victoriametrics.com

Promtail, Grafana Agent and Grafana Alloy are default log collectors for Grafana Loki. They can be configured to send the collected logs to VictoriaLogs according to the following docs.

Specify clients section in the configuration file for sending the collected logs to VictoriaLogs:

clients:
  - url: "http://localhost:9428/insert/loki/api/v1/push"

Substitute localhost:9428 address inside clients with the real TCP address of VictoriaLogs.

VictoriaLogs uses log streams defined at the client side, e.g. at Promtail, Grafana Agent or Grafana Allow. Sometimes it may be needed overriding the set of these fields. This can be done via _stream_fields query arg. For example, the following config instructs using only the instance and job labels as log stream fields, while other labels will be stored as usual log fields:

clients:
  - url: "http://localhost:9428/insert/loki/api/v1/push?_stream_fields=instance,job"

See also these docs for details on other supported query args. There is no need in specifying _msg_field and _time_field query args, since VictoriaLogs automatically extracts log message and timestamp from the ingested Loki data.

It is recommended verifying whether the initial setup generates the needed log fields and uses the correct stream fields. This can be done by specifying debug parameter and inspecting VictoriaLogs logs then:

clients:
  - url: "http://localhost:9428/insert/loki/api/v1/push?debug=1"

If some log fields must be skipped during data ingestion, then they can be put into ignore_fields parameter. For example, the following config instructs VictoriaLogs to ignore filename and stream fields in the ingested logs:

clients:
  - url: 'http://localhost:9428/insert/loki/api/v1/push?ignore_fields=filename,stream'

By default the ingested logs are stored in the (AccountID=0, ProjectID=0) tenant. If you need storing logs in other tenant, then specify the needed tenant via tenant_id field in the Loki client configuration The tenant_id must have AccountID:ProjectID format, where AccountID and ProjectID are arbitrary uint32 numbers. For example, the following config instructs VictoriaLogs to store logs in the (AccountID=12, ProjectID=34) tenant:

clients:
  - url: "http://localhost:9428/insert/loki/api/v1/push"
    tenant_id: "12:34"

The ingested log entries can be queried according to these docs.

See also data ingestion troubleshooting docs.