菜单
开源 RSS

Grafana Loki 配置参数

Grafana Loki 通过 YAML 文件(通常称为 loki.yaml)进行配置,该文件根据 Loki 的启动模式包含 Loki 服务器及其各个组件的信息。

配置示例可在配置示例文档中找到。

运行时打印 Loki 配置

如果您向 Loki 传递 -print-config-stderr-log-config-reverse-order 标志(或 -print-config-stderr=true),Loki 将会转储从内置默认值、配置文件的覆盖以及最后是命令行标志的覆盖组合而成的完整配置对象。

结果是 Loki 配置结构中每个配置对象的值,这个结果非常庞大……

许多值与您的安装无关,例如您未使用的存储配置以及您未定义的配置。这是正常的,因为每个选项都有一个默认值,无论它是否正在使用。

这个配置是 Loki 将用来运行的配置,对于调试与配置相关的问题非常宝贵,尤其有助于确保您的配置文件和标志被正确读取和加载。

直接运行 Loki(例如 ./loki)时,-print-config-stderr 非常好用,您可以快速获得整个 Loki 配置的输出。

-log-config-reverse-order 是我们在所有环境中运行 Loki 时使用的标志,配置条目是反序的,这样在 Grafana 的 Explore 中查看时,配置的顺序会自上而下地正确阅读。

配置文件参考

要指定加载哪个配置文件,请在命令行传递 -config.file 标志。其值可以是逗号分隔的路径列表,然后将使用存在的第一个文件。如果没有指定 -config.file 参数,Loki 将在当前工作目录和 config/ 子目录中查找 config.yaml 并尝试使用它。

该文件采用 YAML 格式 编写,由以下方案定义。方括号表示参数是可选的。对于非列表参数,值设置为指定的默认值。

在配置中使用环境变量

注意: 此功能仅在 Loki 2.1+ 版本中可用。

您可以在配置文件中使用环境变量引用来设置在部署期间需要配置的值。要实现此目的,请传递 -config.expand-env=true 并使用

bash
${VAR}

其中 VAR 是环境变量的名称。

每个变量引用在启动时都会被环境变量的值替换。替换是区分大小写的,并且发生在 YAML 文件解析之前。未定义变量的引用将被空字符串替换,除非您指定了默认值或自定义错误文本。

要指定默认值,请使用

bash
${VAR:-default_value}

其中 default_value 是在环境变量未定义时使用的值。

在命令行传递 -config.expand-env 标志以启用此配置方式。

通用占位符

  • <boolean> : 布尔值,可取 truefalse
  • <int> : 匹配正则表达式 [1-9]+[0-9]* 的任何整数
  • <duration> : 匹配正则表达式 [0-9]+(ns|us|µs|ms|[smh]) 的持续时间
  • <labelname> : 匹配正则表达式 [a-zA-Z_][a-zA-Z0-9_]* 的字符串
  • <labelvalue> : 由 Unicode 字符组成的字符串
  • <filename> : 相对于当前工作目录的有效路径或绝对路径。
  • <host> : 由主机名或 IP 后跟可选端口号组成的有效字符串
  • <string> : 字符串
  • <secret> : 表示秘密的字符串,例如密码

loki.yaml 支持的内容和默认值

yaml
# A comma-separated list of components to run. The default value 'all' runs Loki
# in single binary mode. The value 'read' is an alias to run only read-path
# related components such as the querier and query-frontend, but all in the same
# process. The value 'write' is an alias to run only write-path related
# components such as the distributor and compactor, but all in the same process.
# Supported values: all, compactor, distributor, ingester, querier,
# query-scheduler, ingester-querier, query-frontend, index-gateway, ruler,
# table-manager, read, write. A full list of available targets can be printed
# when running Loki with the '-list-targets' command line flag.
# CLI flag: -target
[target: <string> | default = "all"]

# Enables authentication through the X-Scope-OrgID header, which must be present
# if true. If false, the OrgID will always be set to 'fake'.
# CLI flag: -auth.enabled
[auth_enabled: <boolean> | default = true]

# The amount of virtual memory in bytes to reserve as ballast in order to
# optimize garbage collection. Larger ballasts result in fewer garbage
# collection passes, reducing CPU overhead at the cost of heap size. The ballast
# will not consume physical memory, because it is never read from. It will,
# however, distort metrics, because it is counted as live memory.
# CLI flag: -config.ballast-bytes
[ballast_bytes: <int> | default = 0]

# Configures the server of the launched module(s).
[server: <server>]

ui:
  # Enable the experimental Loki UI.
  # CLI flag: -ui.enabled
  [enabled: <boolean> | default = false]

  # Name to use for this node in the cluster.
  # CLI flag: -ui.node-name
  [node_name: <string> | default = "<hostname>"]

  # IP address to advertise in the cluster.
  # CLI flag: -ui.advertise-addr
  [advertise_addr: <string> | default = ""]

  # Name of network interface to read address from.
  # CLI flag: -ui.interface
  [interface_names: <list of strings> | default = [<private network interfaces>]]

  # How frequently to rejoin the cluster to address split brain issues.
  # CLI flag: -ui.rejoin-interval
  [rejoin_interval: <duration> | default = 3m]

  # Number of initial peers to join from the discovered set.
  # CLI flag: -ui.cluster-max-join-peers
  [cluster_max_join_peers: <int> | default = 3]

  # Name to prevent nodes without this identifier from joining the cluster.
  # CLI flag: -ui.cluster-name
  [cluster_name: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -ui.enable-ipv6
  [enable_ipv6: <boolean> | default = false]

  # Enable debug logging for the UI.
  # CLI flag: -ui.debug
  [debug: <boolean> | default = false]

  discovery:
    # List of peers to join the cluster. Supports multiple values separated by
    # commas. Each value can be a hostname, an IP address, or a DNS name (A/AAAA
    # and SRV records).
    # CLI flag: -ui.discovery.join-peers
    [join_peers: <list of strings> | default = []]

# Configures the distributor.
[distributor: <distributor>]

# Configures the querier. Only appropriate when running all modules or just the
# querier.
[querier: <querier>]

# The query_scheduler block configures the Loki query scheduler. When configured
# it separates the tenant query queues from the query-frontend.
[query_scheduler: <query_scheduler>]

# The frontend block configures the Loki query-frontend.
[frontend: <frontend>]

# The query_range block configures the query splitting and caching in the Loki
# query-frontend.
[query_range: <query_range>]

# The ruler block configures the Loki ruler.
[ruler: <ruler>]

ruler_storage:
  # The thanos_object_store_config block configures the connection to object
  # storage backend using thanos-io/objstore clients. This will become the
  # default way of configuring object store clients in future releases.
  # Currently this is opt-in and takes effect only when `-use-thanos-objstore`
  # is set to true.
  # The CLI flags prefix for this block configuration is: ruler-storage
  [<thanos_object_store_config>]

  # Backend storage to use. Supported backends are: local, s3, gcs, azure,
  # swift, filesystem, alibabacloud, bos
  # CLI flag: -ruler-storage.backend
  [backend: <string> | default = "filesystem"]

  local:
    # Directory to scan for rules
    # CLI flag: -ruler-storage.local.directory
    [directory: <string> | default = ""]

# The ingester_client block configures how the distributor will connect to
# ingesters. Only appropriate when running all components, the distributor, or
# the querier.
[ingester_client: <ingester_client>]

# The ingester block configures the ingester and how the ingester will register
# itself to a key value store.
[ingester: <ingester>]

block_builder:
  # How many flushes can happen concurrently
  # CLI flag: -blockbuilder.concurrent-flushes
  [concurrent_flushes: <int> | default = 1]

  # How many workers to process writes, defaults to number of available cpus
  # CLI flag: -blockbuilder.concurrent-writers
  [concurrent_writers: <int> | default = 1]

  # The targeted _uncompressed_ size in bytes of a chunk block When this
  # threshold is exceeded the head block will be cut and compressed inside the
  # chunk.
  # CLI flag: -blockbuilder.chunks-block-size
  [chunk_block_size: <int> | default = 256KB]

  # A target _compressed_ size in bytes for chunks. This is a desired size not
  # an exact size, chunks may be slightly bigger or significantly smaller if
  # they get flushed for other reasons (e.g. chunk_idle_period). A value of 0
  # creates chunks with a fixed 10 blocks, a non zero value will create chunks
  # with a variable number of blocks to meet the target size.
  # CLI flag: -blockbuilder.chunk-target-size
  [chunk_target_size: <int> | default = 1536KB]

  # The algorithm to use for compressing chunk. (none, gzip, lz4-64k, snappy,
  # lz4-256k, lz4-1M, lz4, flate, zstd)
  # CLI flag: -blockbuilder.chunk-encoding
  [chunk_encoding: <string> | default = "snappy"]

  # The maximum duration of a timeseries chunk in memory. If a timeseries runs
  # for longer than this, the current chunk will be flushed to the store and a
  # new chunk created.
  # CLI flag: -blockbuilder.max-chunk-age
  [max_chunk_age: <duration> | default = 2h]

  backoff_config:
    # Minimum delay when backing off.
    # CLI flag: -blockbuilder.backoff..backoff-min-period
    [min_period: <duration> | default = 100ms]

    # Maximum delay when backing off.
    # CLI flag: -blockbuilder.backoff..backoff-max-period
    [max_period: <duration> | default = 10s]

    # Number of times to backoff and retry before failing.
    # CLI flag: -blockbuilder.backoff..backoff-retries
    [max_retries: <int> | default = 10]

  # The number of workers to run in parallel to process jobs.
  # CLI flag: -blockbuilder.worker-parallelism
  [worker_parallelism: <int> | default = 1]

  # The interval at which to sync job status with the scheduler.
  # CLI flag: -blockbuilder.sync-interval
  [sync_interval: <duration> | default = 30s]

  # The interval at which to poll for new jobs.
  # CLI flag: -blockbuilder.poll-interval
  [poll_interval: <duration> | default = 30s]

  # Address of the scheduler in the format described here:
  # https://github.com/grpc/grpc/blob/master/doc/naming.md
  # CLI flag: -blockbuilder.scheduler-address
  [scheduler_address: <string> | default = ""]

  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is:
  # blockbuilder.scheduler-grpc-client.
  [scheduler_grpc_client_config: <grpc_client>]

block_scheduler:
  # How often the scheduler should plan jobs.
  # CLI flag: -block-scheduler.interval
  [interval: <duration> | default = 15m]

  # Lookback period used by the scheduler to plan jobs when the consumer group
  # has no commits. 0 consumes from the start of the partition.
  # CLI flag: -block-scheduler.lookback-period
  [lookback_period: <duration> | default = 0s]

  # Strategy used by the planner to plan jobs. One of record-count
  # CLI flag: -block-scheduler.strategy
  [strategy: <string> | default = "record-count"]

  # Target record count used by the planner to plan jobs. Only used when
  # strategy is record-count
  # CLI flag: -block-scheduler.target-record-count
  [target_record_count: <int> | default = 1000]

  job_queue:
    # Interval to check for expired job leases
    # CLI flag: -jobqueue.lease-expiry-check-interval
    [lease_expiry_check_interval: <duration> | default = 1m]

    # Duration after which a job lease is considered expired if the scheduler
    # receives no updates from builders about the job. Expired jobs are
    # re-enqueued
    # CLI flag: -jobqueue.lease-duration
    [lease_duration: <duration> | default = 10m]

pattern_ingester:
  # Whether the pattern ingester is enabled.
  # CLI flag: -pattern-ingester.enabled
  [enabled: <boolean> | default = false]

