github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/docs/sources/clients/fluentd/_index.md (about) 1 --- 2 title: Fluentd 3 weight: 60 4 --- 5 # Fluentd Loki Output Plugin 6 7 Grafana Loki has a [Fluentd](https://www.fluentd.org/) output plugin called 8 `fluent-plugin-grafana-loki` that enables shipping logs to a private Loki 9 instance or [Grafana Cloud](https://grafana.com/products/cloud/). 10 11 The plugin source code is in the [fluentd directory of the repository](https://github.com/grafana/loki/tree/main/clients/cmd/fluentd). 12 13 ## Installation 14 15 ### Local 16 17 To install the plugin use [fluent-gem](https://docs.fluentd.org/deployment/plugin-management): 18 19 ```bash 20 fluent-gem install fluent-plugin-grafana-loki 21 ``` 22 23 ## Docker Image 24 25 The Docker image `grafana/fluent-plugin-loki:master` contains [default configuration files](https://github.com/grafana/loki/tree/main/clients/cmd/fluentd/docker/conf). By default, fluentd containers use that default configuration. You can instead specify your `fluentd.conf` configuration file with a `FLUENTD_CONF` environment variable. 26 27 This image also uses `LOKI_URL`, `LOKI_USERNAME`, and `LOKI_PASSWORD` environment variables to specify the Loki's endpoint, user, and password (you can leave the USERNAME and PASSWORD blank if they're not used). 28 29 This image will start an instance of Fluentd to forward incoming logs to the specified Loki URL. As an alternate, containerized applications can also use [docker driver plugin](../docker-driver/) to ship logs without needing Fluentd. 30 31 ### Example 32 33 A Docker Compose configuration that will work looks like: 34 35 ```yaml 36 services: 37 fluentd: 38 image: grafana/fluent-plugin-loki:master 39 command: 40 - "fluentd" 41 - "-v" 42 - "-p" 43 - "/fluentd/plugins" 44 environment: 45 LOKI_URL: http://loki:3100 46 LOKI_USERNAME: 47 LOKI_PASSWORD: 48 deploy: 49 mode: global 50 configs: 51 - source: loki_config 52 target: /fluentd/etc/loki/loki.conf 53 networks: 54 - loki 55 volumes: 56 - host_logs:/var/log 57 # Needed for journald log ingestion: 58 - /etc/machine-id:/etc/machine-id 59 - /dev/log:/dev/log 60 - /var/run/systemd/journal/:/var/run/systemd/journal/ 61 logging: 62 options: 63 tag: infra.monitoring 64 ``` 65 66 ## Usage 67 68 **Note**: use either `<label>...</label>` or `extra_labels` to set at least one label. 69 70 In your Fluentd configuration, use `@type loki`. Additional configuration is optional. Default values would look like this: 71 72 ```conf 73 <match **> 74 @type loki 75 url "https://logs-prod-us-central1.grafana.net" 76 username "#{ENV['LOKI_USERNAME']}" 77 password "#{ENV['LOKI_PASSWORD']}" 78 extra_labels {"env":"dev"} 79 flush_interval 10s 80 flush_at_shutdown true 81 buffer_chunk_limit 1m 82 </match> 83 ``` 84 85 ### Adding labels 86 87 Simple label from top level attribute 88 89 ```conf 90 <match mytag> 91 @type loki 92 # ... 93 <label> 94 fluentd_worker 95 </label> 96 # ... 97 </match> 98 ``` 99 100 You can rewrite the label keys as well as the following 101 102 ```conf 103 <match mytag> 104 @type loki 105 # ... 106 <label> 107 worker fluentd_worker 108 </label> 109 # ... 110 </match> 111 ``` 112 113 You can use [record accessor](https://docs.fluentd.org/plugin-helper-overview/api-plugin-helper-record_accessor#syntax) syntax for nested field. 114 115 ```conf 116 <match mytag> 117 @type loki 118 # ... 119 <label> 120 container $.kubernetes.container 121 </label> 122 # ... 123 </match> 124 ``` 125 126 ### Extracting Kubernetes labels 127 128 As Kubernetes labels are a list of nested key-value pairs there is a separate option to extract them. 129 Note that special characters like "`. - /`" will be overwritten with `_`. 130 Use with the `remove_keys kubernetes` option to eliminate metadata from the log. 131 132 ```conf 133 <match mytag> 134 @type loki 135 # ... 136 extract_kubernetes_labels true 137 remove_keys kubernetes 138 <label> 139 container $.kubernetes.container 140 </label> 141 # ... 142 </match> 143 ``` 144 145 > You can also include automatically all kubernetes labels by using `extract_kubernetes_labels true` in your configuration. 146 147 ### Multi-worker usage 148 149 Out-of-order inserts are enabled by default in Loki; refer to [accept out-of-order writes](../../configuration/#accept-out-of-order-writes). 150 If out-of-order inserts are _disabled_, attempting to insert a log entry with an earlier timestamp after a log entry with identical labels but a later timestamp, the insert will fail with `HTTP status code: 500, message: rpc error: code = Unknown desc = Entry out of order`. Therefore, in order to use this plugin in a multi worker Fluentd setup, you'll need to include the worker ID in the labels or otherwise [ensure log streams are always sent to the same worker](https://docs.fluentd.org/deployment/multi-process-workers#less-than-worker-n-greater-than-directive). 