Grafana Alloy cannot correctly parse log filenames for reading

Grafana Alloy
1

I configured the grafana alloy to sending openshift log. This is my configuration:
// =============================

// 1. Discover Kubernetes Pods

      // =============================

      discovery.kubernetes "pods" {

        role = "pod"

      }

      

      // =============================

      // 2. Relabel metadata + build log path

      // =============================

      discovery.relabel "pod_logs" {

        targets = discovery.kubernetes.pods.targets

        rule {

          source_labels = ["__meta_kubernetes_namespace"]

          regex         = "ns-test"

          action        = "keep"

        }

        rule {

          source_labels = ["__meta_kubernetes_pod_container_name"]

          regex         = "istio-.*"

          action        = "drop"

        }




        rule {

          source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_name", "__meta_kubernetes_pod_container_name", "__meta_kubernetes_pod_container_id"]

          separator   = ";"

          regex = "^(.+);(.+);(.+);.+://(.+)$"

          replacement = "/var/log/containers/$2_$1_$3-$4.log"

          target_label = "__path__"

        }

        

        // Namespace  

        rule {

          source_labels = ["__meta_kubernetes_namespace"]

          action = "replace"

          target_label  = "namespace"

        }

      

        // Pod name

        rule {

          source_labels = ["__meta_kubernetes_pod_name"]

          action = "replace"

          target_label  = "pod"

        }

      

        // Container name

        rule {

          source_labels = ["__meta_kubernetes_pod_container_name"]

          action = "replace"

          target_label  = "container"

        }

      

        // Node name

        rule {

          source_labels = ["__meta_kubernetes_pod_node_name"]

          action = "replace"

          target_label  = "node"

        }

      

        // Drop Alloy self logs (tránh loop)

        rule {

          source_labels = ["__meta_kubernetes_pod_name"]

          regex         = "alloy.*"

          action        = "drop"

        }

      

      }

      

      // =============================

      // 3. Read log files from node

      // =============================

      loki.source.file "pod_logs" {

        targets    = discovery.relabel.pod_logs.output

        forward_to = [loki.process.parse.receiver]

      }

      

      // =============================

      // 4. Parse CRI log format

      // =============================

      loki.process "parse" {

      

        stage.cri {}   // CRI-O compatible (OpenShift)

      

        forward_to = [loki.write.loki.receiver]

      }

      

      // =============================

      // 5. Send logs to Loki Distributed

      // =============================

      loki.write "loki" {

        endpoint {

          url = "http://loki-distributed-gateway.observability.svc.cluster.local/loki/api/v1/push"

          tenant_id = "prod1"   // bỏ nếu không dùng multi-tenant

        }

      }

I am getting the problem when Alloy cannot read correctly file name.
no such file or directory" key="{Path:/var/log/containers/app-520ab14b83af58fc8556522f4fa79c4238acbf7c0cc28d5cd55cee1203fd853a.log

2

Are you running alloy in a container? If so, make sure you are mounting /var/lib/docker/containers from host to Alloy container.

If you are running alloy directly on the host, make sure Alloy user has permission to see the /var/lib/docker/containers directory.

3

I am running in k8s (OCP)