  # Configures how the lifecycle of the pattern ingester will operate and where
  # it will register for discovery.
  lifecycler:
    ring:
      kvstore:
        # Backend storage to use for the ring. Supported values are: consul,
        # etcd, inmemory, memberlist, multi.
        # CLI flag: -pattern-ingester.store
        [store: <string> | default = "consul"]

        # The prefix for the keys in the store. Should end with a /.
        # CLI flag: -pattern-ingester.prefix
        [prefix: <string> | default = "collectors/"]

        # Configuration for a Consul client. Only applies if the selected
        # kvstore is consul.
        # The CLI flags prefix for this block configuration is: pattern-ingester
        [consul: <consul>]

        # Configuration for an ETCD v3 client. Only applies if the selected
        # kvstore is etcd.
        # The CLI flags prefix for this block configuration is: pattern-ingester
        [etcd: <etcd>]

        multi:
          # Primary backend storage used by multi-client.
          # CLI flag: -pattern-ingester.multi.primary
          [primary: <string> | default = ""]

          # Secondary backend storage used by multi-client.
          # CLI flag: -pattern-ingester.multi.secondary
          [secondary: <string> | default = ""]

          # Mirror writes to secondary store.
          # CLI flag: -pattern-ingester.multi.mirror-enabled
          [mirror_enabled: <boolean> | default = false]

          # Timeout for storing value to secondary store.
          # CLI flag: -pattern-ingester.multi.mirror-timeout
          [mirror_timeout: <duration> | default = 2s]

      # The heartbeat timeout after which ingesters are skipped for
      # reads/writes. 0 = never (timeout disabled).
      # CLI flag: -pattern-ingester.ring.heartbeat-timeout
      [heartbeat_timeout: <duration> | default = 1m]

      # The number of ingesters to write to and read from.
      # CLI flag: -pattern-ingester.distributor.replication-factor
      [replication_factor: <int> | default = 1]

      # True to enable the zone-awareness and replicate ingested samples across
      # different availability zones.
      # CLI flag: -pattern-ingester.distributor.zone-awareness-enabled
      [zone_awareness_enabled: <boolean> | default = false]

      # Comma-separated list of zones to exclude from the ring. Instances in
      # excluded zones will be filtered out from the ring.
      # CLI flag: -pattern-ingester.distributor.excluded-zones
      [excluded_zones: <string> | default = ""]

    # Number of tokens for each ingester.
    # CLI flag: -pattern-ingester.num-tokens
    [num_tokens: <int> | default = 128]

    # Period at which to heartbeat to consul. 0 = disabled.
    # CLI flag: -pattern-ingester.heartbeat-period
    [heartbeat_period: <duration> | default = 5s]

    # Heartbeat timeout after which instance is assumed to be unhealthy. 0 =
    # disabled.
    # CLI flag: -pattern-ingester.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # Observe tokens after generating to resolve collisions. Useful when using
    # gossiping ring.
    # CLI flag: -pattern-ingester.observe-period
    [observe_period: <duration> | default = 0s]

    # Period to wait for a claim from another member; will join automatically
    # after this.
    # CLI flag: -pattern-ingester.join-after
    [join_after: <duration> | default = 0s]

    # Minimum duration to wait after the internal readiness checks have passed
    # but before succeeding the readiness endpoint. This is used to slowdown
    # deployment controllers (eg. Kubernetes) after an instance is ready and
    # before they proceed with a rolling update, to give the rest of the cluster
    # instances enough time to receive ring updates.
    # CLI flag: -pattern-ingester.min-ready-duration
    [min_ready_duration: <duration> | default = 15s]

    # Name of network interface to read address from.
    # CLI flag: -pattern-ingester.lifecycler.interface
    [interface_names: <list of strings> | default = [<private network interfaces>]]

    # Enable IPv6 support. Required to make use of IP addresses from IPv6
    # interfaces.
    # CLI flag: -pattern-ingester.enable-inet6
    [enable_inet6: <boolean> | default = false]

    # Duration to sleep for before exiting, to ensure metrics are scraped.
    # CLI flag: -pattern-ingester.final-sleep
    [final_sleep: <duration> | default = 0s]

    # File path where tokens are stored. If empty, tokens are not stored at
    # shutdown and restored at startup.
    # CLI flag: -pattern-ingester.tokens-file-path
    [tokens_file_path: <string> | default = ""]

    # The availability zone where this instance is running.
    # CLI flag: -pattern-ingester.availability-zone
    [availability_zone: <string> | default = ""]

    # Unregister from the ring upon clean shutdown. It can be useful to disable
    # for rolling restarts with consistent naming in conjunction with
    # -distributor.extend-writes=false.
    # CLI flag: -pattern-ingester.unregister-on-shutdown
    [unregister_on_shutdown: <boolean> | default = true]

    # When enabled the readiness probe succeeds only after all instances are
    # ACTIVE and healthy in the ring, otherwise only the instance itself is
    # checked. This option should be disabled if in your cluster multiple
    # instances can be rolled out simultaneously, otherwise rolling updates may
    # be slowed down.
    # CLI flag: -pattern-ingester.readiness-check-ring-health
    [readiness_check_ring_health: <boolean> | default = true]

    # IP address to advertise in the ring.
    # CLI flag: -pattern-ingester.lifecycler.addr
    [address: <string> | default = ""]

    # port to advertise in consul (defaults to server.grpc-listen-port).
    # CLI flag: -pattern-ingester.lifecycler.port
    [port: <int> | default = 0]

    # ID to register in the ring.
    # CLI flag: -pattern-ingester.lifecycler.ID
    [id: <string> | default = "<hostname>"]

  # Configures how the pattern ingester will connect to the ingesters.
  client_config:
    # Configures how connections are pooled.
    pool_config:
      # How frequently to clean up clients for ingesters that have gone away.
      # CLI flag: -pattern-ingester.client-cleanup-period
      [client_cleanup_period: <duration> | default = 15s]

      # Run a health check on each ingester client during periodic cleanup.
      # CLI flag: -pattern-ingester.health-check-ingesters
      [health_check_ingesters: <boolean> | default = true]

      # Timeout for the health check.
      # CLI flag: -pattern-ingester.remote-timeout
      [remote_timeout: <duration> | default = 1s]

    # The remote request timeout on the client side.
    # CLI flag: -pattern-ingester.client.timeout
    [remote_timeout: <duration> | default = 5s]

    # Configures how the gRPC connection to ingesters work as a client.
    # The CLI flags prefix for this block configuration is:
    # pattern-ingester.client
    [grpc_client_config: <grpc_client>]

  # How many flushes can happen concurrently from each stream.
  # CLI flag: -pattern-ingester.concurrent-flushes
  [concurrent_flushes: <int> | default = 32]

  # How often should the ingester see if there are any blocks to flush. The
  # first flush check is delayed by a random time up to 0.8x the flush check
  # period. Additionally, there is +/- 1% jitter added to the interval.
  # CLI flag: -pattern-ingester.flush-check-period
  [flush_check_period: <duration> | default = 1m]

  # The maximum number of detected pattern clusters that can be created by
  # streams.
  # CLI flag: -pattern-ingester.max-clusters
  [max_clusters: <int> | default = 300]

  # The maximum eviction ratio of patterns per stream. Once that ratio is
  # reached, the stream will throttled pattern detection.
  # CLI flag: -pattern-ingester.max-eviction-ratio
  [max_eviction_ratio: <float> | default = 0.25]

  # Configures the metric aggregation and storage behavior of the pattern
  # ingester.
  metric_aggregation:
    # How often to downsample metrics from raw push observations.
    # CLI flag: -pattern-ingester.metric-aggregation.downsample-period
    [downsample_period: <duration> | default = 10s]

    # The address of the Loki instance to push aggregated metrics to.
    # CLI flag: -pattern-ingester.metric-aggregation.loki-address
    [loki_address: <string> | default = ""]

    # The timeout for writing to Loki.
    # CLI flag: -pattern-ingester.metric-aggregation.timeout
    [timeout: <duration> | default = 10s]

    # How long to wait in between pushes to Loki.
    # CLI flag: -pattern-ingester.metric-aggregation.push-period
    [push_period: <duration> | default = 30s]

    # The HTTP client configuration for pushing metrics to Loki.
    http_client_config:
      basic_auth:
        [username: <string> | default = ""]

        [username_file: <string> | default = ""]

        [username_ref: <string> | default = ""]

        [password: <string> | default = ""]

        [password_file: <string> | default = ""]

        [password_ref: <string> | default = ""]

      authorization:
        [type: <string> | default = ""]

        [credentials: <string> | default = ""]

        [credentials_file: <string> | default = ""]

        [credentials_ref: <string> | default = ""]

      oauth2:
        [client_id: <string> | default = ""]

        [client_secret: <string> | default = ""]

        [client_secret_file: <string> | default = ""]

        [client_secret_ref: <string> | default = ""]

        [scopes: <list of strings>]

        [token_url: <string> | default = ""]

        [endpoint_params: <map of string to string>]

        tls_config:
          [ca: <string> | default = ""]

          [cert: <string> | default = ""]

          [key: <string> | default = ""]

          [ca_file: <string> | default = ""]

          [cert_file: <string> | default = ""]

          [key_file: <string> | default = ""]

          [ca_ref: <string> | default = ""]

          [cert_ref: <string> | default = ""]

          [key_ref: <string> | default = ""]

          [server_name: <string> | default = ""]

          [insecure_skip_verify: <boolean>]

          [min_version: <int>]

          [max_version: <int>]

        proxy_url:
          [url: <url>]

        [no_proxy: <string> | default = ""]

        [proxy_from_environment: <boolean>]

        [proxy_connect_header: <map of string to list of strings>]

      [bearer_token: <string> | default = ""]

      [bearer_token_file: <string> | default = ""]

      tls_config:
        [ca: <string> | default = ""]

        [cert: <string> | default = ""]

        [key: <string> | default = ""]

        [ca_file: <string> | default = ""]

        [cert_file: <string> | default = ""]

        [key_file: <string> | default = ""]

        [ca_ref: <string> | default = ""]

        [cert_ref: <string> | default = ""]

        [key_ref: <string> | default = ""]

        [server_name: <string> | default = ""]

        [insecure_skip_verify: <boolean>]

        [min_version: <int>]

        [max_version: <int>]

      [follow_redirects: <boolean>]

      [enable_http2: <boolean>]

      proxy_url:
        [url: <url>]

      [no_proxy: <string> | default = ""]

      [proxy_from_environment: <boolean>]

      [proxy_connect_header: <map of string to list of strings>]

      http_headers:
        [: <map of string to Header>]

    # Whether to use TLS for pushing metrics to Loki.
    # CLI flag: -pattern-ingester.metric-aggregation.tls
    [use_tls: <boolean> | default = false]

    # The basic auth configuration for pushing metrics to Loki.
    basic_auth:
      # Basic auth username for sending aggregations back to Loki.
      # CLI flag: -pattern-ingester.metric-aggregation.basic-auth.username
      [username: <string> | default = ""]

      # Basic auth password for sending aggregations back to Loki.
      # CLI flag: -pattern-ingester.metric-aggregation.basic-auth.password
      [password: <string> | default = ""]

    # The backoff configuration for pushing metrics to Loki.
    backoff_config:
      # Minimum delay when backing off.
      # CLI flag: -pattern-ingester.metric-aggregation.backoff-min-period
      [min_period: <duration> | default = 100ms]

      # Maximum delay when backing off.
      # CLI flag: -pattern-ingester.metric-aggregation.backoff-max-period
      [max_period: <duration> | default = 10s]

      # Number of times to backoff and retry before failing.
      # CLI flag: -pattern-ingester.metric-aggregation.backoff-retries
      [max_retries: <int> | default = 10]

