Log Collection Sources

While this lesson focuses on metrics, Alloy can collect logs alongside metrics using Loki components. These examples show file-based logs and journald.

Example: Collecting System Logs

07-system-logs.alloy
local.file_match "system_logs" {
    path_targets = [
        { "__path__" = "/var/log/syslog", "job" = "system", "instance" = constants.hostname },
        { "__path__" = "/var/log/auth.log", "job" = "auth", "instance" = constants.hostname },
        { "__path__" = "/var/log/kern.log", "job" = "kernel", "instance" = constants.hostname },
    ]
}

loki.source.file "system_logs_source" {
    targets    = local.file_match.system_logs.targets
    forward_to = [loki.write.grafana_cloud_loki.receiver]
}

Example: Monitoring Journal Logs

08-journal-logs.alloy
loki.relabel "journal" {
  forward_to = []

  rule {
    source_labels = ["__journal__systemd_unit"]
    target_label  = "unit"
  }
}

loki.source.journal "read"  {
  forward_to    = [loki.write.grafana_cloud_loki.receiver]
  relabel_rules = loki.relabel.journal.rules
  labels        = {component = "loki.source.journal"}
}

note

Journald access typically requires elevated privileges. If you are running Alloy as a non-root user, grant access to the journal or use file-based logs instead.

Example: Collecting System Logs​

Example: Monitoring Journal Logs​

Example: Collecting System Logs

Example: Monitoring Journal Logs