Log Aggregation
Collecting logs centrally makes it possible to search across all services from one place, set up alerts on log patterns, and retain logs beyond container restarts.
What this page covers
- Log aggregation options: Loki + Promtail (recommended), vs. alternatives
- Installing Loki and Promtail via Helm
- Querying logs in Grafana with LogQL
- Log retention and storage sizing
Recommended stack: Loki + Promtail
Loki is a horizontally scalable log aggregation system designed to work alongside Prometheus and Grafana. It indexes log labels (not the full log text), keeping storage costs low.
Promtail is the log shipping agent that runs on each node and tails container logs, adding Kubernetes labels, and shipping to Loki.
Installation
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
helm install loki grafana/loki-stack \
--namespace monitoring \
--set promtail.enabled=true \
--set grafana.enabled=false
Loki data source is automatically discoverable by Grafana after installation.
Querying with LogQL
# All logs from the gitea namespace
{namespace="gitea"}
# Error logs from the youtrack pod
{namespace="youtrack"} |= "ERROR"