Hello!! I would first like to apologize for using the wrong terminology in my questions. I am new to Grafana Alloy and Loki! I need to monitor syslogs accross my network. I am currently using loki.source.syslog to collect syslogs and write them to loki. How can I apply custom labels based on the ip_address sending the syslog?
I have used discovery.http to send targets and custom labels to prometheus.scrape, but how do I do that with loki? There are no targets and everything references maps.
I know that I can use loki.relabel to change or update labels, but can I use that to add custom labels based on the ip_address in the syslog? It seems like this is to manipulate existing labels in the log.
I am not trying to add dozens of labels, just an application name, location, and environment.
To confirm, stage.static_labels will add a label called remote_ip to the log and that can be used to search in loki, correct?
Is there a way to take that value and add labels for environment, application, and location? For example, I have the following json,
[
{
“remote_ip”: “1.2.3.4.5”,
“location”: “chicago”,
“environment”: “development”,
“application”: “grafana”
}
]
I want to add the other labels to the log based on the remote_ip.
I looked at loki.relabel and it looks like you can drop, keep, and modify, but not add new labels. Would I use stage.label?
Apologies, my previous comment was actually incorrect. You want to use stage.labels to assign value to a label from another label, and use stage.static_labels to hardcode value to a label. So you’d want:
Are you using syslog as well? syslog has a list of labels that it tries to produce internally, which should cover ip address, but for other external information such as rack you’d need to supply those yourself.
I noob in this part.
Please guide me how can i use syslog.
For Rack and Location in Agent I had added global labels
Please guide me the same how can I add Lables for that instance. They are static value. I can manually input it it’s okay.
Hi, I tried doing this to get the connection IP address but it does not work. The value “remote_ip” ended up being populated by the string “__syslog_connection_ip_address” instead of the IP address.
PS: I am new to Grafana Loki. So may not be familiar with the various syntax.
Actually I am trying to get the name/IP address of the device that sends the syslogs. I have 2 firewalls sending syslogs to Loki. Currently, I am using 2 different ports to receive the logs. I am hoping that the Loki syslog component is able to extract at least some info of the source device.
From the example by @tonyswumac , there seem to be a variable __syslog_connection_ip_address , but it does seem to get populated for me.
Here are 2 samples of the syslog from my Fortigate Firewall. Maybe one way is to manually use regex to extract the Firewall name but I am hoping there is an easier way that is already built-in.