How to Install Grafana Loki on Your Linux System

Image of technicians configuring Grafana Loki on Linux in a datacenter environment

Log aggregation and monitoring capabilities is crucial for managing our customer’s dedicated cloud server systems at IOFLOOD. While evaluating possible solutions we found that Grafana Loki, with its lightweight and scalable log aggregation system, can provide valuable insights into system logs and metrics. This article provides details on installing Grafana Loki on Linux, to assist our customers and fellow developers in gaining visibility into log data.

In this tutorial, we will guide you on how to install the Grafana Loki command on your Linux system. We will delve into compiling Grafana Loki from source, installing a specific version, and finally, how to use the Grafana Loki command and ensure it’s installed correctly.

So, let’s dive in and begin installing Grafana Loki on your Linux system!

TL;DR: How Do I Install Grafana Loki on Linux?

To install Grafana Loki on Debian-based systems like Ubuntu, use sudo apt-get install loki. For RPM-based systems like CentOS, use sudo yum install loki. You can also install Grafana Loki by first downloading the binary from the Loki GitHub repository, then configuring Loki, and finally starting the Loki server.

Here’s a basic example of how you might do this:

# Download Loki binary
wget https://github.com/grafana/loki/releases/download/v2.4.1/loki-linux-amd64.zip

# Unzip the downloaded file
unzip loki-linux-amd64.zip

# Configure Loki (this is a basic configuration, your needs may vary)
cat << EOF > loki-local-config.yaml
auth_enabled: false

server:
  http_listen_port: 3100

ingester:
  lifecycler:
    address: 127.0.0.1
    ring:
      kvstore:
        store: inmemory
      replication_factor: 1
    final_sleep: 0s
  chunk_idle_period: 1h       # Any chunk not receiving new logs in this time will be flushed
  max_chunk_age: 1h           # All chunks will be flushed when they hit this age, default is 1h
  chunk_target_size: 1048576  # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first
  chunk_retain_period: 30s    # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m)
  max_transfer_retries: 0     # Chunk transfers disabled

schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v11
      index:
        prefix: index_
        period: 24h

storage_config:
  boltdb_shipper:
    active_index_directory: /loki/boltdb-shipper-active
    cache_location: /loki/boltdb-shipper-cache
    cache_ttl: 24h         # Can be increased for faster performance over longer query periods, uses more disk space
    shared_store: filesystem
  filesystem:
    directory: /loki/chunks

compactor:
  working_directory: /loki/boltdb-shipper-compactor
  shared_store: filesystem

limits_config:
  reject_old_samples: true
  reject_old_samples_max_age: 168h

chunk_store_config:
  max_look_back_period: 0s

table_manager:
  retention_deletes_enabled: false
  retention_period: 0s
EOF

# Start Loki server
./loki-linux-amd64 -config.file=loki-local-config.yaml

# Output:
# level=info ts=2022-03-01T12:00:00.123456789Z caller=main.go:130 msg="Starting Loki" version="(version=2.4.1, branch=HEAD, revision=abcdef1)"
# level=info ...

This is a basic way to install Grafana Loki on Linux, but there’s much more to learn about installing and using Grafana Loki. Continue reading for more detailed information, advanced installation options, and troubleshooting tips.

Getting Started with Grafana Loki

Grafana Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be cost-effective and easy to operate, as it does not index the content of the logs but rather a set of labels for each log stream. Loki is like Prometheus, but for logs, making both logs and metrics available in a single, unified platform.

Installing Grafana Loki with APT

For distributions like Ubuntu and Debian, you can use the APT package manager to install Grafana Loki. Here’s a step-by-step guide on how to do it:

# Update your APT package lists
sudo apt update

# Install unzip if it's not installed already
sudo apt install unzip

# Download Loki binary
wget https://github.com/grafana/loki/releases/download/v2.4.1/loki-linux-amd64.zip

# Unzip the downloaded file
unzip loki-linux-amd64.zip

# Output:
# Archive:  loki-linux-amd64.zip
#   inflating: loki-linux-amd64

In the code block above, we first updated our APT package lists with sudo apt update. Then, we installed unzip to extract the Loki binary. We downloaded the Loki binary with wget and finally unzipped the file.

