Searching through application logs is a critical part of any operations team. And as the Cloud Native ecosystem grows and evolves, more modern approaches for this use case are emerging.
\n\n
The thing about retaining logs is that the storage requirements can get big. REALLY big.
\n\n
One of the most common log search and indexing tools is ElasticSearch. ElasticSearch is exceptionally good at finding a needle in the haystack (e.g. When did the string \"Error message #123\" occur in any copy of application X on March 17th). It does this by indexing the contents of the log message which can significantly increase your storage consumption.
\n
The enthusiastic team at Grafana created Loki to address this problem. Instead of indexing the full log message, Loki only indexes the metadata (e.g. label, namespace, etc.) of the log, significantly reducing your storage needs. You can still search for the content of the log messages with LogQL, but it's not indexed.
\n\n
The UI for Loki is Grafana, which you might already be familiar with if you're using Prometheus. For details on getting started with Grafana and Prometheus, see Aaron Wislang's post on Using Azure Kubernetes Service with Grafana and Prometheus.
\n\n
Getting started with Loki on Azure Kubernetes Service (AKS) is pretty easy. These instructions are inspired by the official Loki Getting Started steps with some modifications streamlined for AKS.
\n\n
\n
# Set some starter env-vars\nAKS_RG=loki-rg\nAKS_LOCATION=southcentralus\nAKS_NAME=loki-aks\n\n# Create the AKS cluster\naz group create -n $AKS_RG -l $AKS_LOCATION\naz aks create -n $AKS_NAME -g $AKS_RG\naz aks get-credentials -n $AKS_NAME -g $AKS_RG\n\n\n# Helm update and install\nhelm repo add grafana https://grafana.github.io/helm-charts\nhelm repo update\n\n# Create a Helm release of Loki with Grafana + Prometheus using a PVC\n# NOTE: This diverges from the Loki docs as it uses storageClassName=default instead of \"standard\" \nhelm upgrade --install loki grafana/loki-stack --namespace grafana --set grafana.enabled=true,prometheus.enabled=true,prometheus.alertmanager.persistentVolume.enabled=false,prometheus.server.persistentVolume.enabled=false,loki.persistence.enabled=true,loki.persistence.storageClassName=default,loki.persistence.size=5Gi\n\n# The Helm installation uses a non-default password for Grafana. This command fetches it.\n# Should look like gtssNbfacGRYZFCa4f3CFmMuendaZzrf9so9VgLh\nkubectl get secret loki-grafana -n grafana -o jsonpath=\"{.data.admin-password}\" | base64 --decode ; echo\n\n# Port-forward from the Grafana service (port 80) to your desktop (port 3000)\nkubectl port-forward -n grafana svc/loki-grafana 3000:80\n\n# In your browser, go to http://127.0.0.1:3000/\n# User: admin\n# Password: Output of the \"kubectl get secret\" command. \n\nNow you're ready to start exploring Loki!
\n\n
We'll start by using Loki to look at Loki's own logs.
\n- \n
- \n
Hover over the \"Explore\" icon (Looks like a compass)
\n\n
\n \n - \n
Select \"Loki\" from the Data Sources menu
\n\n
\n \n - \n
Click \"Log Browser\", which will open up a panel
\n \n - \n
Under \"1. Select labels to search in\", click \"app\"
\n \n - \n
Under \"2. Find values for the selected labels\", click \"loki\"
\n \n - \n
Under \"3. Resulting selector\", click \"Show logs\"
\n \n
You should now have a view of the Loki logs as such:
\n\n\n
Congrats! You've now created an AKS cluster, deployed Loki and Grafana on it, exposed the Grafana endpoint to your desktop and browsed Loki logs using Loki.
\n\n
When you're ready to clean up the Azure resources, run the following command which will delete everything in your resource group and avoid ongoing billing for these resources. This will remove the AKS cluster and the instance of Loki running inside.
\n\n
az aks delete -n $AKS_NAME -g $AKS_RG