Identical log lines missing

meisolsson · January 12, 2024, 4:05pm

Running Loki v2.9.0 and pushing nginx logs with Promtail. Having two indentical request right after each other seems to make one of them go missing. I some cases if there are more than 5 lines sent, 2-3 lines are in Loki but the rest are not.

For example the nginx logs below.

10.20.4.212 - - [12/Jan/2024:16:01:02 +0000] "GET /api/live/ws2 HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-"
10.20.4.212 - - [12/Jan/2024:16:01:02 +0000] "GET /api/live/ws2 HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-"
10.20.4.212 - - [12/Jan/2024:16:01:02 +0000] "GET /api/live/ws2 HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-"
10.20.4.212 - - [12/Jan/2024:16:01:02 +0000] "GET /api/live/ws2 HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-"
10.20.4.212 - - [12/Jan/2024:16:01:02 +0000] "GET /api/live/ws2 HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-"
10.20.4.212 - - [12/Jan/2024:16:01:02 +0000] "GET /api/live/ws2 HTTP/1.1" 404 24 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-"

These end up as the following in Grafana

The Promtail config is simply just parsing the timestamp from Nginx.


server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /etc/promtail/positions.yaml

clients:
  - url: http://localhost:3100/loki/api/v1/push
    external_labels:
      hostname: tools

scrape_configs:
- job_name: nginx
  pipeline_stages:
  - regex:
      expression: "^.* - - \\[(?P<time>\\w{2}\\/\\w{3}\\/\\w{4}:\\w{2}:\\w{2}:\\w{2} [+-]\\w{4})\\].*"
  - timestamp:
      source: time
      format: "02/Jan/2006:15:04:05 -0700"
  static_configs:
  - targets:
      - localhost
    labels:
      job: nginx
      __path__: /var/log/nginx/*.log

I do understand that one solution to this is to append a more exact timestamp to the nginx log lines but I feel like this should not need to be a problem. I have also tried to set increment_duplicate_timestamp: true in the Loki config.

Any help much appreciated.

Topic		Replies	Views
Missing log lines when logging identical lines at the same time Grafana Loki loki	0	54	May 17, 2024
Grafana Missing Old Lines on Loki Datasource Grafana Loki	1	285	January 23, 2024
Promtail windows client missing log lines Grafana Loki	3	615	November 15, 2022
Loki log synchronization lost Grafana Loki loki	1	336	June 11, 2024
Duplicate log lines Grafana Loki loki	3	2589	July 28, 2021

Identical log lines missing

Related topics