Hi all,
I have the following pipeline working: Syslog-ng logs > Grafana-Agents (behind an F5) > Loki Cluster and can query the logs in Grafana successfully.
- We filter the syslog data in syslog-ng to create log lines based on source device/application. How do I set up multi-tenants for Loki to store each syslog source in a separate index (ie Cisco ASA, palo alto, ect)?
- Is this even possible since the Grafana-agent is only listening on port 1514?
Current Agent config
server:
log_level: info
metrics:
global:
scrape_interval: 1m
wal_directory: ‘/var/lib/grafana-agent’
logs:
configs:
- name: default
positions:
filename: /tmp/positions.yaml
scrape_configs:- job_name: syslog_ng
syslog:
listen_address: 0.0.0.0:1514
labels:
job: syslog_ng
clients: - url: http://(hostname):3100/loki/api/v1/push
- job_name: syslog_ng
Thanks in advance!
Christine