Add static hostname label and value to collected logs

Grafana Loki
,
1

Hi community.

I’ve got this simple config file to collect logs from one server called ‘ansible05’

Logs are collected from many other servers but I’m struggling when it comes to identify which server are the logs coming from.

I would like to add an extra label with the name of ‘hostname’ and the value ‘ansible05’ to the host with that hostname

This is my config file:

local.file_match "local_files" {
  path_targets = [{"__path__" = "/var/log/*.log"}]
  sync_period = "5s"
}

// Hace scrape de esos logs y los envía al receiver
loki.source.file "log_scrape" {
  targets    = local.file_match.local_files.targets
  forward_to = [loki.process.filter_logs.receiver]
  tail_from_end = true
}

// Filtra logs por msg coincidiendo con match
loki.process "filter_logs" {

  stage.static_labels {
    values = {
      hostname = "ansible05"
    }
  }

  stage.drop {
    source               = ""
    expression           = ".*Connection closed by authenticating user root"
    drop_counter_reason  = "noisy"
  }

  forward_to = [loki.write.grafana_loki.receiver]
}

loki.write "grafana_loki" {
  endpoint {
    url = "https://logs-prod-xxx.grafana.net/loki/api/v1/push"

     basic_auth {
      username = "010101"
      password = "blablabla"
     }
  }
}

I’m getting this error msg:

feb 04 21:58:46 ansible05 alloy[2871]: Error: /etc/alloy/config.alloy:26:29: missing ‘,’ in field list
feb 04 21:58:46 ansible05 alloy[2871]: 25 | values = {
feb 04 21:58:46 ansible05 alloy[2871]: 26 | hostname = “ansible05”
feb 04 21:58:46 ansible05 alloy[2871]: |
feb 04 21:58:46 ansible05 alloy[2871]: 27 | }
feb 04 21:58:46 ansible05 alloy[2871]: interrupt received
feb 04 21:58:46 ansible05 alloy[2871]: Error: could not perform the initial load successfully
feb 04 21:58:46 ansible05 systemd[1]: alloy.service: Main process exited, code=exited, status=1/FAILURE
feb 04 21:58:46 ansible05 systemd[1]: alloy.service: Failed with result ‘exit-code’.
feb 04 21:58:46 ansible05 systemd[1]: alloy.service: Scheduled restart job, restart counter is at 5.
feb 04 21:58:46 ansible05 systemd[1]: Stopped Vendor-agnostic OpenTelemetry Collector distribution with programmable pipelines.
feb 04 21:58:46 ansible05 systemd[1]: alloy.service: Start request repeated too quickly.
feb 04 21:58:46 ansible05 systemd[1]: alloy.service: Failed with result ‘exit-code’.

What am I missing?

Thank you in advance and regards.

2

I’ve found it :slight_smile:

// PARTE LOKI
// Busca ficheros logs en la ruta y los convierte en targets
local.file_match "local_files" {
  path_targets = [{"__path__" = "/var/log/*.log"}]
  sync_period = "5s"
}

// Hace scrape de esos logs y los envía al receiver
loki.source.file "log_scrape" {
  targets    = local.file_match.local_files.targets
  forward_to = [loki.process.filter_logs.receiver]
  tail_from_end = true
}

// Filtra logs por msg coincidiendo con match
loki.process "filter_logs" {

  stage.drop {
    source               = ""
    expression           = ".*Connection closed by authenticating user root"
    drop_counter_reason  = "noisy"
  }
  stage.static_labels {
    values = {
      "hostname" = "ansible05",
    }
  }

  forward_to = [loki.write.grafana_loki.receiver]
}

loki.write "grafana_loki" {
  endpoint {
    url = "https://logs-prod-008.grafana.net/loki/api/v1/push"

     basic_auth {
      username = "010101"
      password = "blablabla"
     }
  }
}

Ty anyway to everybody that would have help. I know a lot people for sure :slight_smile: