Send every matching log item to email or Slack (or other alert destination)?

jantman · September 15, 2024, 12:39pm

Every time Loki receives a log item that matches a given LogQL query, I’d like to send that line (the full text of it, ideally also with any/all labels) to… an alert destination. In my case, Slack and/or email.

I understand that neither Grafana Alerting nor Ruler can natively do this, as they all operate based on metrics rather than log items.

Can anyone recommend an existing tool that does this… ideally (though not strictly required) with the ability to leverage either Grafana Alerting or Prometheus Alertmanager to send the actual notification?

Failing that, are there any existing “popular” generic solutions for running a LogQL query on a regular interval (say, every minute or every 5 minutes) and then running arbitrary, user-defined code or commands for each matching log item?

tonyswumac · September 16, 2024, 10:11pm

You can do it with ruler, but it’s not straight forward or particularly neat, but adding the entire logline into a label, something like (not tested):

{SELECTOR} |= "FILTER_STRING" | label_format logline="{{ __line)) }}"

You can now use logline label in your alert body.

jantman · September 17, 2024, 9:10am

Thanks, Tony. I haven’t used Ruler before, but I’ll give that a try and see what I can come up with.

Topic		Replies	Views
Sending Log Contents With Alert Grafana Loki alerting	1	406	February 16, 2022
Alert on every log entry Grafana Loki alerting	7	5120	September 23, 2023
Output the entire log line in the Grafana e-mail notification Alerting alerting , logs	4	234	September 17, 2024
Using the logQL matched log line within my alert template for Alertmanager Grafana Loki	3	1059	July 2, 2022
Loki send alert when error message comes in log Grafana Loki alerting	9	10997	April 15, 2022

Send every matching log item to email or Slack (or other alert destination)?

Related topics