous, but uniquely-identifiable usage and configuration
# analytics to Grafana Labs. These statistics are sent to https://stats.grafana.org/
#
# Statistics help us better understand how Loki is used, and they show us performance
# levels for most users. This helps us prioritize features and documentation.
# For more information on what's sent, look at
# https://github.com/grafana/loki/blob/main/pkg/usagestats/stats.go
# Refer to the buildReport method to see what goes into a report.
#
# If you would like to disable reporting, uncomment the following lines:
#analytics:
#  reporting_enabled: false

Loki配置详解:https://blog.csdn.net/weixin_40972073/article/details/135041962

promtail-config.yaml 文件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /tmp/positions.yaml

clients:
  - url: http://loki:3100/loki/api/v1/push

scrape_configs:
  - job_name: system
    static_configs:
      - targets:
          - localhost
        labels:
          job: varlogs
          __path__: /var/log/*.log

验证

1
2
3
4
5

# 启动容器或删除容器
docker compose up -d
docker compose down

# 如果能顺利启动,就访问 http://IP:3000 进入Grafana登录页面。默认账号密码:admin/admin

Grafana配置

我们用promtail再添加一份数据源:

1
2
3
4
5
6
7
8
9

# compose.yaml
services:
  promtail:
    image: 10.10.200.11:5000/grafana/promtail:3.2.0
    container_name: "promtail-mysql-log"
    volumes:
      - /k8s-data/mysql-ha1:/mysql-ha1-logs
      - ./promtail-config.yaml:/etc/promtail/config.yml
    command: -config.file=/etc/promtail/config.yml

promtail配置文件如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

# promtail-config.yaml
server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /tmp/positions.yaml

clients:
  - url: http://your-loki-ip:3100/loki/api/v1/push

scrape_configs:
  - job_name: chendemysql
    static_configs:
      - targets:
          - localhost
        labels:
          job: mysqllogs
          __path__: /mysql-ha1-logs/*.log

这样某台服务器MySQL所有.log日志文件也收录到了Loki数据库中。我们在Grafana中按一定规则查询到某个日志文件的每一行:

image-20241016163614994

参考阅读

https://zhuanlan.zhihu.com/p/967956426

(完)