I’m new to Grafana + loki + promtail and try to visualize logs from esxi hosts. I managed to see the logs in Grafana dashboard but would like to optimize the view. I have following settings:
For Q1, I mean I already set the log filter level in Esxi host setting, but all logs still showing in the dashboard, so I guess it does not related to the Promtail or Loki setting but VMware’s problem?
And I found it is confusing about the severity.
From the original log it should be “Warning” but it detected as “Error” and the label “__syslog_message_severity” shows notice…
I just quickly googled and found some discussion about this on the internet so I will continue to research, of course any tips would be appreciated
For Q2, I managed to get the required field by using the label “__syslog_message_app_name”
but it shows only when I expand the log entry, not showing in the dashboard:
Labels should be kept as labels (meaning not part of the logs, but rather metadata that describes the logs). You can, if you really want to, alter the logs with promtail, but I personally don’t like altering logs during transit.
In promtail you can set any parsed field as output. So you can manipulate a field with template and add two fields together (or a field and the log body), then set the new field as the output.
