I’m new in Grafana Cloud and I’m trying to ingest some logs in Grafana.
The scenario is the following. There is a SaaS aplication which has the capability to forward the logs with the following destination configuration:
Host (IP or FQDN)
Port
Protocol (Only TCP is supported)
Encryption (Only Mutual TLS is supported)
Format (Syslog)
I was reading the documentation but I didn’t find how to configure Grafana Cloud to receive the logs. I’d like to configure Grafana Cloud to receive those logs.
Grafana uses Loki for log storage, so you need something what is able to accept syslog format and then transform it into Loki format and send yo Grafana cloud.
As a big fan of OpenTelemetry I would use OpenTelemetry collector (I guess Grafana agent will be, similar solution). Syslog* receiver, some processors for labeling and then Loki exporter.
If I understand right, you mean that I need to deploy a collector to receive the logs from the SaaS application, right?
Is it possible to send directly logs from a source (SaaS application) to Grafana Cloud (Like public Grafana Cloud Instance IP & port). I mean, with Splunk for example you can send directly syslog logs to Splunk without any collector.
The thing is that I’d like to send logs from the SaaS application to Grafana Cloud without deploy any additional machine with the collector, because the SaaS application and Grana Cloud are in the cloud and they are public. If I have to deploy a machine with the collector, I need to deploy it in AWS or Azure to have visibility between the SaaS application and the collector.
Yes, you need middle man, because only Loki format is supported. Unfortunately, you can’t have everything. There is no widely accepted format by everyone at the moment
Or ask your SaaS provider to support Loki format (Splunk, Elasticsearch, …) and then you can have different logs storage, so it can be more complicated and more complex. So SaaS providers provide some well know format (e.g. syslog) and you should convert it to the format which is required by your log storage provider.
You can have middle man, which can convert between these format - that’s OTEL collector = so you don’t need to have implementation for all protocols on producer and on storage side. You can just convert log to the format, which is supported by your current log storage provider.
