Grafana Loki

Reading time: 0 minute(s) (0 words)

Grafana Loki (or Loki) is a horizontally scalable, multi-tenant log aggregation system that is extremely easy to operate. Loki does not index the contents of the logs, but rather a set of labels for each log stream. Nobl9 users can leverage Loki to query and build metrics on top of their logs.

Grafana Loki parameters and supported features in Nobl9

General support:: Release channel: Stable, Beta; Connection method: Agent; Replay and SLI Analyzer: Not supported; Event logs: Not supported; Query checker: Not supported; Query parameters retrieval: Supported; Timestamp cache persistence: Not supported
Query parameters:: Query interval: 1 min; Query delay: 1 min; Jitter: 15 sec; Timeout: 30 sec
Agent details and minimum required versions for supported features:: Plugin name: n9grafana_loki; Query delay environment variable: GRAFANA_LOKI_QUERY_DELAY; Query parameters retrieval: 0.73.2; Custom HTTP headers: 0.88.0 / 0.88.0-beta

Creating SLOs with Grafana Loki

Nobl9 Web

Follow the instructions below to create your SLOs with Grafana Loki in the Nobl9 web application.

Navigate to Service Level Objectives.
Click .
Select a Service.
It will be the location for your SLO in Nobl9.
Select your Grafana Loki data source.
Metric refers to the way of calculating and interpreting calculate and interpret data from your data source.
- Threshold metric is defined by a single numerical value (the threshold) that separates satisfactory performance from unsatisfactory performance. It's represented by a single time series evaluated against the threshold.
- Ratio metric expresses the performance as a fraction or proportion, typically by dividing the number of successful events by the total number of potential events (successes + failures). It's represented by two-time series for comparison for good events and total events.
  For ratio metrics, select the Data count method.
  SLI values for good and total
  When choosing the query for the ratio SLI (countMetrics), keep in mind that the values resulting from that query for both good and total:
  Must be positive.
  While we recommend using integers, fractions are also acceptable.
  If using fractions, we recommend them to be larger than 1e-4 = 0.0001.
  Shouldn't be larger than 1e+20.

Specify Query using the LogQL syntax.

Click to open query samples

Total metric
sum(sum_over_time({topic="cdc"} |= "kafka_consumergroup_lag" | logfmt | line_format "{{.kafka_consumergroup_lag}}" | unwrap kafka_consumergroup_lag [1m]))

Ratio metric, numerator
count(count_over_time(({app="nobl9", component="ingest", container="ingest container"} | json | line_format "{{.log}}" | json | http_useragent != "ELB-HealthChecker/2.0" | http_status_code >= 200 and http_status_code < 300)[1m]))

Ratio metric, denominator
count(count_over_time(({app="nobl9", component="ingest", container="ingest-container"} | json | line_format "{{.log}}" | json | http_useragent != "ELB-HealthChecker/2.0" | http_status_code > 0)[1m]))

Define the Time window for your SLO:
- Rolling time windows constantly move forward as time passes. This type can help track the most recent events.
- Calendar-aligned time windows are usable for SLOs intended to map to business metrics measured on a calendar-aligned basis.
Configure the Error budget calculation method and Objectives:
- Occurrences method counts good attempts against the count of total attempts.
- Time Slices method measures how many good minutes were achieved (when a system operates within defined boundaries) during a time window.
- You can define up to 12 objectives for an SLO.
Add the Display name, Name, and other settings for your SLO:
- Name identifies your SLO in Nobl9. After you save the SLO, its name becomes read-only.
  Use only lowercase letters, numbers, and dashes.
- Select No data anomaly alert to receive notifications when your SLO stops reporting data for a specified period:
  - Choose up to five supported Alert methods.
  - Specify the delay period before Nobl9 sends an alert about the missing data.
    From 5 minutes to 31 days. Default: 15 minutes
- Add alert policies, labels, and links, if required.
  Limits per SLO: 20 alert policies or links, 30 labels.
Click CREATE SLO.

SLO configuration use case

Check the SLO configuration use case for a real-life SLO example.