151 152 For example, using [fluent-plugin-record-modifier](https://github.com/repeatedly/fluent-plugin-record-modifier): 153 154 ```conf 155 <filter mytag> 156 @type record_modifier 157 <record> 158 fluentd_worker "#{worker_id}" 159 </record> 160 </filter> 161 162 <match mytag> 163 @type loki 164 # ... 165 <label> 166 fluentd_worker 167 </label> 168 # ... 169 </match> 170 ``` 171 172 ### Using multiple buffer flush threads 173 174 Similarly, when using `flush_thread_count` > 1 in the [`buffer`](https://docs.fluentd.org/configuration/buffer-section#flushing-parameters) 175 section, a thread identifier must be added as a label to ensure that log chunks flushed in parallel to loki by fluentd always have increasing 176 times for their unique label sets. 177 178 This plugin automatically adds a `fluentd_thread` label with the name of the buffer flush thread when `flush_thread_count` > 1. 179 180 ## Configuration 181 182 ### `url` 183 184 The URL of the Loki server to send logs to. When sending data, the publish path (`../api/loki/v1/push`) will automatically be appended. 185 By default the url is set to `https://logs-prod-us-central1.grafana.net`, the url of the Grafana Labs [hosted Loki](https://grafana.com/products/cloud/) service. 186 187 #### Proxy Support 188 189 Starting with version 0.8.0, this gem uses [excon, which supports proxy with environment variables](https://github.com/excon/excon#proxy-support). 190 191 ### `username` / `password` 192 193 Specify a username and password if the Loki server requires authentication. 194 If using the GrafanaLab's hosted Loki, the username needs to be set to your instanceId and the password should be a Grafana.com api key. 195 196 ### tenant 197 198 Loki is a multi-tenant log storage platform and all requests sent must include a tenant. For some installations the tenant will be set automatically by an authenticating proxy. Otherwise you can define a tenant to be passed through. 199 The tenant can be any string value. 200 201 The tenant field also supports placeholders, so it can dynamically change based on tag and record fields. Each placeholder must be added as a buffer chunk key. The following is an example of setting the tenant based on a k8s pod label: 202 203 ```conf 204 <match **> 205 @type loki 206 url "https://logs-prod-us-central1.grafana.net" 207 tenant ${$.kubernetes.labels.tenant} 208 # ... 209 <buffer $.kubernetes.labels.tenant> 210 @type memory 211 flush_interval 5s 212 </buffer> 213 </match> 214 ``` 215 216 ### Client certificate verification 217 218 Specify a pair of client certificate and private key with `cert` and `key` if a reverse proxy with client certificate verification is configured in front of Loki. `ca_cert` can also be specified if the server uses custom certificate authority. 219 220 ```conf 221 <match **> 222 @type loki 223 224 url "https://loki" 225 226 cert /path/to/certificate.pem 227 key /path/to/key.key 228 ca_cert /path/to/ca.pem 229 230 ... 231 </match> 232 ``` 233 234 ### Server certificate verification 235 236 A flag to disable a server certificate verification. By default the `insecure_tls` is set to false. 237 238 ```conf 239 <match **> 240 @type loki 241 242 url "https://loki" 243 244 insecure_tls true 245 246 ... 247 </match> 248 ``` 249 250 ### Output format 251 252 Loki is intended to index and group log streams using only a small set of labels. It is not intended for full-text indexing. When sending logs to Loki the majority of log message will be sent as a single log "line". 253 254 There are few configurations settings to control the output format. 255 256 - extra_labels: (default: nil) set of labels to include with every Loki stream. eg `{"env":"dev", "datacenter": "dc1"}` 257 - remove_keys: (default: nil) comma separated list of needless record keys to remove. All other keys will be placed into the log line. You can use [record_accessor syntax](https://docs.fluentd.org/plugin-helper-overview/api-plugin-helper-record_accessor#syntax). 258 - line_format (default:key_value): format to use when flattening the record to a log line. Valid values are "json" or "key_value". If set to "json" the log line sent to Loki will be the fluentd record (excluding any keys extracted out as labels) dumped as json. If set to "key_value", the log line will be each item in the record concatenated together (separated by a single space) in the format `<key>=<value>`. 259 - drop_single_key: if set to true and a record only has 1 key after extracting `<label></label>` blocks, set the log line to the value and discard the key. 260 - include_thread_label (default: true): whether or not to include the fluentd_thread label when multiple threads are used for flushing. 261 262 ### Buffer options 263 264 `fluentd-plugin-loki` extends [Fluentd's builtin Output plugin](https://docs.fluentd.org/v1.0/articles/output-plugin-overview) and use `compat_parameters` plugin helper. It adds the following options: 265 266 ```conf 267 buffer_type memory 268 flush_interval 10s 269 retry_limit 17 270 retry_wait 1.0 271 num_threads 1 272 ```