Installing Grafana Loki with YUM

For distributions like CentOS and AlmaLinux, the YUM package manager is used. Here’s how you can install Grafana Loki using YUM:

# Update your YUM package lists
sudo yum check-update

# Install unzip if it's not installed already
sudo yum install unzip

# Download Loki binary
wget https://github.com/grafana/loki/releases/download/v2.4.1/loki-linux-amd64.zip

# Unzip the downloaded file
unzip loki-linux-amd64.zip

# Output:
# Archive:  loki-linux-amd64.zip
#   inflating: loki-linux-amd64

In the code block above, we first updated our YUM package lists with sudo yum check-update. Then, we installed unzip to extract the Loki binary. We downloaded the Loki binary with wget and finally unzipped the file.

In both methods, we now have Loki binary ready to be configured and used in our Linux system.

Installing Grafana Loki from Source

Compiling from source allows you to get the latest features and improvements in Grafana Loki that may not have been released in the official packages yet. Here’s how you can compile and install Grafana Loki from source:

# Install Go if it's not installed already
sudo apt install golang

# Clone the Loki repository
git clone https://github.com/grafana/loki.git

# Go to the Loki directory
 cd loki

# Build Loki
make loki

# Output:
# ...
# GO111MODULE=on go build -mod=vendor -o cmd/loki/loki -ldflags "-s -w -X github.com/grafana/loki/pkg/build.Branch= -X github.com/grafana/loki/pkg/build.Version= -X github.com/grafana/loki/pkg/build.Revision= -X github.com/grafana/loki/pkg/build.BuildUser= -X github.com/grafana/loki/pkg/build.BuildDate= " ./cmd/loki
# ...

In the code block above, we first installed Go, a requirement for building Loki from source. We then cloned the Loki repository and navigated into the Loki directory. Finally, we built Loki using the make loki command.

Specific Versions of Grafana Loki

Installing Specific Versions from Source

If you want to install a specific version of Grafana Loki from source, you can do so by checking out the specific Git tag before building. Here’s how:

# Clone the Loki repository
 git clone https://github.com/grafana/loki.git

# Go to the Loki directory
 cd loki

# Check out the specific version
 git checkout v2.4.1

# Build Loki
 make loki

# Output:
# ...
# GO111MODULE=on go build -mod=vendor -o cmd/loki/loki -ldflags "-s -w -X github.com/grafana/loki/pkg/build.Branch= -X github.com/grafana/loki/pkg/build.Version= -X github.com/grafana/loki/pkg/build.Revision= -X github.com/grafana/loki/pkg/build.BuildUser= -X github.com/grafana/loki/pkg/build.BuildDate= " ./cmd/loki
# ...

In the code block above, we first cloned the Loki repository and navigated into the Loki directory. We then checked out the specific version of Loki we wanted to install using git checkout. Finally, we built Loki using the make loki command.

Installing Specific Versions with APT and YUM

If you want to install a specific version of Grafana Loki using APT or YUM, you can do so by specifying the version in the install command. However, this only works if the version you want is available in the package repository. Here’s how you can do it:

APT

# Install a specific version of Loki with APT
sudo apt install loki=2.4.1

YUM

# Install a specific version of Loki with YUM
sudo yum install loki-2.4.1

Version Comparison

Different versions of Grafana Loki come with different features and improvements. Here’s a comparison of the recent versions:

VersionKey Features
2.4.1Improved query performance, bug fixes
2.3.0New Loki operator, improved query performance
2.2.1Bug fixes, improved stability

Verifying Installation and Basic Usage

Verifying Installation

You can verify that Grafana Loki is installed correctly by running the following command:

# Check Loki version
./loki-linux-amd64 --version

# Output:
# loki, version 2.4.1 (branch: HEAD, revision: abcdef1)
# build user:       root@abcdef1234
# build date:       20220301-12:00:00
# go version:       go1.16.3
# platform:         linux/amd64

In the code block above, we ran the --version command on the Loki binary. The output shows the version of Loki installed, the build user, build date, Go version, and platform.

Basic Usage

You can use Grafana Loki to aggregate logs by running it with a configuration file. Here’s a basic example:

# Start Loki server
./loki-linux-amd64 -config.file=loki-local-config.yaml

# Output:
# level=info ts=2022-03-01T12:00:00.123456789Z caller=main.go:130 msg="Starting Loki" version="(version=2.4.1, branch=HEAD, revision=abcdef1)"
# level=info ...

In the code block above, we started the Loki server with a configuration file loki-local-config.yaml. The output shows that Loki has started successfully.

Alternative Log Aggregation Tools

While Grafana Loki offers a powerful and efficient solution for log aggregation in Linux, it’s not the only tool available. Other popular log aggregation tools include Fluentd and Logstash, each with their unique features, advantages, and disadvantages.

Fluentd: An Open Source Data Collector

Fluentd is an open source data collector, which lets you unify the data collection and consumption for better use and understanding of data.