YAML

Threshold (rawMetric)
Ratio (countMetric)

Sample Grafana Loki threshold SLO
apiVersion: n9/v1alpha
kind: SLO
metadata:
  name: api-server-slo
  displayName: API Server SLO
  project: default
  labels:
    area:
      - latency
      - slow-check
    env:
      - prod
      - dev
    region:
      - us
      - eu
    team:
      - green
      - sales
  annotations:
    area: latency
    env: prod
    region: us
    team: sales
spec:
  description: Example Grafana Loki SLO
  indicator:
    metricSource:
      name: grafana-loki
      project: default
      kind: Agent
  budgetingMethod: Occurrences
  objectives:
    - displayName: Good response (200)
      value: 200
      name: ok
      target: 0.95
      rawMetric:
        query:
          grafanaLoki:
            logql: >-
              sum(sum_over_time({topic="cdc"} |= "kafka_consumergroup_lag" |
              logfmt | line_format "{{.kafka_consumergroup_lag}}" | unwrap
              kafka_consumergroup_lag [1m]))
      op: lte
      primary: true
  service: api-server
  timeWindows:
    - unit: Month
      count: 1
      isRolling: false
      calendar:
        startTime: '2022-12-01 00:00:00'
        timeZone: UTC
  alertPolicies:
    - fast-burn-5x-for-last-10m
  attachments:
    - url: https://docs.nobl9.com
      displayName: Nobl9 Documentation
  anomalyConfig:
    noData:
      alertMethods:
        - name: slack-notification
          project: default
      alertAfter: 1h

Sample Grafana Loki ratio SLO
apiVersion: n9/v1alpha
kind: SLO
metadata:
  name: api-server-slo
  displayName: API Server SLO
  project: default
  labels:
    area:
      - latency
      - slow-check
    env:
      - prod
      - dev
    region:
      - us
      - eu
    team:
      - green
      - sales
  annotations:
    area: latency
    env: prod
    region: us
    team: sales
spec:
  description: Example Grafana Loki SLO
  indicator:
    metricSource:
      name: grafana-loki
      project: default
      kind: Agent
  budgetingMethod: Occurrences
  objectives:
    - displayName: Good response (200)
      value: 1
      name: ok
      target: 0.95
      countMetrics:
        incremental: true
        good:
          grafanaLoki:
            logql: >-
              count(count_over_time(({component="api-server"} | json |
              line_format "{{.log}}" | json | http_status_code >= 200 and
              http_status_code < 300)[1m]))
        total:
          grafanaLoki:
            logql: >-
              count(count_over_time(({component="api-server"} | json |
              line_format "{{.log}}" | json | http_status_code > 0)[1m]))
      primary: true
  service: api-server
  timeWindows:
    - unit: Month
      count: 1
      isRolling: false
      calendar:
        startTime: '2022-12-01 00:00:00'
        timeZone: UTC
  alertPolicies:
    - fast-burn-5x-for-last-10m
  attachments:
    - url: https://docs.nobl9.com
      displayName: Nobl9 Documentation
  anomalyConfig:
    noData:
      alertMethods:
        - name: slack-notification
          project: default
      alertAfter: 1h