  # Configures the pattern tee which forwards requests to the pattern ingester.
  tee_config:
    # The size of the batch of raw logs to send for template mining
    # CLI flag: -pattern-ingester.tee.batch-size
    [batch_size: <int> | default = 5000]

    # The max time between batches of raw logs to send for template mining
    # CLI flag: -pattern-ingester.tee.batch-flush-interval
    [batch_flush_interval: <duration> | default = 1s]

    # The number of log flushes to queue before dropping
    # CLI flag: -pattern-ingester.tee.flush-queue-size
    [flush_queue_size: <int> | default = 1000]

    # the number of concurrent workers sending logs to the template service
    # CLI flag: -pattern-ingester.tee.flush-worker-count
    [flush_worker_count: <int> | default = 100]

    # The max time we will try to flush any remaining logs to be mined when the
    # service is stopped
    # CLI flag: -pattern-ingester.tee.stop-flush-timeout
    [stop_flush_timeout: <duration> | default = 30s]

  # Timeout for connections between the Loki and the pattern ingester.
  # CLI flag: -pattern-ingester.connection-timeout
  [connection_timeout: <duration> | default = 2s]

  # The maximum length of log lines that can be used for pattern detection.
  # CLI flag: -pattern-ingester.max-allowed-line-length
  [max_allowed_line_length: <int> | default = 3000]

# The index_gateway block configures the Loki index gateway server, responsible
# for serving index queries without the need to constantly interact with the
# object store.
[index_gateway: <index_gateway>]

# Experimental: The bloom_build block configures the Loki bloom planner and
# builder servers, responsible for building bloom filters.
[bloom_build: <bloom_build>]

# Experimental: The bloom_gateway block configures the Loki bloom gateway
# server, responsible for serving queries for filtering chunks based on filter
# expressions.
[bloom_gateway: <bloom_gateway>]

# The storage_config block configures one of many possible stores for both the
# index and chunks. Which configuration to be picked should be defined in
# schema_config block.
[storage_config: <storage_config>]

# The chunk_store_config block configures how chunks will be cached and how long
# to wait before saving them to the backing store.
[chunk_store_config: <chunk_store_config>]

# Configures the chunk index schema and where it is stored.
[schema_config: <schema_config>]

# The compactor block configures the compactor component, which compacts index
# shards for performance.
[compactor: <compactor>]

compactor_grpc_client:
  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is: compactor.grpc-client
  [<grpc_client>]

# The limits_config block configures global and per-tenant limits in Loki. The
# values here can be overridden in the `overrides` section of the runtime_config
# file
[limits_config: <limits_config>]

# The frontend_worker configures the worker - running within the Loki querier -
# picking up and executing queries enqueued by the query-frontend.
[frontend_worker: <frontend_worker>]

# The table_manager block configures the table manager for retention.
[table_manager: <table_manager>]

# Configuration for memberlist client. Only applies if the selected kvstore is
# memberlist.
# 
# When a memberlist config with atleast 1 join_members is defined, kvstore of
# type memberlist is automatically selected for all the components that require
# a ring unless otherwise specified in the component's configuration section.
[memberlist: <memberlist>]

kafka_config:
  # The Kafka backend address.
  # CLI flag: -kafka.address
  [address: <string> | default = "localhost:9092"]

  # The Kafka topic name.
  # CLI flag: -kafka.topic
  [topic: <string> | default = ""]

  # The Kafka client ID.
  # CLI flag: -kafka.client-id
  [client_id: <string> | default = ""]

  # The maximum time allowed to open a connection to a Kafka broker.
  # CLI flag: -kafka.dial-timeout
  [dial_timeout: <duration> | default = 2s]

  # How long to wait for an incoming write request to be successfully committed
  # to the Kafka backend.
  # CLI flag: -kafka.write-timeout
  [write_timeout: <duration> | default = 10s]

  # The SASL username for authentication to Kafka using the PLAIN mechanism.
  # Both username and password must be set.
  # CLI flag: -kafka.sasl-username
  [sasl_username: <string> | default = ""]

  # The SASL password for authentication to Kafka using the PLAIN mechanism.
  # Both username and password must be set.
  # CLI flag: -kafka.sasl-password
  [sasl_password: <string> | default = ""]

  # The consumer group used by the consumer to track the last consumed offset.
  # The consumer group must be different for each ingester zone.When empty, Loki
  # uses the ingester instance ID.
  # CLI flag: -kafka.consumer-group
  [consumer_group: <string> | default = ""]

  # How frequently a consumer should commit the consumed offset to Kafka. The
  # last committed offset is used at startup to continue the consumption from
  # where it was left.
  # CLI flag: -kafka.consumer-group-offset-commit-interval
  [consumer_group_offset_commit_interval: <duration> | default = 1s]

  # How long to retry a failed request to get the last produced offset.
  # CLI flag: -kafka.last-produced-offset-retry-timeout
  [last_produced_offset_retry_timeout: <duration> | default = 10s]

  # Enable auto-creation of Kafka topic if it doesn't exist.
  # CLI flag: -kafka.auto-create-topic-enabled
  [auto_create_topic_enabled: <boolean> | default = true]

  # When auto-creation of Kafka topic is enabled and this value is positive,
  # Kafka's num.partitions configuration option is set on Kafka brokers with
  # this value when Loki component that uses Kafka starts. This configuration
  # option specifies the default number of partitions that the Kafka broker uses
  # for auto-created topics. Note that this is a Kafka-cluster wide setting, and
  # applies to any auto-created topic. If the setting of num.partitions fails,
  # Loki proceeds anyways, but auto-created topics could have an incorrect
  # number of partitions.
  # CLI flag: -kafka.auto-create-topic-default-partitions
  [auto_create_topic_default_partitions: <int> | default = 1000]

  # The maximum size of a Kafka record data that should be generated by the
  # producer. An incoming write request larger than this size is split into
  # multiple Kafka records. We strongly recommend to not change this setting
  # unless for testing purposes.
  # CLI flag: -kafka.producer-max-record-size-bytes
  [producer_max_record_size_bytes: <int> | default = 15983616]

  # The maximum size of (uncompressed) buffered and unacknowledged produced
  # records sent to Kafka. The produce request fails once this limit is reached.
  # This limit is per Kafka client. 0 to disable the limit.
  # CLI flag: -kafka.producer-max-buffered-bytes
  [producer_max_buffered_bytes: <int> | default = 1073741824]

  # The guaranteed maximum lag before a consumer is considered to have caught up
  # reading from a partition at startup, becomes ACTIVE in the hash ring and
  # passes the readiness check. Set -kafka.max-consumer-lag-at-startup to 0 to
  # disable waiting for maximum consumer lag being honored at startup.
  # CLI flag: -kafka.max-consumer-lag-at-startup
  [max_consumer_lag_at_startup: <duration> | default = 15s]

dataobj:
  consumer:
    builderconfig:
      # The size of the target page to use for the data object builder.
      # CLI flag: -dataobj-consumer.target-page-size
      [target_page_size: <int> | default = 2MiB]

      # The size of the target object to use for the data object builder.
      # CLI flag: -dataobj-consumer.target-object-size
      [target_object_size: <int> | default = 1GiB]

      # Configures a maximum size for sections, for sections that support it.
      # CLI flag: -dataobj-consumer.target-section-size
      [target_section_size: <int> | default = 128MiB]

      # The size of the buffer to use for sorting logs.
      # CLI flag: -dataobj-consumer.buffer-size
      [buffer_size: <int> | default = 16MiB]

      # The maximum number of stripes to merge into a section at once. Must be
      # greater than 1.
      # CLI flag: -dataobj-consumer.section-stripe-merge-limit
      [section_stripe_merge_limit: <int> | default = 2]

    uploader:
      # The size of the SHA prefix to use for generating object storage keys for
      # data objects.
      # CLI flag: -dataobj-consumer.sha-prefix-size
      [shaprefixsize: <int> | default = 2]

    # The maximum amount of time to wait in seconds before flushing an object
    # that is no longer receiving new writes
    # CLI flag: -dataobj-consumer.idle-flush-timeout
    [idle_flush_timeout: <duration> | default = 1h]

  querier:
    # Enable the dataobj querier.
    # CLI flag: -dataobj-querier-enabled
    [enabled: <boolean> | default = false]

    # The date of the first day of when the dataobj querier should start
    # querying from. In YYYY-MM-DD format, for example: 2018-04-15.
    # CLI flag: -dataobj-querier-from
    [from: <daytime> | default = 1970-01-01]

    # The number of shards to use for the dataobj querier.
    # CLI flag: -dataobj-querier-shard-factor
    [shard_factor: <int> | default = 32]

  # The prefix to use for the storage bucket.
  # CLI flag: -dataobj-storage-bucket-prefix
  [storage_bucket_prefix: <string> | default = "dataobj/"]

ingest_limits:
  # Enable the ingest limits service.
  # CLI flag: -ingest-limits.enabled
  [enabled: <boolean> | default = false]

  # The time window for which stream metadata is considered active.
  # CLI flag: -ingest-limits.window-size
  [window_size: <duration> | default = 1h]

  # The time window for rate calculation. This should match the window used in
  # Prometheus rate() queries for consistency.
  # CLI flag: -ingest-limits.rate-window
  [rate_window: <duration> | default = 5m]

  # The granularity of time buckets used for sliding window rate calculation.
  # Smaller buckets provide more precise rate tracking but require more memory.
  # CLI flag: -ingest-limits.bucket-duration
  [bucket_duration: <duration> | default = 1m]

  lifecycler:
    ring:
      kvstore:
        # Backend storage to use for the ring. Supported values are: consul,
        # etcd, inmemory, memberlist, multi.
        # CLI flag: -ingest-limits.store
        [store: <string> | default = "consul"]

        # The prefix for the keys in the store. Should end with a /.
        # CLI flag: -ingest-limits.prefix
        [prefix: <string> | default = "collectors/"]

        # Configuration for a Consul client. Only applies if the selected
        # kvstore is consul.
        # The CLI flags prefix for this block configuration is: ingest-limits
        [consul: <consul>]

        # Configuration for an ETCD v3 client. Only applies if the selected
        # kvstore is etcd.
        # The CLI flags prefix for this block configuration is: ingest-limits
        [etcd: <etcd>]

        multi:
          # Primary backend storage used by multi-client.
          # CLI flag: -ingest-limits.multi.primary
          [primary: <string> | default = ""]

          # Secondary backend storage used by multi-client.
          # CLI flag: -ingest-limits.multi.secondary
          [secondary: <string> | default = ""]

          # Mirror writes to secondary store.
          # CLI flag: -ingest-limits.multi.mirror-enabled
          [mirror_enabled: <boolean> | default = false]

          # Timeout for storing value to secondary store.
          # CLI flag: -ingest-limits.multi.mirror-timeout
          [mirror_timeout: <duration> | default = 2s]

      # The heartbeat timeout after which ingesters are skipped for
      # reads/writes. 0 = never (timeout disabled).
      # CLI flag: -ingest-limits.ring.heartbeat-timeout
      [heartbeat_timeout: <duration> | default = 1m]

      # The number of ingesters to write to and read from.
      # CLI flag: -ingest-limits.distributor.replication-factor
      [replication_factor: <int> | default = 3]

      # True to enable the zone-awareness and replicate ingested samples across
      # different availability zones.
      # CLI flag: -ingest-limits.distributor.zone-awareness-enabled
      [zone_awareness_enabled: <boolean> | default = false]

      # Comma-separated list of zones to exclude from the ring. Instances in
      # excluded zones will be filtered out from the ring.
      # CLI flag: -ingest-limits.distributor.excluded-zones
      [excluded_zones: <string> | default = ""]

