Loki and Promtail


Install Loki

cd /usr/local/bin

sudo curl -O -L “https://github.com/grafana/loki/releases/download/v2.0.0/loki-linux-amd64.zip”

unzip loki-linux-amd64.zip

And allow the execute permission on the Loki binary 

sudo chmod a+x loki 

sudo nano config-loki.yml 

SAMPLE config files are here

wget https://raw.githubusercontent.com/grafana/loki/master/cmd/loki/loki-local-config.yaml

wget https://raw.githubusercontent.com/grafana/loki/master/cmd/promtail/promtail-local-config.yaml

Start Loki

./loki-linux-amd64 -config.file=loki-local-config.yaml

Loki as a service

sudo nano /etc/systemd/system/loki.service


Description=Loki service 





ExecStart=/usr/local/bin/loki -config.file /usr/local/bin/config-loki.yml 



$sudo service loki start

$sudo service loki status

$sudo curl localhost:3100/ready , check if loki is ready


cd /usr/local/bin 

sudo  curl -O -L "https://github.com/grafana/loki/releases/download/v2.0.0/promtail-linux-amd64.zip"                         

sudo unzip promtail-linux-amd64.zip 

allow the execute permission on the Promtail binary

$sudo chmod a+x promtail

Promtail config

$sudo nano config-promtail.yml

Promtail as a service

Now we will configure Promtail as a service so that we can keep it running in the background.

Create a file called promtail.service

$sudo nano /etc/systemd/system/promtail.service

And add this script, if u are using vagrant replace promtail user with vagrant


Description=Promtail service 





ExecStart=/usr/local/bin/promtail -config.file /usr/local/bin/config-promtail.yml 



sudo service promtail start

sudo service promtail status

usermod -a -G systemd-journal promtail

If you ever need to stop the new Promtail service, then type

sudo service promtail stop

sudo service promtail status

Grafana integration with Loki

Login to grafana URL :

Create a new Data Source in the Grafana User Interface, and select

Name : Loki URL :

Note : If you installed Loki on a different server than your local Grafana

server, then the address will be different. eg,


Leave everything else default.

Then, visit the Explore menu option on the left.

Select Loki as the Data Source

And in the Log labels text area, try these LogQL examples one by one


{job=“mysql”} |= “error”

{name=“kafka”} |~ "tsdb-ops.*io:2003"

{name=“cassandra”} |~ error=\w+

{instance=~“kafka-[23]”,name=“kafka”} != “kafka.server:type=ReplicaManager”

Get the top 10 applications by the highest log throughput:

topk(10,sum(rate({region="us-east1"}[5m])) by (name))

Get the count of logs for the last five minutes, grouping by level:

sum(count_over_time({job="mysql"}[5m])) by (level)

Get the rate of HTTP GET of /home requests from NGINX logs by region:

avg(rate(({job="nginx"} |= "GET" | json | path="/home")[10s])) by (region)

This example counts all the log lines within the last five minutes for the MySQL job.

sum by (host) (rate({job="mysql"} |= "error" != "timeout" | json | duration > 10s [1m]))

This will add a dummy test message to log

echo 'abc123 this is a fake error def678' | systemd-cat 

These writings represent my own personal views alone.
Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.