Click to open field reference

Field	Type	Description
`apiVersion` mandatory	string	API version. Use `n9/v1alpha`
`kind` mandatory	string	The resource type. Use `SLO`
Metadata
`metadata.name` mandatory	string	Name identifier for the SLO. Use only lowercase alphanumeric characters
`metadata.displayName`	string	User-friendly SLO name
`metadata.project` mandatory	string	The name identifier of the project where you need to host your SLO
`metadata.labels`	object (map: string[])	Grouping labels for filtering or viewing
`metadata.annotations`	object (map: string)	Flat string annotations
Spec
`spec.description`	string	SLO description
`spec.indicator.metricSource.name` mandatory	string	Data source name
`spec.indicator.metricSource.project` mandatory	string	Project containing the data source
`spec.indicator.metricSource.kind` mandatory	string	Data source connection method. Can be Agent or Direct
`spec.budgetingMethod` mandatory	enum	Error budget calculation method. Can be Occurrences or Time slices
`spec.objectives` mandatory	array	Your SLO objective definition, up to 12 objectives per SLO.
`spec.objectives[].displayName`	string	User-friendly objective name
`spec.objectives[].value` mandatory	number	Data point values that is considered "good" (e.g., `200.0`). In SLOs with two or more objectives, keep each objective's value unique. In ratio (`count`) metrics, `value` is retained for legacy purposes.
`spec.objectives[].name` mandatory	string	Name identifier for this objective
`spec.objectives[].op` mandatory	string (enum)	Operator for objective. One of: `lte` (less than or equal to) `lt` (less than) `gte` (greater than or equal to) `gt` (greater than)
`spec.objectives[].target` mandatory	float	The percentage of the good minutes or occurrences that must meet the desired performance (e.g., is the target is `0.95`, the good performance is expected to be observed in at least 95% of the time window)
`spec.objectives[].rawMetric`/`.countMetric` mandatory	object	The metric type indicator. Set: `rawMetric` for a threshold metric `countMetric` for a ratio metric. A ratio metric requires the additional fields: `countMetric.incremental` (boolean) the data count method `countMetric.good`/`.bad` and `countMetric.total` a numerator and denominator queries
`spec.objectives[].countMetric.incremental` mandatory	boolean	The data count method for a ratio (`countMetric`) metric type
`spec.objectives[].primary`	boolean	The indicator of a primary SLO objective
`spec.service` mandatory	string	The name identifier of a service to host this SLO. The service must exist in the project specified in `metadata.project`
`spec.timeWindows` mandatory	array	Defines SLO time window for error budget calculation. Set: `isRolling: true` for the rolling time window type `isRolling: false` for the calendar-aligned type
`spec.timeWindows.unit` mandatory	integer	The time window units. One of: `Day` \| `Hour` \| `Minute` for the rolling time window `Year` \| `Quarter` \| `Month` \| `Week` \| `Day` for the calendar-aligned time window
`spec.timeWindows.count` mandatory	integer	The number of units in a time window
`spec.timeWindows.startTime`	string	Mandatory for calendar-aligned time windows. Date and time in the format `YYYY-MM-DDTHH:mm:ss`
`spec.timeWindows.timeZone`	string	Mandatory for calendar-aligned time-windows. A valid IANA Time Zone Database name
`spec.timeWindows.isRolling` mandatory	boolean	`true` for the rolling time window type `false` for the calendar-aligned type
`spec.alertPolicies`	array	The name identifiers of alert policies to be linked to this SLO (must be from the same project as the SLO). Up to 20 alert policies per SLO.
`spec.attachments`	array	Links to any additional attributes of this SLO
`spec.anomalyConfig`	object	Settings for a manual no data anomaly detection rule
`spec.noData.alertMethods`	array	List of alert methods for no-data anomaly. Up to five alert methods per SLO. Every alert method must have the `name` and `project` fields
`spec.noData.alertAfter`	string	Waiting time before sending a no-data notification. Must be `5m` to `31d`. Default: `15m`
Source-specific fields
`grafanaLoki.logql` mandatory	string	Your PromQL query

Sample LogQL queries

Ratio metric for Grafana Loki:
Good query:
count(count_over_time(({app="nobl9", component="ingest", container="ingest container"} | json | line_format "{{.log}}" | json | http_useragent != "ELB-HealthChecker/2.0" | http_status_code >= 200 and http_status_code < 300)[1m]))
Total query:
count(count_over_time(({app="nobl9", component="ingest", container="ingest-container"} | json | line_format "{{.log}}" | json | http_useragent != "ELB-HealthChecker/2.0" | http_status_code > 0)[1m]))

Querying the Grafana Loki server

Nobl9 calls Loki API every minute to retrieve the log data from the previous minute. Nobl9 aggregates the total number of points to 4 per minute.

caution

Users should refrain from adding duration and Nobl9 will append [1m] to the query.

Useful links

Check out these related guides and references:

Add Grafana Loki as a data sourceAdding data sources

Grafana HTTP APIGrafana Loki documentation

Introduction to PromQLGrafana documentation

Creating SLOs via TerraformTerraform

Creating SLOs with Grafana Loki​

Nobl9 Web​

YAML​

Sample LogQL queries​

Querying the Grafana Loki server​

Useful links​