    # Number of tokens for each ingester.
    # CLI flag: -ingest-limits.num-tokens
    [num_tokens: <int> | default = 128]

    # Period at which to heartbeat to consul. 0 = disabled.
    # CLI flag: -ingest-limits.heartbeat-period
    [heartbeat_period: <duration> | default = 5s]

    # Heartbeat timeout after which instance is assumed to be unhealthy. 0 =
    # disabled.
    # CLI flag: -ingest-limits.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # Observe tokens after generating to resolve collisions. Useful when using
    # gossiping ring.
    # CLI flag: -ingest-limits.observe-period
    [observe_period: <duration> | default = 0s]

    # Period to wait for a claim from another member; will join automatically
    # after this.
    # CLI flag: -ingest-limits.join-after
    [join_after: <duration> | default = 0s]

    # Minimum duration to wait after the internal readiness checks have passed
    # but before succeeding the readiness endpoint. This is used to slowdown
    # deployment controllers (eg. Kubernetes) after an instance is ready and
    # before they proceed with a rolling update, to give the rest of the cluster
    # instances enough time to receive ring updates.
    # CLI flag: -ingest-limits.min-ready-duration
    [min_ready_duration: <duration> | default = 15s]

    # Name of network interface to read address from.
    # CLI flag: -ingest-limits.lifecycler.interface
    [interface_names: <list of strings> | default = [<private network interfaces>]]

    # Enable IPv6 support. Required to make use of IP addresses from IPv6
    # interfaces.
    # CLI flag: -ingest-limits.enable-inet6
    [enable_inet6: <boolean> | default = false]

    # Duration to sleep for before exiting, to ensure metrics are scraped.
    # CLI flag: -ingest-limits.final-sleep
    [final_sleep: <duration> | default = 0s]

    # File path where tokens are stored. If empty, tokens are not stored at
    # shutdown and restored at startup.
    # CLI flag: -ingest-limits.tokens-file-path
    [tokens_file_path: <string> | default = ""]

    # The availability zone where this instance is running.
    # CLI flag: -ingest-limits.availability-zone
    [availability_zone: <string> | default = ""]

    # Unregister from the ring upon clean shutdown. It can be useful to disable
    # for rolling restarts with consistent naming in conjunction with
    # -distributor.extend-writes=false.
    # CLI flag: -ingest-limits.unregister-on-shutdown
    [unregister_on_shutdown: <boolean> | default = true]

    # When enabled the readiness probe succeeds only after all instances are
    # ACTIVE and healthy in the ring, otherwise only the instance itself is
    # checked. This option should be disabled if in your cluster multiple
    # instances can be rolled out simultaneously, otherwise rolling updates may
    # be slowed down.
    # CLI flag: -ingest-limits.readiness-check-ring-health
    [readiness_check_ring_health: <boolean> | default = true]

    # IP address to advertise in the ring.
    # CLI flag: -ingest-limits.lifecycler.addr
    [address: <string> | default = ""]

    # port to advertise in consul (defaults to server.grpc-listen-port).
    # CLI flag: -ingest-limits.lifecycler.port
    [port: <int> | default = 0]

    # ID to register in the ring.
    # CLI flag: -ingest-limits.lifecycler.ID
    [id: <string> | default = "<hostname>"]

  # The number of partitions for the Kafka topic used to read and write stream
  # metadata. It is fixed, not a maximum.
  # CLI flag: -ingest-limits.num-partitions
  [num_partitions: <int> | default = 64]

ingest_limits_frontend:
  client_config:
    # Configures client gRPC connections to limits service.
    # The CLI flags prefix for this block configuration is:
    # ingest-limits-frontend.limits-client
    [grpc_client_config: <grpc_client>]

    # Configures client gRPC connections pool to limits service.
    pool_config:
      # How frequently to clean up clients for ingest-limits that have gone
      # away.
      # CLI flag: -ingest-limits-frontend.client-cleanup-period
      [client_cleanup_period: <duration> | default = 15s]

      # Run a health check on each ingest-limits client during periodic cleanup.
      # CLI flag: -ingest-limits-frontend.health-check-ingest-limits
      [health_check_ingest_limits: <boolean> | default = true]

      # Timeout for the health check.
      # CLI flag: -ingest-limits-frontend.remote-timeout
      [remote_timeout: <duration> | default = 1s]

  lifecycler:
    ring:
      kvstore:
        # Backend storage to use for the ring. Supported values are: consul,
        # etcd, inmemory, memberlist, multi.
        # CLI flag: -ingest-limits-frontend.store
        [store: <string> | default = "consul"]

        # The prefix for the keys in the store. Should end with a /.
        # CLI flag: -ingest-limits-frontend.prefix
        [prefix: <string> | default = "collectors/"]

        # Configuration for a Consul client. Only applies if the selected
        # kvstore is consul.
        # The CLI flags prefix for this block configuration is:
        # ingest-limits-frontend
        [consul: <consul>]

        # Configuration for an ETCD v3 client. Only applies if the selected
        # kvstore is etcd.
        # The CLI flags prefix for this block configuration is:
        # ingest-limits-frontend
        [etcd: <etcd>]

        multi:
          # Primary backend storage used by multi-client.
          # CLI flag: -ingest-limits-frontend.multi.primary
          [primary: <string> | default = ""]

          # Secondary backend storage used by multi-client.
          # CLI flag: -ingest-limits-frontend.multi.secondary
          [secondary: <string> | default = ""]

          # Mirror writes to secondary store.
          # CLI flag: -ingest-limits-frontend.multi.mirror-enabled
          [mirror_enabled: <boolean> | default = false]

          # Timeout for storing value to secondary store.
          # CLI flag: -ingest-limits-frontend.multi.mirror-timeout
          [mirror_timeout: <duration> | default = 2s]

      # The heartbeat timeout after which ingesters are skipped for
      # reads/writes. 0 = never (timeout disabled).
      # CLI flag: -ingest-limits-frontend.ring.heartbeat-timeout
      [heartbeat_timeout: <duration> | default = 1m]

      # The number of ingesters to write to and read from.
      # CLI flag: -ingest-limits-frontend.distributor.replication-factor
      [replication_factor: <int> | default = 3]

      # True to enable the zone-awareness and replicate ingested samples across
      # different availability zones.
      # CLI flag: -ingest-limits-frontend.distributor.zone-awareness-enabled
      [zone_awareness_enabled: <boolean> | default = false]

      # Comma-separated list of zones to exclude from the ring. Instances in
      # excluded zones will be filtered out from the ring.
      # CLI flag: -ingest-limits-frontend.distributor.excluded-zones
      [excluded_zones: <string> | default = ""]

    # Number of tokens for each ingester.
    # CLI flag: -ingest-limits-frontend.num-tokens
    [num_tokens: <int> | default = 128]

    # Period at which to heartbeat to consul. 0 = disabled.
    # CLI flag: -ingest-limits-frontend.heartbeat-period
    [heartbeat_period: <duration> | default = 5s]

    # Heartbeat timeout after which instance is assumed to be unhealthy. 0 =
    # disabled.
    # CLI flag: -ingest-limits-frontend.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # Observe tokens after generating to resolve collisions. Useful when using
    # gossiping ring.
    # CLI flag: -ingest-limits-frontend.observe-period
    [observe_period: <duration> | default = 0s]

    # Period to wait for a claim from another member; will join automatically
    # after this.
    # CLI flag: -ingest-limits-frontend.join-after
    [join_after: <duration> | default = 0s]

    # Minimum duration to wait after the internal readiness checks have passed
    # but before succeeding the readiness endpoint. This is used to slowdown
    # deployment controllers (eg. Kubernetes) after an instance is ready and
    # before they proceed with a rolling update, to give the rest of the cluster
    # instances enough time to receive ring updates.
    # CLI flag: -ingest-limits-frontend.min-ready-duration
    [min_ready_duration: <duration> | default = 15s]

    # Name of network interface to read address from.
    # CLI flag: -ingest-limits-frontend.lifecycler.interface
    [interface_names: <list of strings> | default = [<private network interfaces>]]

    # Enable IPv6 support. Required to make use of IP addresses from IPv6
    # interfaces.
    # CLI flag: -ingest-limits-frontend.enable-inet6
    [enable_inet6: <boolean> | default = false]

    # Duration to sleep for before exiting, to ensure metrics are scraped.
    # CLI flag: -ingest-limits-frontend.final-sleep
    [final_sleep: <duration> | default = 0s]

    # File path where tokens are stored. If empty, tokens are not stored at
    # shutdown and restored at startup.
    # CLI flag: -ingest-limits-frontend.tokens-file-path
    [tokens_file_path: <string> | default = ""]

    # The availability zone where this instance is running.
    # CLI flag: -ingest-limits-frontend.availability-zone
    [availability_zone: <string> | default = ""]

    # Unregister from the ring upon clean shutdown. It can be useful to disable
    # for rolling restarts with consistent naming in conjunction with
    # -distributor.extend-writes=false.
    # CLI flag: -ingest-limits-frontend.unregister-on-shutdown
    [unregister_on_shutdown: <boolean> | default = true]

    # When enabled the readiness probe succeeds only after all instances are
    # ACTIVE and healthy in the ring, otherwise only the instance itself is
    # checked. This option should be disabled if in your cluster multiple
    # instances can be rolled out simultaneously, otherwise rolling updates may
    # be slowed down.
    # CLI flag: -ingest-limits-frontend.readiness-check-ring-health
    [readiness_check_ring_health: <boolean> | default = true]

    # IP address to advertise in the ring.
    # CLI flag: -ingest-limits-frontend.lifecycler.addr
    [address: <string> | default = ""]

    # port to advertise in consul (defaults to server.grpc-listen-port).
    # CLI flag: -ingest-limits-frontend.lifecycler.port
    [port: <int> | default = 0]

    # ID to register in the ring.
    # CLI flag: -ingest-limits-frontend.lifecycler.ID
    [id: <string> | default = "<hostname>"]

  # The period to recheck per tenant ingestion rate limit configuration.
  # CLI flag: -ingest-limits-frontend.recheck-period
  [recheck_period: <duration> | default = 10s]

ingest_limits_frontend_client:
  # Configures client gRPC connections to limits service.
  # The CLI flags prefix for this block configuration is:
  # ingest-limits-frontend-client
  [grpc_client_config: <grpc_client>]

  # Configures client gRPC connections pool to limits service.
  pool_config:
    # How frequently to clean up clients for ingest-limits-frontend that have
    # gone away.
    # CLI flag: -ingest-limits-frontend-client.client-cleanup-period
    [client_cleanup_period: <duration> | default = 15s]

    # Run a health check on each ingest-limits-frontend client during periodic
    # cleanup.
    # CLI flag: -ingest-limits-frontend-client.health-check-ingest-limits
    [health_check_ingest_limits: <boolean> | default = true]

    # Timeout for the health check.
    # CLI flag: -ingest-limits-frontend-client.remote-timeout
    [remote_timeout: <duration> | default = 1s]

# Configuration for 'runtime config' module, responsible for reloading runtime
# configuration file.
[runtime_config: <runtime_config>]

# These are values which allow you to control aspects of Loki's operation, most
# commonly used for controlling types of higher verbosity logging, the values
# here can be overridden in the `configs` section of the `runtime_config` file.
[operational_config: <operational_config>]

# Configuration for tracing.
[tracing: <tracing>]

# Configuration for analytics.
[analytics: <analytics>]

# Configuration for profiling options.
[profiling: <profiling>]

# Common configuration to be shared between multiple modules. If a more specific
# configuration is given in other sections, the related configuration within
# this section will be ignored.
[common: <common>]