To install Fluentd, you can use the following commands:

# Install Fluentd
curl -L https://toolbelt.treasuredata.com/sh/install-ubuntu-bionic-td-agent3.sh | sh

# Output:
# ...
# td-agent 3.3.0 Copyright 2004-2018 Treasure Data
# Installed

In the code block above, we installed Fluentd using a script provided by Treasure Data, the company behind Fluentd. The output shows that Fluentd has been installed successfully.

Logstash: Server-side Data Processing Pipeline

Logstash is a server-side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to your favorite ‘stash.’

To install Logstash, you can use the following commands:

# Download and install the Public Signing Key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

# Save the repository definition to /etc/apt/sources.list.d/elastic-7.x.list
 echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

# Update your system
sudo apt-get update

# Install Logstash
sudo apt-get install logstash

# Output:
# Reading package lists... Done
# Building dependency tree
# Reading state information... Done
# logstash is already the newest version (1:7.16.2-1).
# 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

In the code block above, we first downloaded and installed the public signing key for Elastic, the company behind Logstash. We then added the Elastic repository to our APT sources list. After updating our system, we installed Logstash. The output shows that Logstash has been installed successfully.

Comparing Loki, Fluentd, and Logstash

LokiFluentdLogstash
Ease of UseHighMediumMedium
PerformanceHighHighMedium
FlexibilityHighHighHigh

While Loki, Fluentd, and Logstash all offer powerful features for log aggregation, they each have their strengths and weaknesses. Loki stands out for its ease of use and high performance, making it an excellent choice for beginners and large-scale deployments. Fluentd and Logstash offer high flexibility and can handle a wide variety of data sources, but they may require more configuration and resources.

Ultimately, the best tool for you depends on your specific needs and resources. We recommend trying out each tool and seeing which one fits your workflow best.

Troubleshooting Loki Installations

While installing Grafana Loki on Linux is generally straightforward, you may encounter some issues. Here are some common problems and their solutions.

Issue: Failed to Download Loki Binary

If you encounter an error while downloading the Loki binary, it may be due to network issues or the specified version not being available. To troubleshoot this issue, check your network connection and verify the version of Loki you are trying to download.

# Check network connection
ping -c 3 www.google.com

# Output:
# PING www.google.com (172.217.22.36) 56(84) bytes of data.
# 64 bytes from lhr48s22-in-f4.1e100.net (172.217.22.36): icmp_seq=1 ttl=119 time=10.6 ms
# ...

In the code block above, we used the ping command to check the network connection. If the command returns a response, it means your network connection is working correctly.

Issue: Loki Server Not Starting

If the Loki server is not starting, it may be due to a configuration issue. Check your Loki configuration file for any errors.

# Check Loki configuration file
cat loki-local-config.yaml

# Output:
# auth_enabled: false
# ...

In the code block above, we used the cat command to display the content of the Loki configuration file. Check the output for any errors or missing values.

Issue: Loki Command Not Found

If you encounter a ‘command not found’ error when trying to run Loki, it may be because the Loki binary is not in your PATH. To resolve this issue, you can specify the full path to the Loki binary when running it, or add it to your PATH.

# Add Loki binary to PATH
export PATH=$PATH:/path/to/loki-binary

# Check if Loki is in PATH
which loki-linux-amd64

# Output:
# /path/to/loki-binary/loki-linux-amd64

In the code block above, we added the Loki binary to the PATH using the export command. We then checked if Loki is in the PATH using the which command. The output shows the full path to the Loki binary.

Remember, the best way to avoid troubleshooting is to follow the installation instructions carefully and understand each step. If you still encounter issues, don’t hesitate to seek help from the community or professional support.

What is Log Aggregation?

Log aggregation is a critical aspect of system administration and security. It involves collecting and centralizing log data from different sources into one place. This process makes it easier to monitor systems, troubleshoot issues, and analyze data. Let’s take a closer look at what log aggregation is and why it’s important.

The Importance of Log Aggregation

In a typical IT infrastructure, logs are generated by various systems, applications, and devices. These logs contain valuable information about the operations and performance of these sources. However, when these logs are scattered across different locations, it can be difficult to make sense of the data.

# Viewing logs of a Linux system
journalctl -xe

# Output:
# -- Logs begin at Mon 2022-02-28 14:51:16 UTC, end at Tue 2022-03-01 15:00:02 UTC. --
# Mar 01 15:00:01 ubuntu systemd[1]: Started Daily apt download activities.
# Mar 01 15:00:02 ubuntu systemd[1]: apt-daily.timer: Succeeded.
# ...

