Skip to main content
Version: 3.8

loki-logger

Description#

The loki-logger plugin is used to forward logs to Grafana Loki for analysis and storage.

When the Plugin is enabled, APISIX will serialize the request context information to Log entries in JSON and submit it to the batch queue. When the maximum batch size is exceeded, the data in the queue is pushed to Grafana Loki. See batch processor for more details.

Attributes#

NameTypeRequiredDefaultDescription
endpoint_addrsarray[string]TrueLoki API base URL, format like http://127.0.0.1:3100, supports HTTPS and domain names. If multiple endpoints are configured, they will be written randomly.
endpoint_uristringFalse/loki/api/v1/pushIf you are using a log collection service that is compatible with the Loki Push API, you can use this configuration item to customize the API path.
tenant_idstringFalsefakeLoki tenant ID. According to Loki's multi-tenancy documentation, its default value is set to the default value fake under single-tenancy.
log_labelsobjectFalse{job = "apisix"}Loki log label. APISIX variables and Nginx variables can be used by prefixing the string with $, both individual and combined, such as $host or $remote_addr:$remote_port.
ssl_verifybooleanFalsetrueWhen set to true, verifies the SSL certificate.
timeoutintegerFalse3000msTimeout for the Loki service HTTP call. Range from 1 to 60,000ms.
keepalivebooleanFalsetrueWhen set to true, keeps the connection alive for multiple requests.
keepalive_timeoutintegerFalse60000msIdle time after which the connection is closed. Range greater than or equal than 1000ms.
keepalive_poolintegerFalse5Connection pool limit. Range greater than or equal than 1.
log_formatobjectFalseLog format declared as key value pairs in JSON format. Values only support strings. APISIX variables and Nginx variables can be used by prefixing the string with $.
include_req_bodybooleanFalsefalseWhen set to true includes the request body in the log. If the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitations.
include_req_body_exprarrayFalseFilter for when the include_req_body attribute is set to true. Request body is only logged when the expression set here evaluates to true. See lua-resty-expr for more.
include_resp_bodybooleanFalsefalseWhen set to true includes the response body in the log.
include_resp_body_exprarrayFalseFilter for when the include_resp_body attribute is set to true. Response body is only logged when the expression set here evaluates to true. See lua-resty-expr for more.

This plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every 5 seconds or when the data in the queue reaches 1000. See Batch Processor for more information or setting your custom configuration.

Metadata#

You can also set the format of the logs by configuring the Plugin metadata. The following configurations are available:

NameTypeRequiredDefaultDescription
log_formatobjectFalseLog format declared as key value pairs in JSON format. Values only support strings. APISIX variables and Nginx variables can be used by prefixing the string with $.
IMPORTANT

Configuring the plugin metadata is global in scope. This means that it will take effect on all Routes and Services which use the loki-logger plugin.

The example below shows how you can configure through the Admin API:

curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/loki-logger -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"log_format": {
"host": "$host",
"@timestamp": "$time_iso8601",
"client_ip": "$remote_addr"
}
}'

With this configuration, your logs would be formatted as shown below:

{"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","route_id":"1"}
{"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","route_id":"1"}

Enable plugin#

The example below shows how you can enable the loki-logger plugin on a specific Route:

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"plugins": {
"loki-logger": {
"endpoint_addrs" : ["http://127.0.0.1:3100"]
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}'

Example usage#

Now, if you make a request to APISIX, it will be logged in your Loki server:

curl -i http://127.0.0.1:9080/hello

Delete the plugin#

When you need to remove the loki-logger plugin, you can delete the corresponding JSON configuration with the following command and APISIX will automatically reload the relevant configuration without restarting the service:

curl http://127.0.0.1:9180/apisix/admin/routes/1  -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uri": "/hello",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'

FAQ#

Logs are not pushed properly#

Look at error.log for such a log.

2023/04/30 13:45:46 [error] 19381#19381: *1075673 [lua] batch-processor.lua:95: Batch Processor[loki logger] failed to process entries: loki server returned status: 401, body: no org id, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:9081

The error can be diagnosed based on the error code in the failed to process entries: loki server returned status: 401, body: no org id and the response body of the loki server.

Getting errors when RPS is high?#

  • Make sure to keepalive related configuration is set properly. See Attributes for more information.

  • Check the logs in error.log, look for such a log.

    2023/04/30 13:49:34 [error] 19381#19381: *1082680 [lua] batch-processor.lua:95: Batch Processor[loki logger] failed to process entries: loki server returned status: 429, body: Ingestion rate limit exceeded for user tenant_1 (limit: 4194304 bytes/sec) while attempting to ingest '1000' lines totaling '616307' bytes, reduce log volume or contact your Loki administrator to see if the limit can be increased, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:9081
    • The logs usually associated with high QPS look like the above. The error is: Ingestion rate limit exceeded for user tenant_1 (limit: 4194304 bytes/sec) while attempting to ingest '1000' lines totaling '616307' bytes, reduce log volume or contact your Loki administrator to see if the limit can be increased.

    • Refer to Loki documentation to add limits on the amount of default and burst logs, such as ingestion_rate_mb and ingestion_burst_size_mb.

      As the test during development, setting the ingestion_burst_size_mb to 100 allows APISIX to push the logs correctly at least at 10000 RPS.