# How long to wait between SIGTERM and shutdown. After receiving SIGTERM, Loki
# will report 503 Service Unavailable status via /ready endpoint.
# CLI flag: -shutdown-delay
[shutdown_delay: <duration> | default = 0s]

# Namespace of the metrics that in previous releases had cortex as namespace.
# This setting is deprecated and will be removed in the next minor release.
# CLI flag: -metrics-namespace
[metrics_namespace: <string> | default = "loki"]

alibabacloud_storage_config

alibabacloud_storage_config 块配置与阿里云存储对象存储后端的连接。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage
  • ruler.storage

 

yaml
# Name of OSS bucket.
# CLI flag: -<prefix>.oss.bucketname
[bucket: <string> | default = ""]

# oss Endpoint to connect to.
# CLI flag: -<prefix>.oss.endpoint
[endpoint: <string> | default = ""]

# alibabacloud Access Key ID
# CLI flag: -<prefix>.oss.access-key-id
[access_key_id: <string> | default = ""]

# alibabacloud Secret Access Key
# CLI flag: -<prefix>.oss.secret-access-key
[secret_access_key: <string> | default = ""]

# Connection timeout in seconds
# CLI flag: -<prefix>.oss.conn-timeout-sec
[conn_timeout_sec: <int> | default = 30]

# Read/Write timeout in seconds
# CLI flag: -<prefix>.oss.read-write-timeout-sec
[read_write_timeout_sec: <int> | default = 60]

analytics

analytics 的配置。

yaml
# Enable anonymous usage reporting.
# CLI flag: -reporting.enabled
[reporting_enabled: <boolean> | default = true]

# URL to which reports are sent
# CLI flag: -reporting.usage-stats-url
[usage_stats_url: <string> | default = "https://stats.grafana.org/loki-usage-report"]

# URL to the proxy server
# CLI flag: -reporting.proxy-url
[proxy_url: <string> | default = ""]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: reporting.tls-config
[tls_config: <tls_config>]

attributes_config

定义匹配 OpenTelemetry (OTEL) 属性的操作。

yaml
# Configures action to take on matching attributes. It allows one of
# [structured_metadata, drop] for all attribute types. It additionally allows
# index_label action for resource attributes
[action: <string> | default = ""]

# List of attributes to configure how to store them or drop them altogether
[attributes: <list of strings>]

# Regex to choose attributes to configure how to store them or drop them
# altogether
[regex: <Regexp>]

aws_storage_config

aws_storage_config 块配置与 dynamoDB 和 S3 对象存储的连接。可以配置其中一个或两者。

yaml
# Deprecated: Configures storing indexes in DynamoDB.
dynamodb:
  # DynamoDB endpoint URL with escaped Key and Secret encoded. If only region is
  # specified as a host, proper endpoint will be deduced. Use
  # inmemory:///<table-name> to use a mock in-memory implementation.
  # CLI flag: -dynamodb.url
  [dynamodb_url: <url>]

  # DynamoDB table management requests per second limit.
  # CLI flag: -dynamodb.api-limit
  [api_limit: <float> | default = 2]

  # DynamoDB rate cap to back off when throttled.
  # CLI flag: -dynamodb.throttle-limit
  [throttle_limit: <float> | default = 10]

  metrics:
    # Use metrics-based autoscaling, via this query URL
    # CLI flag: -metrics.url
    [url: <string> | default = ""]

    # Queue length above which we will scale up capacity
    # CLI flag: -metrics.target-queue-length
    [target_queue_length: <int> | default = 100000]

    # Scale up capacity by this multiple
    # CLI flag: -metrics.scale-up-factor
    [scale_up_factor: <float> | default = 1.3]

    # Ignore throttling below this level (rate per second)
    # CLI flag: -metrics.ignore-throttle-below
    [ignore_throttle_below: <float> | default = 1]

    # query to fetch ingester queue length
    # CLI flag: -metrics.queue-length-query
    [queue_length_query: <string> | default = "sum(avg_over_time(loki_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m])) or sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"]

    # query to fetch throttle rates per table
    # CLI flag: -metrics.write-throttle-query
    [write_throttle_query: <string> | default = "sum(rate(cortex_dynamo_throttled_total{operation=\"DynamoDB.BatchWriteItem\"}[1m])) by (table) > 0"]

    # query to fetch write capacity usage per table
    # CLI flag: -metrics.usage-query
    [write_usage_query: <string> | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.BatchWriteItem\"}[15m])) by (table) > 0"]

    # query to fetch read capacity usage per table
    # CLI flag: -metrics.read-usage-query
    [read_usage_query: <string> | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.QueryPages\"}[1h])) by (table) > 0"]

    # query to fetch read errors per table
    # CLI flag: -metrics.read-error-query
    [read_error_query: <string> | default = "sum(increase(cortex_dynamo_failures_total{operation=\"DynamoDB.QueryPages\",error=\"ProvisionedThroughputExceededException\"}[1m])) by (table) > 0"]

  # Number of chunks to group together to parallelise fetches (zero to disable)
  # CLI flag: -dynamodb.chunk-gang-size
  [chunk_gang_size: <int> | default = 10]

  # Max number of chunk-get operations to start in parallel
  # CLI flag: -dynamodb.chunk.get-max-parallelism
  [chunk_get_max_parallelism: <int> | default = 32]

  backoff_config:
    # Minimum backoff time
    # CLI flag: -dynamodb.min-backoff
    [min_period: <duration> | default = 100ms]

    # Maximum backoff time
    # CLI flag: -dynamodb.max-backoff
    [max_period: <duration> | default = 50s]

    # Maximum number of times to retry an operation
    # CLI flag: -dynamodb.max-retries
    [max_retries: <int> | default = 20]

  # KMS key used for encrypting DynamoDB items.  DynamoDB will use an Amazon
  # owned KMS key if not provided.
  # CLI flag: -dynamodb.kms-key-id
  [kms_key_id: <string> | default = ""]

# The s3_storage_config block configures the connection to Amazon S3 object
# storage backend.
[<s3_storage_config>]

azure_storage_config

azure_storage_config 块配置与 Azure 对象存储后端的连接。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage
  • ruler.storage

 

yaml
# Azure Cloud environment. Supported values are: AzureGlobal, AzureChinaCloud,
# AzureGermanCloud, AzureUSGovernment.
# CLI flag: -<prefix>.azure.environment
[environment: <string> | default = "AzureGlobal"]

# Azure storage account name.
# CLI flag: -<prefix>.azure.account-name
[account_name: <string> | default = ""]

# Azure storage account key.
# CLI flag: -<prefix>.azure.account-key
[account_key: <string> | default = ""]

# If `connection-string` is set, the values of `account-name` and
# `endpoint-suffix` values will not be used. Use this method over `account-key`
# if you need to authenticate via a SAS token. Or if you use the Azurite
# emulator.
# CLI flag: -<prefix>.azure.connection-string
[connection_string: <string> | default = ""]

# Name of the storage account blob container used to store chunks. This
# container must be created before running cortex.
# CLI flag: -<prefix>.azure.container-name
[container_name: <string> | default = "loki"]

# Azure storage endpoint suffix without schema. The storage account name will be
# prefixed to this value to create the FQDN.
# CLI flag: -<prefix>.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]

# Use Managed Identity to authenticate to the Azure storage account.
# CLI flag: -<prefix>.azure.use-managed-identity
[use_managed_identity: <boolean> | default = false]

# Use Federated Token to authenticate to the Azure storage account.
# CLI flag: -<prefix>.azure.use-federated-token
[use_federated_token: <boolean> | default = false]

# User assigned identity ID to authenticate to the Azure storage account.
# CLI flag: -<prefix>.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]

# Use Service Principal to authenticate through Azure OAuth.
# CLI flag: -<prefix>.azure.use-service-principal
[use_service_principal: <boolean> | default = false]

# Azure Service Principal ID(GUID).
# CLI flag: -<prefix>.azure.client-id
[client_id: <string> | default = ""]

# Azure Service Principal secret key.
# CLI flag: -<prefix>.azure.client-secret
[client_secret: <string> | default = ""]

# Azure Tenant ID is used to authenticate through Azure OAuth.
# CLI flag: -<prefix>.azure.tenant-id
[tenant_id: <string> | default = ""]

# Chunk delimiter for blob ID to be used
# CLI flag: -<prefix>.azure.chunk-delimiter
[chunk_delimiter: <string> | default = "-"]

# Preallocated buffer size for downloads.
# CLI flag: -<prefix>.azure.download-buffer-size
[download_buffer_size: <int> | default = 512000]

# Preallocated buffer size for uploads.
# CLI flag: -<prefix>.azure.upload-buffer-size
[upload_buffer_size: <int> | default = 256000]

# Number of buffers used to used to upload a chunk.
# CLI flag: -<prefix>.azure.download-buffer-count
[upload_buffer_count: <int> | default = 1]

# Timeout for requests made against azure blob storage.
# CLI flag: -<prefix>.azure.request-timeout
[request_timeout: <duration> | default = 30s]

# Number of retries for a request which times out.
# CLI flag: -<prefix>.azure.max-retries
[max_retries: <int> | default = 5]

# Minimum time to wait before retrying a request.
# CLI flag: -<prefix>.azure.min-retry-delay
[min_retry_delay: <duration> | default = 10ms]

# Maximum time to wait before retrying a request.
# CLI flag: -<prefix>.azure.max-retry-delay
[max_retry_delay: <duration> | default = 500ms]

bloom_build

实验性:bloom_build 块配置 Loki 布隆规划器和构建器服务器,负责构建布隆过滤器。

yaml
# Flag to enable or disable the usage of the bloom-planner and bloom-builder
# components.
# CLI flag: -bloom-build.enabled
[enabled: <boolean> | default = false]

planner:
  # Interval at which to re-run the bloom creation planning.
  # CLI flag: -bloom-build.planner.interval
  [planning_interval: <duration> | default = 8h]

  # Newest day-table offset (from today, inclusive) to build blooms for. 0 start
  # building from today, 1 from yesterday and so on. Increase to lower cost by
  # not re-writing data to object storage too frequently since recent data
  # changes more often at the cost of not having blooms available as quickly.
  # CLI flag: -bloom-build.planner.min-table-offset
  [min_table_offset: <int> | default = 0]

  # Oldest day-table offset (from today, inclusive) to build blooms for. 1 till
  # yesterday, 2 till day before yesterday and so on. This can be used to lower
  # cost by not trying to build blooms for older data which doesn't change. This
  # can be optimized by aligning it with the maximum
  # `reject_old_samples_max_age` setting of any tenant.
  # CLI flag: -bloom-build.planner.max-table-offset
  [max_table_offset: <int> | default = 1]

  retention:
    # Enable bloom retention.
    # CLI flag: -bloom-build.planner.retention.enabled
    [enabled: <boolean> | default = false]

  queue:
    # Maximum number of tasks to queue per tenant.
    # CLI flag: -bloom-build.planner.queue.max-tasks-per-tenant
    [max_queued_tasks_per_tenant: <int> | default = 30000]

    # Whether to store tasks on disk.
    # CLI flag: -bloom-build.planner.queue.store-tasks-on-disk
    [store_tasks_on_disk: <boolean> | default = false]

    # Directory to store tasks on disk.
    # CLI flag: -bloom-build.planner.queue.tasks-disk-directory
    [tasks_disk_directory: <string> | default = "/tmp/bloom-planner-queue"]

    # Whether to clean the tasks directory on startup.
    # CLI flag: -bloom-build.planner.queue.clean-tasks-directory
    [clean_tasks_directory: <boolean> | default = false]

builder:
  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is:
  # bloom-build.builder.grpc
  [grpc_config: <grpc_client>]

