1.Loki简介
Loki是受Prometheus启发由Grafana Labs团队开源的水平可扩展,高度可用的多租户日志聚合系统。 开发语言: Google Go。它的设计具有很高的成本效益,并且易于操作。使用标签来作为索引,而不是对全文进行检索,也就是说,你通过这些标签既可以查询日志的内容也可以查询到监控的数据签,极大地降低了日志索引的存储。系统架构十分简单,由以下3个部分组成 :
- Loki 是主服务器,负责存储日志和处理查询 。
- promtail 是代理,负责收集日志并将其发送给 loki 。
- Grafana 用于 UI 展示。
只要在应用程序服务器上安装promtail来收集日志然后发送给Loki存储,就可以在Grafana UI界面通过添加Loki为数据源进行日志查询(如果Loki服务器性能不够,可以部署多个Loki进行存储及查询)。作为一个日志系统不光只有查询分析日志的能力,还能对日志进行监控和报警。
Loki文档网址:https://grafana.com/docs/loki/latest/
下载网址:https://github.com/grafana/loki/releases
2.Loki的部署
- promtail收集并将日志发送给loki的 Distributor 组件
- Distributor会对接收到的日志流进行正确性校验,并将验证后的日志分批并行发送到Ingester
- Ingester接受日志流并构建数据块,压缩后存放到所连接的存储后端
- Querier 收到HTTP查询请求,并将请求发送至Ingester 用以获取内存数据 ,Ingester 收到请求后返回符合条件的数据 ;
- 如果 Ingester 没有返回数据,Querier 会从后端存储加载数据并遍历去重执行查询 ,通过HTTP返回查询结果
先将loki-linux-amd64.zip 和promtail-linux-amd64.zip和上传到服务器,启动loki服务
#创建存放loki数据的目录
mkdir /data/loki/{chunks,index} -p
#创建loki的部署目录
mkdir /usr/local/loki
#编辑config.yaml问价,内容如下
auth_enabled: false
server:
http_listen_port: 3100
ingester:
lifecycler:
address: 47.104.76.227
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 5m
chunk_retain_period: 30s
schema_config:
configs:
- from: 2022-12-16
store: boltdb
object_store: filesystem
schema: v11
index:
prefix: index_
period: 168h #每张表的时间范围7天
storage_config:
boltdb:
directory: /data/loki/index #索引文件存储地址
filesystem:
directory: /data/loki/chunks #块存储地址
limits_config:
enforce_metric_name: false
reject_old_samples: true
reject_old_samples_max_age: 168h
chunk_store_config:
# 最大可查询历史日期 28天,这个时间必须是schema_config中的period的倍数,否则报错。
max_look_back_period: 672h
# 表的保留期28天
table_manager:
retention_deletes_enabled: true
retention_period: 672h
# 启动loki服务
nohup ./loki-linux-amd64 -config.file=./config.yaml >./loki.log 2>&1 &
解压promtail并启动
#创建promtail的部署目录
mkdir /usr/local/promtail -p
#编辑promtail.yaml问价,内容如下
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: ./positions.yaml
ignore_invalid_yaml: true
clients:
- url: http://47.104.76.227:3100/loki/api/v1/push
scrape_configs:
#ucenter1
- job_name: loki_log
file_sd_configs:
- files:
- ./conf/*.yaml
refresh_interval: 1m
[root@cxcc01 promtail]# tree conf/
conf/
└── log.yaml
0 directories, 1 file
[root@cxcc01 promtail]# cat conf/log.yaml
- targets:
- 47.104.76.227
labels:
host: 47.104.76.227
__path__: /var/log/messages
- targets:
- 47.104.76.227
labels:
host: 47.104.76.227
__path__: /var/log/secure
#启动服务
nohup ./promtail-linux-amd64 -config.file=./promtail.yaml > ./promtail.log 2>&1 &
3.grafana展示
上图可以看到两个文件的日志信息已经采集并展示。其中导航栏中右侧还是支持搜索的功能
表达式:{filename=~"$log",host=~"$host"}|~ "(?i)$log_level"
4.日志的dashboard文件
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 3,
"iteration": 1671275851848,
"links": [],
"liveNow": false,
"panels": [
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": {
"type": "loki",
"uid": "${ENV}"
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 5,
"w": 24,
"x": 0,
"y": 0
},
"hiddenSeries": false,
"id": 4,
"legend": {
"alignAsTable": true,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.5.10",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"datasource": {
