Grafana Loki日志采集与查询实践

概述目标：以标签为核心进行日志索引与查询，使用Promtail收集主机/容器日志到Loki，低成本实现检索与聚合。适用：Kubernetes/VM混合环境日志、按服务/环境维度查询与告警。核心与实战Promtail配置示例：server: http_listen_port: 9080 grpc_listen_port: 0 clients: - url: http://loki:3100/loki/api/v1/push positions: filename: /tmp/positions.yaml scrape_configs: - job_name: varlogs static_configs: - targets: [localhost] labels: job: varlogs host: ${HOSTNAME} app: web __path__: /var/log/*.log pipeline_stages: - match: selector: '{app="web"}' stages: - regex: expression: '.*level=(?P<level>info|warn|error).*' - labels: level: value: "" # 由regex捕获赋值 Loki配置简要：auth_enabled: false server: http_listen_port: 3100 ingester: lifecycler: ring: kvstore: store: inmemory schema_config: configs: - from: 2020-10-24 store: boltdb-shipper object_store: filesystem schema: v11 index: prefix: index_ period: 24h storage_config: boltdb_shipper: active_index_directory: /tmp/loki/index cache_location: /tmp/loki/cache filesystem: directory: /tmp/loki/chunks 示例推送并查询：curl -G -s "http://loki:3100/loki/api/v1/query" --data-urlencode 'query={app="web"} |= "error"' 聚合统计：curl -G -s "http://loki:3100/loki/api/v1/query" --data-urlencode 'query=sum by (level) (count_over_time({app="web"}[5m]))' 验证与监控Promtail与Loki健康：curl -s http://promtail:9080/metrics | head curl -s http://loki:3100/ready 标签与查询命中：在Grafana中添加Loki数据源，使用Explore检索`{app="web"}`并查看标签展开。资源利用：观察chunk与index目录增长；按保留策略控制存储成本。常见误区过多/不稳定标签导致高基数与查询慢；需控制标签数量与稳定性。在`pipeline_stages`中过度解析大日志影响吞吐；必要时分级采集或限流。忽视保留与压缩策略导致磁盘膨胀；需设置索引周期与存储后端策略。结语Loki以标签化日志与按时间分片存储实现高效检索，结合Promtail与Grafana可在生产环境低成本落地日志聚合与分析。