  # Hostname (and port) of the bloom planner
  # CLI flag: -bloom-build.builder.planner-address
  [planner_address: <string> | default = ""]

  backoff_config:
    # Minimum delay when backing off.
    # CLI flag: -bloom-build.builder.backoff.backoff-min-period
    [min_period: <duration> | default = 100ms]

    # Maximum delay when backing off.
    # CLI flag: -bloom-build.builder.backoff.backoff-max-period
    [max_period: <duration> | default = 10s]

    # Number of times to backoff and retry before failing.
    # CLI flag: -bloom-build.builder.backoff.backoff-retries
    [max_retries: <int> | default = 10]

bloom_gateway

实验性:bloom_gateway 块配置 Loki 布隆网关服务器,负责提供用于基于过滤器表达式过滤块的查询。

yaml
# Flag to enable or disable the bloom gateway component globally.
# CLI flag: -bloom-gateway.enabled
[enabled: <boolean> | default = false]

client:
  # Configures the behavior of the connection pool.
  pool_config:
    # How frequently to update the list of servers.
    # CLI flag: -bloom-gateway-client.pool.check-interval
    [check_interval: <duration> | default = 15s]

  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is:
  # bloom-gateway-client.grpc
  [grpc_client_config: <grpc_client>]

  # Comma separated addresses list in DNS Service Discovery format:
  # https://grafana.org.cn/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes
  # CLI flag: -bloom-gateway-client.addresses
  [addresses: <string> | default = ""]

# Number of workers to use for filtering chunks concurrently. Usually set to 1x
# number of CPU cores.
# CLI flag: -bloom-gateway.worker-concurrency
[worker_concurrency: <int> | default = 4]

# Number of blocks processed concurrently on a single worker. Usually set to 2x
# number of CPU cores.
# CLI flag: -bloom-gateway.block-query-concurrency
[block_query_concurrency: <int> | default = 8]

# Maximum number of outstanding tasks per tenant.
# CLI flag: -bloom-gateway.max-outstanding-per-tenant
[max_outstanding_per_tenant: <int> | default = 1024]

# How many tasks are multiplexed at once.
# CLI flag: -bloom-gateway.num-multiplex-tasks
[num_multiplex_tasks: <int> | default = 512]

bos_storage_config

bos_storage_config 块配置与百度对象存储 (BOS) 对象存储后端的连接。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage
  • ruler.storage

 

yaml
# Name of BOS bucket.
# CLI flag: -<prefix>.bos.bucket-name
[bucket_name: <string> | default = ""]

# BOS endpoint to connect to.
# CLI flag: -<prefix>.bos.endpoint
[endpoint: <string> | default = "bj.bcebos.com"]

# Baidu Cloud Engine (BCE) Access Key ID.
# CLI flag: -<prefix>.bos.access-key-id
[access_key_id: <string> | default = ""]

# Baidu Cloud Engine (BCE) Secret Access Key.
# CLI flag: -<prefix>.bos.secret-access-key
[secret_access_key: <string> | default = ""]

cache_config

cache_config 块配置特定 Loki 组件的缓存后端。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • bloom.metas-cache
  • frontend
  • frontend.index-stats-results-cache
  • frontend.instant-metric-results-cache
  • frontend.label-results-cache
  • frontend.series-results-cache
  • frontend.volume-results-cache
  • store.chunks-cache
  • store.chunks-cache-l2
  • store.index-cache-read
  • store.index-cache-write

 

yaml
# The default validity of entries for caches unless overridden.
# CLI flag: -<prefix>.default-validity
[default_validity: <duration> | default = 1h]

background:
  # At what concurrency to write back to cache.
  # CLI flag: -<prefix>.background.write-back-concurrency
  [writeback_goroutines: <int> | default = 1]

  # How many key batches to buffer for background write-back. Default is large
  # to prefer size based limiting.
  # CLI flag: -<prefix>.background.write-back-buffer
  [writeback_buffer: <int> | default = 500000]

  # Size limit in bytes for background write-back.
  # CLI flag: -<prefix>.background.write-back-size-limit
  [writeback_size_limit: <int> | default = 500MB]

memcached:
  # How long keys stay in the memcache.
  # CLI flag: -<prefix>.memcached.expiration
  [expiration: <duration> | default = 0s]

  # How many keys to fetch in each batch.
  # CLI flag: -<prefix>.memcached.batchsize
  [batch_size: <int> | default = 4]

  # Maximum active requests to memcache.
  # CLI flag: -<prefix>.memcached.parallelism
  [parallelism: <int> | default = 5]

memcached_client:
  # Hostname for memcached service to use. If empty and if addresses is unset,
  # no memcached will be used.
  # CLI flag: -<prefix>.memcached.hostname
  [host: <string> | default = ""]

  # SRV service used to discover memcache servers.
  # CLI flag: -<prefix>.memcached.service
  [service: <string> | default = "memcached"]

  # Comma separated addresses list in DNS Service Discovery format:
  # https://grafana.org.cn/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes
  # CLI flag: -<prefix>.memcached.addresses
  [addresses: <string> | default = ""]

  # Maximum time to wait before giving up on memcached requests.
  # CLI flag: -<prefix>.memcached.timeout
  [timeout: <duration> | default = 100ms]

  # Maximum number of idle connections in pool.
  # CLI flag: -<prefix>.memcached.max-idle-conns
  [max_idle_conns: <int> | default = 16]

  # The maximum size of an item stored in memcached. Bigger items are not
  # stored. If set to 0, no maximum size is enforced.
  # CLI flag: -<prefix>.memcached.max-item-size
  [max_item_size: <int> | default = 0]

  # Period with which to poll DNS for memcache servers.
  # CLI flag: -<prefix>.memcached.update-interval
  [update_interval: <duration> | default = 1m]

  # Use consistent hashing to distribute to memcache servers.
  # CLI flag: -<prefix>.memcached.consistent-hash
  [consistent_hash: <boolean> | default = true]

  # Trip circuit-breaker after this number of consecutive dial failures (if zero
  # then circuit-breaker is disabled).
  # CLI flag: -<prefix>.memcached.circuit-breaker-consecutive-failures
  [circuit_breaker_consecutive_failures: <int> | default = 10]

  # Duration circuit-breaker remains open after tripping (if zero then 60
  # seconds is used).
  # CLI flag: -<prefix>.memcached.circuit-breaker-timeout
  [circuit_breaker_timeout: <duration> | default = 10s]

  # Reset circuit-breaker counts after this long (if zero then never reset).
  # CLI flag: -<prefix>.memcached.circuit-breaker-interval
  [circuit_breaker_interval: <duration> | default = 10s]

  # Enable connecting to Memcached with TLS.
  # CLI flag: -<prefix>.memcached.tls-enabled
  [tls_enabled: <boolean> | default = false]

  # The TLS configuration.
  # The CLI flags prefix for this block configuration is:
  # store.index-cache-write.memcached
  [<tls_config>]

redis:
  # Redis Server or Cluster configuration endpoint to use for caching. A
  # comma-separated list of endpoints for Redis Cluster or Redis Sentinel. If
  # empty, no redis will be used.
  # CLI flag: -<prefix>.redis.endpoint
  [endpoint: <string> | default = ""]

  # Redis Sentinel master name. An empty string for Redis Server or Redis
  # Cluster.
  # CLI flag: -<prefix>.redis.master-name
  [master_name: <string> | default = ""]

  # Maximum time to wait before giving up on redis requests.
  # CLI flag: -<prefix>.redis.timeout
  [timeout: <duration> | default = 500ms]

  # How long keys stay in the redis.
  # CLI flag: -<prefix>.redis.expiration
  [expiration: <duration> | default = 0s]

  # Database index.
  # CLI flag: -<prefix>.redis.db
  [db: <int> | default = 0]

  # Maximum number of connections in the pool.
  # CLI flag: -<prefix>.redis.pool-size
  [pool_size: <int> | default = 0]

  # Username to use when connecting to redis.
  # CLI flag: -<prefix>.redis.username
  [username: <string> | default = ""]

  # Password to use when connecting to redis.
  # CLI flag: -<prefix>.redis.password
  [password: <string> | default = ""]

  # Enable connecting to redis with TLS.
  # CLI flag: -<prefix>.redis.tls-enabled
  [tls_enabled: <boolean> | default = false]

  # Skip validating server certificate.
  # CLI flag: -<prefix>.redis.tls-insecure-skip-verify
  [tls_insecure_skip_verify: <boolean> | default = false]

  # Close connections after remaining idle for this duration. If the value is
  # zero, then idle connections are not closed.
  # CLI flag: -<prefix>.redis.idle-timeout
  [idle_timeout: <duration> | default = 0s]

  # Close connections older than this duration. If the value is zero, then the
  # pool does not close connections based on age.
  # CLI flag: -<prefix>.redis.max-connection-age
  [max_connection_age: <duration> | default = 0s]

  # By default, the Redis client only reads from the master node. Enabling this
  # option can lower pressure on the master node by randomly routing read-only
  # commands to the master and any available replicas.
  # CLI flag: -<prefix>.redis.route-randomly
  [route_randomly: <boolean> | default = false]

embedded_cache:
  # Whether embedded cache is enabled.
  # CLI flag: -<prefix>.embedded-cache.enabled
  [enabled: <boolean> | default = false]

  # Maximum memory size of the cache in MB.
  # CLI flag: -<prefix>.embedded-cache.max-size-mb
  [max_size_mb: <int> | default = 100]

  # Maximum number of entries in the cache.
  # CLI flag: -<prefix>.embedded-cache.max-size-items
  [max_size_items: <int> | default = 0]

  # The time to live for items in the cache before they get purged.
  # CLI flag: -<prefix>.embedded-cache.ttl
  [ttl: <duration> | default = 1h]

chunk_store_config

chunk_store_config 块配置块将如何缓存以及在保存到后端存储之前等待多久。

yaml
# The cache_config block configures the cache backend for a specific Loki
# component.
# The CLI flags prefix for this block configuration is: store.chunks-cache
[chunk_cache_config: <cache_config>]

# The cache_config block configures the cache backend for a specific Loki
# component.
# The CLI flags prefix for this block configuration is: store.chunks-cache-l2
[chunk_cache_config_l2: <cache_config>]

# Write dedupe cache is deprecated along with legacy index types (aws,
# aws-dynamo, bigtable, bigtable-hashed, cassandra, gcp, gcp-columnkey,
# grpc-store).
# Consider using TSDB index which does not require a write dedupe cache.
# The CLI flags prefix for this block configuration is: store.index-cache-write
[write_dedupe_cache_config: <cache_config>]

# Chunks fetched from queriers before this duration will not be written to the
# cache. A value of 0 will write all chunks to the cache
# CLI flag: -store.skip-query-writeback-older-than
[skip_query_writeback_cache_older_than: <duration> | default = 0s]

# Chunks will be handed off to the L2 cache after this duration. 0 to disable L2
# cache.
# CLI flag: -store.chunks-cache-l2.handoff
[l2_chunk_cache_handoff: <duration> | default = 0s]

# Cache index entries older than this period. 0 to disable.
# CLI flag: -store.cache-lookups-older-than
[cache_lookups_older_than: <duration> | default = 0s]

common

多个模块之间共享的通用配置。如果在其他部分给出了更具体的配置,则此部分中的相关配置将被忽略。

yaml
# prefix for the path
# CLI flag: -common.path-prefix
[path_prefix: <string> | default = ""]

storage:
  # The s3_storage_config block configures the connection to Amazon S3 object
  # storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [s3: <s3_storage_config>]

