Monitoring / Tools

Grafana’s Loki 2.0 Features New Log Labels, Direct Alerts and a Prettier Dashboard

30 Oct 2020 11:04am, by

The newly released version 2.0 of Grafana’s Loki log aggregation tool features an improved query language and the ability to generate alerts directly from the logs themselves.

Through Loki’s dashboard for log aggregation, for example, Loki 2.0 improves how logs and metrics can be labeled, classified and delineated for analysis: The tool now lets users write queries for alerts directly from within the dashboard — previously this function required configuring alerts with Grafana, which is Loki’s companion analytics and interactive visualization web application.

“We focused this release on three things: on getting metrics out of your logs, on building alerts off of those metrics, and building beautiful interactive dashboards,” Tom Wilkie, vice president of product at Grafana Labs, said during a keynote at ObservabilityCON.

During the ObservabilityCON keynote, Cyril Tovena, senior software engineer for Grafana Labs, demonstrated how these new features work. He showed, for example, how it is possible to set rules with Loki that are forwarded to the alert manager. Once an alert is received, he showed how it is possible to analyze the database in such a way that you quickly find the “root cause of the issue,” by, among other things, using Loki to analyze particular time spans for logs — categorized with tables — for the application.

During the demo, he also showed how Loki’s new functionality is useful for finding key metrics for Nginx for webserver management, which, Tovena said, “is not an easy task.” He showed, for example, how to use Loki to add more sophisticated and detailed labels for filtering and aggregation to improve metric capabilities to analyze latency data. “Now, it’s pretty much light and easy to digest and to find problems,” he said. “So, it’s not about just logs” since you can also extract new labels into metrics.

About two years ago, Grafana released Loki to support the “developer and operator” persona in such a way that users “get to the error contained in the logs as quickly as possible,” Wilkie said during the keynote at  ObservabilityCON. “We allow you to quickly pivot from metrics to logs, showing you relevant logs and metrics for your query,” Wilkie said. “And we wanted to make that as easy as possible.”

Loki owes much of its functionality to how the dashboard lists logs’ metadata, instead of dumping the entire log text onscreen, which would otherwise be more challenging to parse through.

“We do this by preserving the metadata and context you build up your query and your metrics — and then pivot that metadata directly over to your logs,” Wilkie said. “This simplification and this integrated flow really help de-stress the incident-response workflow, which is  what we were trying to achieve.“

Since the release of Loki 1.0 last year, Loki instances have increased from 5,000 to over 27,000, Grafana said.

Grafana also introduced Grafana 7.3 during ObservabilityCON, which features capabilities for better access to relevant metrics, logs and tracing capabilities for debugging and analysis. The new capability is part of Grafana’s original creators’ mission to create a single platform that covers all observability requirements. The idea is to allow users to be able “to pick the data source for metrics, logs and traces that fits your needs, giving you a lot more choice and freedom and preventing you from vendor lock-in,” Torkel Odegaard, Grafana creator and project lead and Grafana Labs’ co-founder, said.

A newsletter digest of the week’s most important stories & analyses.