In the code block above, we used the journalctl -xe command to view the logs of a Linux system. The output shows various logs, including system startups and application activities.

Log aggregation centralizes these logs, making it easier to monitor systems, troubleshoot issues, and analyze data. It’s a crucial component of effective system administration and security.

Grafana Loki: A Powerful Log Aggregation Tool

Grafana Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It’s designed to be very cost-effective and easy to operate, as it does not index the content of the logs, but rather a set of labels for each log stream.

Grafana Loki is like Prometheus, but for logs, making both logs and metrics available in a single, unified platform. It integrates deeply into Grafana, providing a seamless experience for querying and visualizing logs.

# Querying logs with Loki
loki-cli query "{job='varlogs'}"

# Output:
# {job="varlogs", filename="/var/log/syslog"} Feb 28 14:51:16 ubuntu systemd[1]: Mounted Huge Pages File System.
# {job="varlogs", filename="/var/log/syslog"} Feb 28 14:51:16 ubuntu systemd[1]: Mounted POSIX Message Queue File System.
# ...

In the code block above, we used the loki-cli query command to query logs with Loki. The output shows logs from the varlogs job, including system startups and application activities.

By understanding the importance of log aggregation and the capabilities of Grafana Loki, you can better manage and secure your IT infrastructure.

Practical Uses of Log Aggregation

In system administration and security, log aggregation plays a pivotal role. It provides a consolidated view of what’s happening across various applications and infrastructure components. Without log aggregation, sifting through individual log files can be tedious and time-consuming, making it hard to spot trends or anomalies.

# A simple log aggregation command using grep
grep 'ERROR' /var/log/*.log

# Output:
# /var/log/syslog:Jan  1 00:00:01 myhost ERROR An error event
# /var/log/auth.log:Jan  1 00:00:02 myhost ERROR Another error event

In the code block above, we’re using grep to aggregate error messages from all log files in the /var/log directory. This simple example demonstrates how log aggregation can help system administrators and security professionals quickly identify and respond to issues.

Exploring Related Concepts

Log aggregation is just the beginning. Once logs are aggregated, they can be analyzed for valuable insights. Log analysis involves examining log entries to understand how systems and applications are performing and to identify any potential issues. Monitoring, on the other hand, is the real-time observation of systems and applications to ensure they’re functioning as expected.

# A simple log analysis command using awk
awk '/ERROR/ {count++} END {print count}' /var/log/syslog

# Output:
# 42

In the code block above, we’re using awk to count the number of error messages in the system log file. This is a simple example of log analysis that can help us understand the frequency of errors in our system.

Further Resources for Mastering Log Aggregation and Analysis

To delve deeper into the world of log aggregation, analysis, and monitoring, here are some resources that you might find helpful:

  1. Grafana Loki Documentation: Comprehensive guide on how to use Grafana Loki, including installation, configuration, and querying logs.

  2. The ELK Stack: Elasticsearch, Logstash, and Kibana: Learn about the ELK Stack, another popular log aggregation and analysis solution.

  3. Fluentd Documentation: In-depth resource on how to use Fluentd for unified logging layer.

These resources provide a wealth of information that can help you master log aggregation, analysis, and monitoring, and improve your system administration and security skills.

Recap: Installing Grafana Loki

In this exhaustive guide, we’ve navigated through the process of installing Grafana Loki, an efficient log aggregation system, on Linux. We’ve covered the importance of log aggregation, the role of Grafana Loki in the landscape of log management, and the steps to install and configure it on your Linux system.

We began with the basics, outlining how to install Grafana Loki on APT-based distributions like Debian and Ubuntu, and YUM-based distributions like CentOS and AlmaLinux. We then ventured into intermediate territory, discussing advanced installation methods such as installing from source and installing specific versions.

We also tackled common issues you might encounter during the installation and usage of Grafana Loki, providing you with practical solutions and workarounds. Additionally, we explored alternative approaches to log aggregation, comparing Grafana Loki with Fluentd and Logstash.

Here’s a quick comparison of these log aggregation tools:

ToolEase of UsePerformanceFlexibility
Grafana LokiHighHighHigh
FluentdMediumHighHigh
LogstashMediumMediumHigh

Whether you’re just starting out with Grafana Loki or looking to deepen your understanding of log aggregation tools, we hope this guide has been a valuable resource. With this knowledge, you’re well-equipped to manage logs efficiently and make informed decisions on the best tools for your specific needs.

Log aggregation is a critical aspect of system administration and security, and Grafana Loki offers a powerful solution for this task. Happy log aggregating!