  # The gcs_storage_config block configures the connection to Google Cloud
  # Storage object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [gcs: <gcs_storage_config>]

  # The azure_storage_config block configures the connection to Azure object
  # storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [azure: <azure_storage_config>]

  # The alibabacloud_storage_config block configures the connection to Alibaba
  # Cloud Storage object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [alibabacloud: <alibabacloud_storage_config>]

  # The bos_storage_config block configures the connection to Baidu Object
  # Storage (BOS) object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [bos: <bos_storage_config>]

  # The swift_storage_config block configures the connection to OpenStack Object
  # Storage (Swift) object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [swift: <swift_storage_config>]

  filesystem:
    # Directory to store chunks in.
    # CLI flag: -common.storage.filesystem.chunk-directory
    [chunks_directory: <string> | default = ""]

    # Directory to store rules in.
    # CLI flag: -common.storage.filesystem.rules-directory
    [rules_directory: <string> | default = ""]

  hedging:
    # If set to a non-zero value a second request will be issued at the provided
    # duration. Default is 0 (disabled)
    # CLI flag: -common.storage.hedge-requests-at
    [at: <duration> | default = 0s]

    # The maximum of hedge requests allowed.
    # CLI flag: -common.storage.hedge-requests-up-to
    [up_to: <int> | default = 2]

    # The maximum of hedge requests allowed per seconds.
    # CLI flag: -common.storage.hedge-max-per-second
    [max_per_second: <int> | default = 5]

  # The cos_storage_config block configures the connection to IBM Cloud Object
  # Storage (COS) backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [cos: <cos_storage_config>]

  congestion_control:
    # Use storage congestion control (default: disabled).
    # CLI flag: -common.storage.congestion-control.enabled
    [enabled: <boolean> | default = false]

    controller:
      # Congestion control strategy to use (default: none, options: 'aimd').
      # CLI flag: -common.storage.congestion-control.strategy
      [strategy: <string> | default = ""]

      aimd:
        # AIMD starting throughput window size: how many requests can be sent
        # per second (default: 2000).
        # CLI flag: -common.storage.congestion-control.strategy.aimd.start
        [start: <int> | default = 2000]

        # AIMD maximum throughput window size: upper limit of requests sent per
        # second (default: 10000).
        # CLI flag: -common.storage.congestion-control.strategy.aimd.upper-bound
        [upper_bound: <int> | default = 10000]

        # AIMD backoff factor when upstream service is throttled to decrease
        # number of requests sent per second (default: 0.5).
        # CLI flag: -common.storage.congestion-control.strategy.aimd.backoff-factor
        [backoff_factor: <float> | default = 0.5]

    retry:
      # Congestion control retry strategy to use (default: none, options:
      # 'limited').
      # CLI flag: -common.storage.congestion-control.retry.strategy
      [strategy: <string> | default = ""]

      # Maximum number of retries allowed.
      # CLI flag: -common.storage.congestion-control.retry.strategy.limited.limit
      [limit: <int> | default = 2]

    hedging:
      config:
        [at: <duration>]

        [up_to: <int>]

        [max_per_second: <int>]

      # Congestion control hedge strategy to use (default: none, options:
      # 'limited').
      # CLI flag: -common.storage.congestion-control.hedge.strategy
      [strategy: <string> | default = ""]

  # The thanos_object_store_config block configures the connection to object
  # storage backend using thanos-io/objstore clients. This will become the
  # default way of configuring object store clients in future releases.
  # Currently this is opt-in and takes effect only when `-use-thanos-objstore`
  # is set to true.
  # The CLI flags prefix for this block configuration is:
  # common.storage.object-store
  [object_store: <thanos_object_store_config>]

[persist_tokens: <boolean>]

[replication_factor: <int>]

ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -common.storage.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -common.storage.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: common.storage.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: common.storage.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -common.storage.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -common.storage.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to secondary store.
      # CLI flag: -common.storage.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing value to secondary store.
      # CLI flag: -common.storage.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring. 0 = disabled.
  # CLI flag: -common.storage.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -common.storage.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -common.storage.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -common.storage.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Number of tokens to own in the ring.
  # CLI flag: -common.storage.ring.num-tokens
  [num_tokens: <int> | default = 128]

  # Factor for data replication.
  # CLI flag: -common.storage.ring.replication-factor
  [replication_factor: <int> | default = 3]

  # Instance ID to register in the ring.
  # CLI flag: -common.storage.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -common.storage.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -common.storage.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -common.storage.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -common.storage.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -common.storage.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

[instance_interface_names: <list of strings> | default = [<private network interfaces>]]

[instance_addr: <string> | default = ""]

# the http address of the compactor in the form http://host:port
# CLI flag: -common.compactor-address
[compactor_address: <string> | default = ""]

# the grpc address of the compactor in the form host:port
# CLI flag: -common.compactor-grpc-address
[compactor_grpc_address: <string> | default = ""]

compactor

compactor 块配置 compact 组件,该组件压缩索引分片以提高性能。

yaml
# Directory where files can be downloaded for compaction.
# CLI flag: -compactor.working-directory
[working_directory: <string> | default = "/var/loki/compactor"]

# Interval at which to re-run the compaction operation.
# CLI flag: -compactor.compaction-interval
[compaction_interval: <duration> | default = 10m]

# Interval at which to apply/enforce retention. 0 means run at same interval as
# compaction. If non-zero, it should always be a multiple of compaction
# interval.
# CLI flag: -compactor.apply-retention-interval
[apply_retention_interval: <duration> | default = 0s]

# Activate custom (per-stream,per-tenant) retention.
# CLI flag: -compactor.retention-enabled
[retention_enabled: <boolean> | default = false]

# Delay after which chunks will be fully deleted during retention.
# CLI flag: -compactor.retention-delete-delay
[retention_delete_delay: <duration> | default = 2h]

# The total amount of worker to use to delete chunks.
# CLI flag: -compactor.retention-delete-worker-count
[retention_delete_worker_count: <int> | default = 150]

# The maximum amount of time to spend running retention and deletion on any
# given table in the index.
# CLI flag: -compactor.retention-table-timeout
[retention_table_timeout: <duration> | default = 0s]

retention_backoff_config:
  # Minimum delay when backing off.
  # CLI flag: -compactor.retention-backoff-config.backoff-min-period
  [min_period: <duration> | default = 100ms]

  # Maximum delay when backing off.
  # CLI flag: -compactor.retention-backoff-config.backoff-max-period
  [max_period: <duration> | default = 10s]

  # Number of times to backoff and retry before failing.
  # CLI flag: -compactor.retention-backoff-config.backoff-retries
  [max_retries: <int> | default = 10]

# Store used for managing delete requests.
# CLI flag: -compactor.delete-request-store
[delete_request_store: <string> | default = ""]

# Path prefix for storing delete requests.
# CLI flag: -compactor.delete-request-store.key-prefix
[delete_request_store_key_prefix: <string> | default = "index/"]

# Type of DB to use for storing delete requests. Supported types: boltdb, sqlite
# CLI flag: -compactor.delete-request-store.db-type
[delete_request_store_db_type: <string> | default = "boltdb"]

# Type of DB to use as backup for storing delete requests. Backup DB should
# ideally be used while migrating from one DB type to another. Supported
# type(s): boltdb
# CLI flag: -compactor.delete-request-store.backup-db-type
[backup_delete_request_store_db_type: <string> | default = ""]

# The max number of delete requests to run per compaction cycle.
# CLI flag: -compactor.delete-batch-size
[delete_batch_size: <int> | default = 70]

# Allow cancellation of delete request until duration after they are created.
# Data would be deleted only after delete requests have been older than this
# duration. Ideally this should be set to at least 24h.
# CLI flag: -compactor.delete-request-cancel-period
[delete_request_cancel_period: <duration> | default = 24h]

# Constrain the size of any single delete request with line filters. When a
# delete request > delete_max_interval is input, the request is sharded into
# smaller requests of no more than delete_max_interval
# CLI flag: -compactor.delete-max-interval
[delete_max_interval: <duration> | default = 24h]

# Maximum number of tables to compact in parallel. While increasing this value,
# please make sure compactor has enough disk space allocated to be able to store
# and compact as many tables.
# CLI flag: -compactor.max-compaction-parallelism
[max_compaction_parallelism: <int> | default = 1]

# Number of upload/remove operations to execute in parallel when finalizing a
# compaction. NOTE: This setting is per compaction operation, which can be
# executed in parallel. The upper bound on the number of concurrent uploads is
# upload_parallelism * max_compaction_parallelism.
# CLI flag: -compactor.upload-parallelism
[upload_parallelism: <int> | default = 10]

# The hash ring configuration used by compactors to elect a single instance for
# running compactions. The CLI flags prefix for this block config is:
# compactor.ring
compactor_ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -compactor.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -compactor.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: compactor.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: compactor.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -compactor.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -compactor.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to secondary store.
      # CLI flag: -compactor.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing value to secondary store.
      # CLI flag: -compactor.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring. 0 = disabled.
  # CLI flag: -compactor.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -compactor.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -compactor.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -compactor.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Instance ID to register in the ring.
  # CLI flag: -compactor.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -compactor.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -compactor.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -compactor.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -compactor.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -compactor.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

# Number of tables that compactor will try to compact. Newer tables are chosen
# when this is less than the number of tables available.
# CLI flag: -compactor.tables-to-compact
[tables_to_compact: <int> | default = 0]

# Do not compact N latest tables. Together with -compactor.run-once and
# -compactor.tables-to-compact, this is useful when clearing compactor backlogs.
# CLI flag: -compactor.skip-latest-n-tables
[skip_latest_n_tables: <int> | default = 0]

consul

Consul 客户端配置。仅在选定的 kvstore 为 consul 时适用。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage.ring
  • compactor.ring
  • distributor.ring
  • index-gateway.ring
  • ingest-limits
  • ingest-limits-frontend
  • ingester.partition-ring
  • pattern-ingester
  • query-scheduler.ring
  • ruler.ring

 

yaml
# Hostname and port of Consul.
# CLI flag: -<prefix>.consul.hostname
[host: <string> | default = "localhost:8500"]

# ACL Token used to interact with Consul.
# CLI flag: -<prefix>.consul.acl-token
[acl_token: <string> | default = ""]

# HTTP timeout when talking to Consul
# CLI flag: -<prefix>.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]

# Enable consistent reads to Consul.
# CLI flag: -<prefix>.consul.consistent-reads
[consistent_reads: <boolean> | default = false]

# Rate limit when watching key or prefix in Consul, in requests per second. 0
# disables the rate limit.
# CLI flag: -<prefix>.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]

# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -<prefix>.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]

# Maximum duration to wait before retrying a Compare And Swap (CAS) operation.
# CLI flag: -<prefix>.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]

cos_storage_config

cos_storage_config 块配置与 IBM Cloud Object Storage (COS) 后端的连接。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage
  • ruler.storage

 

yaml
# Set this to `true` to force the request to use path-style addressing.
# CLI flag: -<prefix>.cos.force-path-style
[forcepathstyle: <boolean> | default = false]

# Comma separated list of bucket names to evenly distribute chunks over.
# CLI flag: -<prefix>.cos.buckets
[bucketnames: <string> | default = ""]

# COS Endpoint to connect to.
# CLI flag: -<prefix>.cos.endpoint
[endpoint: <string> | default = ""]

# COS region to use.
# CLI flag: -<prefix>.cos.region
[region: <string> | default = ""]

# COS HMAC Access Key ID.
# CLI flag: -<prefix>.cos.access-key-id
[access_key_id: <string> | default = ""]

# COS HMAC Secret Access Key.
# CLI flag: -<prefix>.cos.secret-access-key
[secret_access_key: <string> | default = ""]

http_config:
  # The maximum amount of time an idle connection will be held open.
  # CLI flag: -<prefix>.cos.http.idle-conn-timeout
  [idle_conn_timeout: <duration> | default = 1m30s]

