通过配置promtail的配置文件,可以实现:1.推送系统日志(journal)到loki;2.递归文件目录推送消息到loki
1.推送系统日志配置如下:
scrape_configs:
- job_name: journal
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: systemd-journal
relabel_configs:
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
- source_labels:
- __journal__hostname
target_label: 'nodename'
- source_labels:
- __journal_syslog_identifier
target_label: syslog_identifier
注意事项:
(1)需要把journal的内置指标relabel成target指标,不然相关指标不显示;
(2)保证目录/var/log/journal存在。如果没有,新建文件夹;
(3)/var/log/journal内容会增长很快,容易撑爆磁盘。建议限制日志大小:
journalctl --vacuum-size=500M
(4)如果通过容器安装promtail,官网强调,需要挂载 "/etc/machine-id"
volumes:
- /var/log/journal:/var/log/journal
- /run/log/journal:/run/log/journal
- /etc/machine-id:/etc/machine-id
2.递归文件目录推送消息到loki
- job_name: buss
static_configs:
- targets:
- localhost
labels:
job: test
app: test_log
__path__: /var/log/danny/**/*log
其中的 “/var/log/danny/**/*log” 表示递归推送/var/log/danny下,所有log结尾的文件内容。promtail启动日志如下:
