diff --git a/loki/alloy/config.alloy b/loki/alloy/config.alloy deleted file mode 100644 index 9dc00ec..0000000 --- a/loki/alloy/config.alloy +++ /dev/null @@ -1,90 +0,0 @@ -// Grafana Alloy configuration -// Collects: -// 1. Syslog over UDP/TCP port 514 — for MikroTik RB5009 and other network gear -// 2. Docker container logs — for all containers on this host -// Forwards everything to Loki. - -// ── 1. SYSLOG RECEIVER ──────────────────────────────────────────────────────── -// Listens on 514 UDP and TCP. Point your MikroTik logging action at this host. - -loki.source.syslog "network_devices" { - listener { - address = "0.0.0.0:514" - protocol = "udp" - labels = { - job = "syslog", - source = "network", - } - } - listener { - address = "0.0.0.0:514" - protocol = "tcp" - labels = { - job = "syslog", - source = "network", - } - } - - // Forward to the relabeling stage below - forward_to = [loki.process.syslog_relabel.receiver] -} - -// Relabel syslog: promote the hostname field (sent by RouterOS) to a label -// so you can filter by device in Grafana with {host="RB5009"} etc. -loki.process "syslog_relabel" { - stage.labels { - values = { - host = "__syslog_message_hostname", - severity = "__syslog_message_severity", - facility = "__syslog_message_facility", - app = "__syslog_message_app_name", - } - } - forward_to = [loki.write.default.receiver] -} - - -// ── 2. DOCKER CONTAINER LOGS ───────────────────────────────────────────────── -// Tails logs from all Docker containers on this host. -// Adds container_name and image as labels for easy filtering. - -discovery.docker "containers" { - host = "unix:///var/run/docker.sock" -} - -// Relabel Docker metadata into useful Loki labels -discovery.relabel "docker_labels" { - targets = discovery.docker.containers.targets - - rule { - source_labels = ["__meta_docker_container_name"] - regex = "/(.*)" - target_label = "container" - } - rule { - source_labels = ["__meta_docker_container_log_stream"] - target_label = "stream" - } - rule { - source_labels = ["__meta_docker_image_name"] - target_label = "image" - } -} - -loki.source.docker "docker_logs" { - host = "unix:///var/run/docker.sock" - targets = discovery.relabel.docker_labels.output - labels = { job = "docker" } - forward_to = [loki.write.default.receiver] - relabel_rules = discovery.relabel.docker_labels.rules -} - - -// ── 3. LOKI WRITE TARGET ────────────────────────────────────────────────────── -// All sources above forward here. - -loki.write "default" { - endpoint { - url = "http://loki:3100/loki/api/v1/push" - } -} diff --git a/loki/config/alloy.alloy b/loki/config/alloy.alloy deleted file mode 100644 index a58168a..0000000 --- a/loki/config/alloy.alloy +++ /dev/null @@ -1,89 +0,0 @@ -// Grafana Alloy configuration -// Collects: -// 1. Syslog over UDP/TCP port 514 — for MikroTik RB5009 and other network gear -// 2. Docker container logs — for all containers on this host -// Forwards everything to Loki. - -// ── 1. SYSLOG RECEIVER ──────────────────────────────────────────────────────── -// Listens on 514 UDP and TCP. Point your MikroTik logging action at this host. - -loki.source.syslog "network_devices" { - listener { - address = "0.0.0.0:5140" - protocol = "udp" - syslog_format = "rfc3164" - labels = { - job = "syslog", - source = "network", - } - } - listener { - address = "0.0.0.0:5140" - protocol = "tcp" - syslog_format = "rfc3164" - labels = { - job = "syslog", - source = "network", - } - } - forward_to = [loki.process.syslog_relabel.receiver] -} - - -// Enrich syslog entries with a hostname label extracted from the syslog message -loki.process "syslog_relabel" { - forward_to = [loki.write.local_loki.receiver] - - stage.labels { - values = { - // These internal __syslog_message_ labels are created by the source component - hostname = "__syslog_message_hostname", - app = "__syslog_message_app_name", - severity = "__syslog_message_severity", - facility = "__syslog_message_facility", - } - } -} - -// ── 2. DOCKER CONTAINER LOGS ───────────────────────────────────────────────── -// Tails logs from all Docker containers on this host. -// Adds container name and image as labels for easy filtering. - -discovery.docker "containers" { - host = "unix:///var/run/docker.sock" -} - -// Relabel Docker metadata into useful Loki labels. -discovery.relabel "docker_labels" { - targets = discovery.docker.containers.targets - - rule { - source_labels = ["__meta_docker_container_name"] - regex = "/(.