PMA gebruikt Grafana Loki voor gecentraliseerde log aggregatie. Alloy verzamelt logs van alle containers en stuurt ze naar Loki. Dit document beschrijft de architectuur.
Loki is een horizontaal schaalbaar log aggregatie systeem:
| Feature | Beschrijving |
|---|---|
| Label-based | Indexeert alleen labels, niet content |
| Cost-effective | Minder storage dan Elasticsearch |
| Grafana native | Perfecte integratie |
| LogQL | Krachtige query taal |
Alloy (voorheen Promtail) verzamelt logs:
# Alle logs van een container
{container="asd-grafana"}
# Filter op level
{container="asd-n8n"} |= "error"
# Regex filter
{container="asd-postgres"} |~ "connection.*refused"
# Exclude pattern
{container="asd-authentik"} != "healthcheck"
# Parse JSON logs
{container="asd-n8n"} | json | level="error"
# Rate berekening
rate({container="asd-grafana"} |= "error" [5m])
# Top errors per container
topk(10, sum by (container) (rate({job="docker"} |= "error" [1h])))
http://localhost:3000/explore?left={"datasource":"Loki"}
| Dashboard | Beschrijving |
|---|---|
| Container Logs | Alle container logs |
| Error Overview | Error aggregatie |
| Request Logs | HTTP request logging |
# Errors per service (grafiek)
sum by (container) (
rate({job="docker"} |= "error" [$__interval])
)
# Slow queries (postgres)
{container="asd-postgres"} |~ "duration: [0-9]{4,}"
// alloy.config
// Docker discovery
discovery.docker "containers" {
host = "unix:///var/run/docker.sock"
}
// Log collection
loki.source.docker "docker" {
host = "unix:///var/run/docker.sock"
targets = discovery.docker.containers.targets
forward_to = [loki.write.default.receiver]
}
// Output to Loki
loki.write "default" {
endpoint {
url = "http://asd-loki:3100/loki/api/v1/push"
}
}
Standaard labels toegevoegd door Alloy:
| Label | Voorbeeld | Beschrijving |
|---|---|---|
container |
asd-grafana |
Container name |
compose_service |
grafana |
Compose service name |
compose_project |
docker |
Compose project |
filename |
/var/log/... |
Log file path |
stream |
stdout |
Output stream |
Loki bewaart logs volgens configuratie:
# loki-config.yaml
compactor:
retention_enabled: true
retention_delete_delay: 2h
limits_config:
retention_period: 30d
| Probleem | Oorzaak | Oplossing |
|---|---|---|
| Geen logs | Alloy niet running | just start alloy |
| Query timeout | Te breed query | Voeg time range toe |
| Missing labels | Discovery issue | Check Alloy config |
# Check Loki status
just health loki
# Alloy targets
curl http://localhost:12345/targets
# Direct Loki query
curl -G -s http://localhost:3100/loki/api/v1/labels