Loki send alert when error message comes in log

I have nginx running in one ec2 instance and promtail is installed on that server, which sends logs to loki, which is running in another instance. I’m able to add loki as data source in grafana
and check live logs, query results and all. But I want to receive alert when some error message comes in nginx-logs, I have metrics monitoring and alerting active using prometheus and grafana.
Any reference or step by step document on implementing alerting for loki using alertmanager would help

I’m new to Loki, but this sounds very much like one of the use cases I hope to implement soon. You might want to look at Ruler for this sort of functionality: Alerting | Grafana Labs

Eager to read what others suggest! :slight_smile:

I was able to get alert based on rate of error, using old implementation of using grafana notification alert rules, but in this implementation I’m not able have dynamic labels and I want to even get which line triggered this alert ( error message in log) in email notification?
@torkel can you please add more details on loki 2.0-alertmanager configuration, because ruler config along with alert-rules is not sending alerts to alertmanager, any detailed video/guide can help.

Can anyone please guide me on this.

The link @jlj77 provided is probably the best source for getting Loki working with a ruler. The alertmanager itself is just the Prometheus Alertmanager so you can search for any guides on how to best set that up in the Prometheus docs or other sources!

@ewelch I followed that configuration, restarted all the services ( prometheus, loki, alertmanager ) it didn’t work, I didn’t get notification. I’m attaching my config as well, we used loki as it had single store configuration now and went prod live, but now we are stuck in alerts, Any quick solution could help us.
Here are my configs:


enforce_metric_name: false
reject_old_samples: true
reject_old_samples_max_age: 168h

max_look_back_period: 0s

retention_deletes_enabled: false
retention_period: 0s

type: local
directory: /usr/local/bin/rules/
rule_path: /tmp/loki/rules-temp
alertmanager_url: http://localhost:9093
store: inmemory
enable_api: true



  • name: example
    • alert: HighThroughputLogStreams
      expr: (rate({job=“test”}|=“debug” [1m])) > 0
      for: 1m
      severity: critical
      summary: High error from server rule


added alerts file


  • “alert.rules.yml”
  • “loki-alerts.yml”

@ewelch Can you please check, if I did any mistake in my config? I followed same guide https://grafana.com/docs/loki/latest/alerting/

Just found a solution with the same problem on my test environment.
Check ruler.storage.local.directory parameter description here Alerting | Grafana Labs. Put your rule files in the subdirectory /usr/local/bin/rules/YourTenantID or fake if you run loki as single instance (“auth_enabled: false” in local-loki-config.yml). After this you will see a log entry ‘caller=mapper.go:139 msg=“updating rule file” file=/tmp/loki/rules-temp/fake/rulefile.yaml’.
Hope, it is the solution.

Try to set “for” less than the “rate” period. I hope it’ll help.