*)" - target_label = "container" - } - rule { - source_labels = ["__meta_docker_container_log_stream"] - target_label = "stream" - } - rule { - source_labels = ["__meta_docker_image_name"] - target_label = "image" - } -} - -loki.source.docker "docker_logs" { - host = "unix:///var/run/docker.sock" - targets = discovery.relabel.docker_labels.output - labels = { job = "docker" } - forward_to = [loki.write.local_loki.receiver] -} - - -// ── 3. LOKI WRITE TARGET ────────────────────────────────────────────────────── - -loki.write "local_loki" { - endpoint { - url = "http://loki:3100/loki/api/v1/push" - } -} diff --git a/loki/config/alloy.original b/loki/config/alloy.original deleted file mode 100644 index 8161b0e..0000000 --- a/loki/config/alloy.original +++ /dev/null @@ -1,98 +0,0 @@ -// Alloy configuration -// Collects: (1) Docker container logs, (2) Syslog from network devices (MikroTik etc.) -// Pushes everything to local Loki instance. - -// ── Loki destination ────────────────────────────────────────────────────────── -loki.write "local_loki" { - endpoint { - url = "http://loki:3100/loki/api/v1/push" - } -} - -// ── Docker container log collection ────────────────────────────────────────── -// Discovers all running containers and tails their logs automatically. -// New containers are picked up without restarting Alloy. - -discovery.docker "containers" { - host = "unix:///var/run/docker.sock" -} - -discovery.relabel "docker_labels" { - targets = discovery.docker.containers.targets - - // Use container name as the job label (strips the leading slash Docker adds) - rule { - source_labels = ["__meta_docker_container_name"] - regex = "/(.*)" - target_label = "container" - } - - // Carry through the Docker Compose service name if present - rule { - source_labels = ["__meta_docker_container_label_com_docker_compose_service"] - target_label = "service" - } - - // Carry through the Docker Compose project name if present - rule { - source_labels = ["__meta_docker_container_label_com_docker_compose_project"] - target_label = "compose_project" - } - - rule { - target_label = "source" - replacement = "docker" - } -} - -loki.source.docker "docker_logs" { - host = "unix:///var/run/docker.sock" - targets = discovery.relabel.docker_labels.output - forward_to = [loki.write.local_loki.receiver] - relabeling { - source_labels = ["__meta_docker_container_name"] - regex = "/(.*)" - target_label = "container" - } -} - -// ── Syslog receiver (MikroTik RB5009 and other network devices) ────────────── -// Listens on UDP 514 and TCP 514. -// On your RB5009, set the remote logging action to point at this host's IP. - -loki.source.syslog "network_syslog" { - listener { - address = "0.0.0.0:514" - protocol = "udp" - labels = { - source = "syslog", - job = "network_devices", - } - } - listener { - address = "0.0.0.0:514" - protocol = "tcp" - labels = { - source = "syslog", - job = "network_devices", - } - } - - forward_to = [loki.process.syslog_relabel.receiver] -} - -// Enrich syslog entries with a hostname label extracted from the syslog message -loki.process "syslog_relabel" { - forward_to = [loki.write.local_loki.receiver] - - stage.syslog {} // Parses RFC3164/RFC5424 syslog and extracts hostname, app, facility, severity - - stage.labels { - values = { - hostname = "hostname", // Extracted by stage.syslog - app = "app_name", // e.g. "dhcp", "firewall", "interface" on RouterOS - severity = "severity", - facility = "facility", - } - } -} diff --git a/loki/config/grafana-datasources.yml b/loki/config/grafana-datasources.yml deleted file mode 100644 index f8319e7..0000000 --- a/loki/config/grafana-datasources.