Good afternoon. I have a container on proxmox with a loki server, it is necessary to collect nginx logs through the promtoil agent. Everything works well from one machine - it is taken, parsed (300-500mb per day on this server). The problem occurs when connecting the second server (9-10GB per day) - errors 429 occur - maximum active stream limit exceeded? reduce the number of active streams… For a long time I have already tried big limits and small ones, I can’t win in any way.
Loki put from github.
How do I set limits and configure streams, because nothing works with documentation.
My loki config is local-config.yaml:
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9095
http_server_read_timeout: 310s
http_server_write_timeout: 310s
grpc_server_max_recv_msg_size: 9663676416
grpc_server_max_send_msg_size: 9663676416
grpc_server_max_concurrent_streams: 0
common:
path_prefix: /tmp/loki
storage:
filesystem:
chunks_directory: /tmp/loki/chunks
rules_directory: /tmp/loki/rules
replication_factor: 1
ring:
instance_addr:
kvstore:
store: inmemory
ingester:
lifecycler:
address: localhost
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 15m
chunk_target_size: 1572864
chunk_retain_period: 0s
chunk_encoding: snappy
max_chunk_age: 12h
max_transfer_retries: 0
query_range:
results_cache:
cache:
embedded_cache:
enabled: true
max_size_mb: 100
ttl: 2h
schema_config:
configs:
- from: 2020-11-01
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_loki
period: 24h
storage_config:
boltdb_shipper:
active_index_directory: /tmp/loki/boltdb-shipper-active
cache_location: /tmp/loki/boltdb-shipper-cache
cache_ttl: 24h
compactor:
working_directory: /tmp/loki/boltdb-shipper-compactor
shared_store: filesystem
compaction_interval: 10m
retention_enabled: true
retention_delete_delay: 120h
retention_delete_worker_count: 150
delete_request_cancel_period: 120
limits_config:
max_entries_limit_per_query: 5000
max_streams_per_user: 100000
max_chunks_per_query: 200000
reject_old_samples: true
reject_old_samples_max_age: 24h
ingestion_rate_mb: 1000
ingestion_burst_size_mb: 1500
retention_period: 120h
max_query_lookback: 5d
max_query_series: 100000
per_stream_rate_limit: “512MB”
per_stream_rate_limit_burst: “1024MB”
max_global_streams_per_user: 524288000
frontend:
max_outstanding_per_tenant: 10000
compress_responses: true
ingester_client:
grpc_client_config:
max_send_msg_size: 9663676416
query_scheduler:
max_outstanding_requests_per_tenant: 10000
grpc_client_config:
max_send_msg_size: 9663676416
table_manager:
retention_deletes_enabled: true
retention_period: 120h
ruler:
storage:
type: local
local:
directory: /tmp/loki/rules
rule_path: /tmp/loki/rules-temp
alertmanager_url: http://loki.test.com:9093
enable_alertmanager_v2: true
My promtail.yaml config:
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
sync_period: 10s
ignore_invalid_yaml: false
clients:
- url: http: // loki.test.com :3100/loki/api/v1/push
scrape_configs:
-
job_name: nginx
static_configs:- targets:
- <server_with_logs>
labels:
job: nginx_log
path: /var/log/nginx/*log
- <server_with_logs>
pipeline_stages:
- match:
selector: ‘{job=“nginx_log”}’
stages:- regex:
expression: ‘^(?P<time_local>[^ ]+.)\s+[(?P<error_type>.+)].((?P.+).\sclient:)\s(?P<client_ip>.+).\sserver:\s(?P.+).\srequest:\s"(?P<request_method>[\w])\s(?P<request_uri>[^ ])\s(?P<http_version>[^ ])“.\shost:\s”(?P.+)"$’ - regex:
expression: ‘^“(?P<time_local>.)"\sclient=(?P<client_ip>.+)\smethod=(?P<request_method>.)\srequest=”(?P[^ ]\s[^ ])\s(?P<http_version>[^ ])"\srequest_length=(?P<request_length>[^ ])\sstatus=(?P<response_status>[^ ])\sbytes_sent=(?P<bytes_sent>[^ ])\sbody_bytes_sent=(?P<body_bytes_sent>[^ ])\sreferer=(?P<http_referer>[^ ])\suser_agent=“(?P<http_user_agent>.+)”\supstream_addr=(?P<upstream_server>[^ ])\supstream_status=(?P<upstream_status>[^ ])\srequest_time=(?P<request_time>[\d.])\supstream_response_time=(?P<response_time>[\d.])\supstream_connect_time=(?P<upstream_connect_time>[\d.])\supstream_header_time=(?P<upstream_header_time>[\d.])$’ - labels:
time_local:
client_ip:
request:
response_status:
upstream_status:
request_time:
response_time:
error_type:
errormessage:
- regex:
- targets:
My logrotate config:
/var/log/nginx/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 cat /var/run/nginx.pid
fi
endscript
}