Loki Stack Flashcards
What is Logstash Encoder?
Logstash encoder is a tool to provide encoders, layouts, and appenders to store logs in JSON or other formats. It can customize the output of logging.
Why is JSON logging useful?
Text data is unstructured, so it may be harder and slower to query. The structure of a JSON log allows it to be more machine readable, as it allows logs to be searched by using key-value pairs.
What is Promtail?
Promtail is an agent which ships the contents of local logs to a private Grafana Loki instance or Grafana Cloud. Promtail is usually deployed to every machine with applications that need to be monitored.
Promtail can tail logs from what two sources?
- Local log files.
- Systemd journal
What is log file discovery?
A Promtail feature. Discovering the applications that are emitting log lines to files that need to be monitored.
What is the Loki Push API?
A Promtail feature which allows Promtail to be configured to receive logs from another Promtail or any Loki client. It can be configured with the loki_push_api scrape config.
What is the Labeling and Parsing feature of Promtail?
Promtail determines metadata that can be attached to a log line that may allow for easier identification in log querying.
What is Shipping in Promtail?
Shipping is when Promtail tails a log, continuously reading the data as it is added to log files, and automatically sends batches of log data to Loki.
What are two api endpoints that Promtail provides?
- GET /ready
Returns 200 when Promtail is running and there is at least one working target. - GET /metrics
Returns Promtail metrics for Prometheus.
What is Loki?
A log aggregation system designed to store and query logs from all your applications and infrastructure.
True or False: Prometheus was inspired by Loki.
False: Loki was inspired by Prometheus.
True or False: Promtail is deployed as a daemon to every local machine.
True. This limits Promtail’s service discovery mechanism, as it cannot discover labels from other machines.
What does it mean for Loki to be a “multi-tenant” log aggregation system?
Multiple tenants (authenticated users) can use the same Loki instance. Tenant data is kept separate. This allows multiple development teams to use the same pool of logs without the sharing of confidential information across tenants.
What does it mean for Loki to be horizontally scalable?
All of Loki’s components can be run as separate microservices. These microsevices can be individually configured to scale-up.
Which part of the logs does Loki index?
Loki only indexes the labels/metadata of the logs. Loki does not index the log content.