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Grafana datasource provisioning -# Automatically configures Loki as a datasource on first startup. -# No manual setup needed in the Grafana UI. - -apiVersion: 1 - -datasources: - - name: Loki - type: loki - access: proxy - url: http://loki:3100 - isDefault: true - editable: false - jsonData: - maxLines: 5000 - timeout: 60 diff --git a/loki/config/loki.yml b/loki/config/loki.yml deleted file mode 100644 index d50250d..0000000 --- a/loki/config/loki.yml +++ /dev/null @@ -1,58 +0,0 @@ -# Loki configuration - single binary mode, suitable for homelab scale -# Docs: https://grafana.com/docs/loki/latest/configuration/ - -auth_enabled: false - -server: - http_listen_port: 3100 - grpc_listen_port: 9096 - log_level: warn - -common: - instance_addr: 127.0.0.1 - path_prefix: /loki - storage: - filesystem: - chunks_directory: /loki/chunks - rules_directory: /loki/rules - replication_factor: 1 - ring: - kvstore: - store: inmemory - -schema_config: - configs: - - from: 2024-01-01 - store: tsdb - object_store: filesystem - schema: v13 - index: - prefix: index_ - period: 24h - -# ── Retention ───────────────────────────────────────────────────────────────── -# Adjust these to suit your disk space. 90 days is a good starting point for -# homelab troubleshooting — long enough to catch recurring issues. -limits_config: - retention_period: 90d - reject_old_samples: true - reject_old_samples_max_age: 168h # 7 days — increase if needed - ingestion_rate_mb: 4 - ingestion_burst_size_mb: 8 - -compactor: - working_directory: /loki/compactor - retention_enabled: true - retention_delete_delay: 2h - delete_request_store: filesystem - -# ── Query performance ───────────────────────────────────────────────────────── -query_range: - results_cache: - cache: - embedded_cache: - enabled: true - max_size_mb: 100 - -ruler: - alertmanager_url: http://localhost:9093 diff --git a/loki/grafana/provisioning/datasources/loki.yml b/loki/grafana/provisioning/datasources/loki.yml deleted file mode 100644 index c441aa3..0000000 --- a/loki/grafana/provisioning/datasources/loki.yml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: 1 - -datasources: - - name: Loki - type: loki - access: proxy - url: http://loki:3100 - isDefault: true - editable: false - jsonData: - maxLines: 5000 - # Derive fields let you turn log content into clickable links. - # This example makes trace IDs in logs clickable — remove if not needed. - derivedFields: - - name: TraceID - matcherRegex: "traceID=(\\w+)" - url: "" diff --git a/loki/loki/loki-config.yml b/loki/loki/loki-config.yml deleted file mode 100644 index ceea9ac..0000000 --- a/loki/loki/loki-config.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Loki configuration — single-binary mode, suitable for homelab scale -# Stores data in the local filesystem via the 'loki-data' Docker volume - -auth_enabled: false - -server: - http_listen_port: 3100 - grpc_listen_port: 9096 - log_level: warn - -common: - instance_addr: 127.0.0.1 - path_prefix: /loki - storage: - filesystem: - chunks_directory: /loki/chunks - rules_directory: /loki/rules - replication_factor: 1 - ring: - kvstore: - store: inmemory - -# How long to keep logs. Adjust to taste. -# 90 days is generous but reasonable for a homelab — tune down if disk is tight. -limits_config: - retention_period: 90d - reject_old_samples: true - reject_old_samples_max_age: 168h # 7 days — increase if needed - # Reject log lines larger than 256KB (protects against runaway logging) - max_line_size: 256KB - -schema_config: - configs: - - from: 2024-01-01 - store: tsdb - object_store: filesystem - schema: v13 - index: - prefix: index_ - period: 24h - -compactor: - working_directory: /loki/compactor - # Enables the retention policy above - retention_enabled: true - retention_delete_delay: 2h - delete_request_store: filesystem - -query_range: - results_cache: - cache: - embedded_cache: - enabled: true - max_size_mb: 100 - -ruler: - alertmanager_url: http://localhost:9093