I have working configuration in Promtail which processes syslog messages and forwards to loki.
The configuration snippet is like this
scrapeConfigs: |
- job_name: syslog1
syslog:
listen_address: 0.0.0.0:1514
listen_protocol: tcp
idle_timeout: 60s
label_structured_data: yes
labels:
job: syslog1
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'hostname'
- source_labels: ['__syslog_message_app_name']
target_label: 'app_name'
It works but I have messages of length greater than 8192 it throws following error
level=warn ts=2024-12-06T18:45:36.960685886Z caller=syslogtarget.go:105 msg="error parsing syslog stream" err="message too long to parse. was size 9305, max length 8192"
Can limit be increased in promtail? If no I guess I need to change to Alloy.
I am sure there is a way here
Will this Work?
Also I am curious to know whether this unparsed data will ever reach reach to Loki?