Hi,
The promtail is not sent to Loki the fields in a parsed way, so in Loki’s UI I can’t search for a specific field.
I did the installation on loki+promtail using the loki-stack chart.
I already tried to add a json in the pipelineStages but nothing changed. (promtail).
Could someone help me to make this work?
welcome @aloisiobilck !
I’m not sure what you mean by promtail not sending the records in a “parsed” way, maybe you can share your promtail configuration and say what the issue is with that?
If logs are sent to loki as pure text (but they’re actually json) that is no problem. You can always use a LogQL query with the json parser expression to turn any text into JSON and then work with it in a structured way from within Loki.
I’m not sure I understood what you meant by adding json to pipelineStages in promtail. But certainly you could do a logql query that adds json to the logql processing pipeline, please give that a shot. If I’ve misunderstood or that doesn’t work, it might be best to ask a more specific question around that error.
Hi @davidallen5,
Thanks for answering.
Let me try to explain better. We currently use graylog + fluentbit. In fluent-bit we have configuration that send the logs already with the Kubernetes fields.
I tested the promtail with the original chart configuration.
loki:
config:
snippets:
pipelineStages:
- cri: {}
One of the settings I used was this:
loki:
config:
snippets:
pipelineStages:
- cri: {}
- json:
expressions:
level: level
message: message
timestamp: timestamp
context: context
- timestamp:
format: RFC3339
source: timestamp
- labels:
level:
context:
- output:
source: message
My logs are in json format by default.
I wanted the Kubernetes fields to be shown on Loki without the need to use the json parser in the UI. Did you understand?
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.