Hi everyone,
I’m building a system where multiple devices will be sending logs and metrics to Grafana Cloud. Before I proceed, I want to understand the best practices for handling device-level separation and per-device access control for both Loki and InfluxDB.
What I’m trying to achieve
-
Each device should send data independently.
-
I want data isolation per device (sharding/partitioning).
-
I want to be able to identify which device each log/metric came from.
-
Each device should have its own API token/credentials.
-
I need the ability to revoke one device’s access without affecting the rest.
-
Ideally, a device should only be able to write to its own shard/bucket, not others.
Questions
-
Does Grafana Cloud offer any built-in support for managing multiple devices like this?
-
For Loki, is the recommended approach using tenants, labels, or something else?
-
For InfluxDB, should I separate devices using buckets, orgs, or token scoping?
-
Is there a standard way to audit or track which device/token is sending data?
-
Any examples of setups using Grafana Agent Flow / Promtail for multi-device pipelines?
Context
We’re planning to stream both logs (Loki) and metrics/time-series data (InfluxDB). Before designing the architecture, I want to confirm what’s supported and what patterns people typically use.
Any suggestions, patterns, or docs would be greatly appreciated!
Thanks!