"type": "loki",
"uid": "2NkA815Vk"
},
"expr": "sum (count_over_time({filename=~\"$log\",host=~\"$host\"}[2m] )) by (host,filename)",
"hide": false,
"legendFormat": "{{host}}=={{filename}}",
"refId": "B"
}
],
"thresholds": [],
"timeRegions": [],
"title": "日志量统计",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:319",
"format": "short",
"logBase": 1,
"show": true
},
{
"$$hashKey": "object:320",
"format": "short",
"logBase": 1,
"show": true
}
],
"yaxis": {
"align": false
}
},
{
"datasource": {
"type": "loki",
"uid": "2NkA815Vk"
},
"description": "",
"gridPos": {
"h": 21,
"w": 24,
"x": 0,
"y": 5
},
"id": 2,
"options": {
"dedupStrategy": "exact",
"enableLogDetails": false,
"prettifyLogMessage": false,
"showCommonLabels": false,
"showLabels": false,
"showTime": true,
"sortOrder": "Descending",
"wrapLogMessage": true
},
"pluginVersion": "7.4.3",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "2NkA815Vk"
},
"expr": "{filename=~\"$log\",host=~\"$host\"}|~ \"(?i)$log_level\"",
"hide": false,
"maxLines": 100,
"refId": "C"
}
],
"title": "日志",
"transparent": true,
"type": "logs"
}
],
"refresh": "",
"schemaVersion": 36,
"style": "dark",
"tags": [
"ELK"
],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "Loki",
"value": "Loki"
},
"hide": 0,
"includeAll": false,
"label": "选择环境",
"multi": false,
"name": "ENV",
"options": [],
"query": "loki",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {
"selected": true,
"text": "/var/log/messages",
"value": "/var/log/messages"
},
"datasource": {
"type": "loki",
"uid": "2NkA815Vk"
},
"definition": "label_values({},filename)",
"hide": 0,
"includeAll": false,
"label": "日志",
"multi": false,
"name": "log",
"options": [],
"query": "label_values({},filename)",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"type": "query"
},
{
"current": {
"selected": false,
"text": "47.104.76.227",
"value": "47.104.76.227"
},
"datasource": {
"type": "loki",
"uid": "2NkA815Vk"
},
"definition": "label_values({},host)",
"hide": 0,
"includeAll": false,
"label": "主机IP",
"multi": false,
"name": "host",
"options": [],
"query": "label_values({},host)",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"type": "query"
},
{
"allValue": "(^\\\\S|^\\\\s)",
"current": {
"selected": false,
"text": "All",
"value": "$__all"
},
"description": "可以直接输入搜索的关键字进行过滤",
"hide": 0,
"includeAll": true,
"label": "关键字过滤",
"multi": false,
"name": "log_level",
"options": [
{
"selected": true,
"text": "All",
"value": "$__all"
},
{
"selected": false,
"text": "warning",
"value": "warning"
},
{
"selected": false,
"text": "unknown",
"value": "unknown"
},
{
"selected": false,
"text": "info",
"value": "info"
},
{
"selected": false,
"text": "error",
"value": "error"
},
{
"selected": false,
"text": "直接输入关键字搜索",
"value": "直接输入关键字搜索"
}
],
"query": "warning,unknown,info,error,直接输入关键字搜索",
"queryValue": "",
"skipUrlSync": false,
"type": "custom"
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "loki日志",
"uid": "NlV_8QD7k",
"version": 19,
"weekStart": ""
}
844
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