  # If non-zero, specifies the amount of time to wait for a server's response
  # headers after fully writing the request.
  # CLI flag: -<prefix>.cos.http.response-header-timeout
  [response_header_timeout: <duration> | default = 0s]

# Configures back off when cos get Object.
backoff_config:
  # Minimum backoff time when cos get Object.
  # CLI flag: -<prefix>.cos.min-backoff
  [min_period: <duration> | default = 100ms]

  # Maximum backoff time when cos get Object.
  # CLI flag: -<prefix>.cos.max-backoff
  [max_period: <duration> | default = 3s]

  # Maximum number of times to retry when cos get Object.
  # CLI flag: -<prefix>.cos.max-retries
  [max_retries: <int> | default = 5]

# IAM API key to access COS.
# CLI flag: -<prefix>.cos.api-key
[api_key: <string> | default = ""]

# COS service instance id to use.
# CLI flag: -<prefix>.cos.service-instance-id
[service_instance_id: <string> | default = ""]

# IAM Auth Endpoint for authentication.
# CLI flag: -<prefix>.cos.auth-endpoint
[auth_endpoint: <string> | default = "https://iam.cloud.ibm.com/identity/token"]

# Compute resource token file path.
# CLI flag: -<prefix>.cos.cr-token-file-path
[cr_token_file_path: <string> | default = ""]

# Name of the trusted profile.
# CLI flag: -<prefix>.cos.trusted-profile-name
[trusted_profile_name: <string> | default = ""]

# ID of the trusted profile.
# CLI flag: -<prefix>.cos.trusted-profile-id
[trusted_profile_id: <string> | default = ""]

distributor

配置 distributor

yaml
ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -distributor.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -distributor.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: distributor.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: distributor.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -distributor.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -distributor.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to secondary store.
      # CLI flag: -distributor.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing value to secondary store.
      # CLI flag: -distributor.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring. 0 = disabled.
  # CLI flag: -distributor.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 5s]

  # The heartbeat timeout after which distributors are considered unhealthy
  # within the ring. 0 = never (timeout disabled).
  # CLI flag: -distributor.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # Name of network interface to read address from.
  # CLI flag: -distributor.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

# Number of workers to push batches to ingesters.
# CLI flag: -distributor.push-worker-count
[push_worker_count: <int> | default = 256]

rate_store:
  # The max number of concurrent requests to make to ingester stream apis
  # CLI flag: -distributor.rate-store.max-request-parallelism
  [max_request_parallelism: <int> | default = 200]

  # The interval on which distributors will update current stream rates from
  # ingesters
  # CLI flag: -distributor.rate-store.stream-rate-update-interval
  [stream_rate_update_interval: <duration> | default = 1s]

  # Timeout for communication between distributors and any given ingester when
  # updating rates
  # CLI flag: -distributor.rate-store.ingester-request-timeout
  [ingester_request_timeout: <duration> | default = 500ms]

  # If enabled, detailed logs and spans will be emitted.
  # CLI flag: -distributor.rate-store.debug
  [debug: <boolean> | default = false]

# Customize the logging of write failures.
write_failures_logging:
  # Log volume allowed (per second). Default: 1KB.
  # CLI flag: -distributor.write-failures-logging.rate
  [rate: <int> | default = 1KB]

  # Whether a insight=true key should be logged or not. Default: false.
  # CLI flag: -distributor.write-failures-logging.add-insights-label
  [add_insights_label: <boolean> | default = false]

otlp_config:
  # List of default otlp resource attributes to be picked as index labels
  # CLI flag: -distributor.otlp.default_resource_attributes_as_index_labels
  [default_resource_attributes_as_index_labels: <list of strings> | default = [service.name service.namespace service.instance.id deployment.environment deployment.environment.name cloud.region cloud.availability_zone k8s.cluster.name k8s.namespace.name k8s.pod.name k8s.container.name container.name k8s.replicaset.name k8s.deployment.name k8s.statefulset.name k8s.daemonset.name k8s.cronjob.name k8s.job.name]]

# Enable writes to Kafka during Push requests.
# CLI flag: -distributor.kafka-writes-enabled
[kafka_writes_enabled: <boolean> | default = false]

# Enable writes to Ingesters during Push requests. Defaults to true.
# CLI flag: -distributor.ingester-writes-enabled
[ingester_writes_enabled: <boolean> | default = true]

# Enable checking limits against the ingest-limits service. Defaults to false.
# CLI flag: -distributor.ingest-limits-enabled
[ingest_limits_enabled: <boolean> | default = false]

# Enable dry-run mode where limits are checked the ingest-limits service, but
# not enforced. Defaults to false.
# CLI flag: -distributor.ingest-limits-dry-run-enabled
[ingest_limits_dry_run_enabled: <boolean> | default = false]

tenant_topic:
  # Enable the tenant topic tee, which writes logs to Kafka topics based on
  # tenant IDs instead of using multitenant topics/partitions.
  # CLI flag: -distributor.tenant-topic-tee.enabled
  [enabled: <boolean> | default = false]

  # Prefix to prepend to tenant IDs to form the final Kafka topic name
  # CLI flag: -distributor.tenant-topic-tee.topic-prefix
  [topic_prefix: <string> | default = "loki.tenant"]

  # Maximum number of bytes that can be buffered before producing to Kafka
  # CLI flag: -distributor.tenant-topic-tee.max-buffered-bytes
  [max_buffered_bytes: <int> | default = 100MiB]

  # Maximum size of a single Kafka record in bytes
  # CLI flag: -distributor.tenant-topic-tee.max-record-size-bytes
  [max_record_size_bytes: <int> | default = 15MiB249KiB]

  # Topic strategy to use. Valid values are 'simple' or 'automatic'
  # CLI flag: -distributor.tenant-topic-tee.strategy
  [strategy: <string> | default = "simple"]

etcd

ETCD v3 客户端配置。仅在选定的 kvstore 为 etcd 时适用。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage.ring
  • compactor.ring
  • distributor.ring
  • index-gateway.ring
  • ingest-limits
  • ingest-limits-frontend
  • ingester.partition-ring
  • pattern-ingester
  • query-scheduler.ring
  • ruler.ring

 

yaml
# The etcd endpoints to connect to.
# CLI flag: -<prefix>.etcd.endpoints
[endpoints: <list of strings> | default = []]

# The dial timeout for the etcd connection.
# CLI flag: -<prefix>.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]

# The maximum number of retries to do for failed ops.
# CLI flag: -<prefix>.etcd.max-retries
[max_retries: <int> | default = 10]

# Enable TLS.
# CLI flag: -<prefix>.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: ruler.ring.etcd
[<tls_config>]

# Etcd username.
# CLI flag: -<prefix>.etcd.username
[username: <string> | default = ""]

# Etcd password.
# CLI flag: -<prefix>.etcd.password
[password: <string> | default = ""]

frontend

frontend 块配置 Loki 查询前端。

yaml
# Log queries that are slower than the specified duration. Set to 0 to disable.
# Set to < 0 to enable on all queries.
# CLI flag: -frontend.log-queries-longer-than
[log_queries_longer_than: <duration> | default = 0s]

# Comma-separated list of request header names to include in query logs. Applies
# to both query stats and slow queries logs.
# CLI flag: -frontend.log-query-request-headers
[log_query_request_headers: <string> | default = ""]

# Max body size for downstream prometheus.
# CLI flag: -frontend.max-body-size
[max_body_size: <int> | default = 10485760]

# True to enable query statistics tracking. When enabled, a message with some
# statistics is logged for every query.
# CLI flag: -frontend.query-stats-enabled
[query_stats_enabled: <boolean> | default = false]

# Maximum number of outstanding requests per tenant per frontend; requests
# beyond this error with HTTP 429.
# CLI flag: -querier.max-outstanding-requests-per-tenant
[max_outstanding_per_tenant: <int> | default = 2048]

# In the event a tenant is repeatedly sending queries that lead the querier to
# crash or be killed due to an out-of-memory error, the crashed querier will be
# disconnected from the query frontend and a new querier will be immediately
# assigned to the tenant’s shard. This invalidates the assumption that shuffle
# sharding can be used to reduce the impact on tenants. This option mitigates
# the impact by configuring a delay between when a querier disconnects because
# of a crash and when the crashed querier is actually removed from the tenant's
# shard.
# CLI flag: -query-frontend.querier-forget-delay
[querier_forget_delay: <duration> | default = 0s]

# DNS hostname used for finding query-schedulers.
# CLI flag: -frontend.scheduler-address
[scheduler_address: <string> | default = ""]

# How often to resolve the scheduler-address, in order to look for new
# query-scheduler instances. Also used to determine how often to poll the
# scheduler-ring for addresses if the scheduler-ring is configured.
# CLI flag: -frontend.scheduler-dns-lookup-period
[scheduler_dns_lookup_period: <duration> | default = 10s]

# Number of concurrent workers forwarding queries to single query-scheduler.
# CLI flag: -frontend.scheduler-worker-concurrency
[scheduler_worker_concurrency: <int> | default = 5]

# The grpc_client block configures the gRPC client used to communicate between a
# client and server component in Loki.
# The CLI flags prefix for this block configuration is:
# frontend.grpc-client-config
[grpc_client_config: <grpc_client>]

# Time to wait for inflight requests to finish before forcefully shutting down.
# This needs to be aligned with the query timeout and the graceful termination
# period of the process orchestrator.
# CLI flag: -frontend.graceful-shutdown-timeout
[graceful_shutdown_timeout: <duration> | default = 5m]

# Name of network interface to read address from. This address is sent to
# query-scheduler and querier, which uses it to send the query response back to
# query-frontend.
# CLI flag: -frontend.instance-interface-names
[instance_interface_names: <list of strings> | default = [<private network interfaces>]]

# Defines the encoding for requests to and responses from the scheduler and
# querier. Can be 'json' or 'protobuf' (defaults to 'json').
# CLI flag: -frontend.encoding
[encoding: <string> | default = "json"]

# Compress HTTP responses.
# CLI flag: -querier.compress-http-responses
[compress_responses: <boolean> | default = true]

# URL of downstream Loki.
# CLI flag: -frontend.downstream-url
[downstream_url: <string> | default = ""]

# URL of querier for tail proxy.
# CLI flag: -frontend.tail-proxy-url
[tail_proxy_url: <string> | default = ""]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: frontend.tail-tls-config
[tail_tls_config: <tls_config>]

# Support 'application/vnd.apache.parquet' content type in HTTP responses.
[support_parquet_encoding: <boolean>]

frontend_worker

frontend_worker 配置运行在 Loki querier 中、负责接收和执行由 query-frontend 放入队列的查询的 worker。

yaml
# Address of query frontend service, in host:port format. If
# -querier.scheduler-address is set as well, querier will use scheduler instead.
# Only one of -querier.frontend-address or -querier.scheduler-address can be
# set. If neither is set, queries are only received via HTTP endpoint.
# CLI flag: -querier.frontend-address
[frontend_address: <string> | default = ""]

# Hostname (and port) of scheduler that querier will periodically resolve,
# connect to and receive queries from. Only one of -querier.frontend-address or
# -querier.scheduler-address can be set. If neither is set, queries are only
# received via HTTP endpoint.
# CLI flag: -querier.scheduler-address
[scheduler_address: <string> | default = ""]

# How often to query DNS for query-frontend or query-scheduler address. Also
# used to determine how often to poll the scheduler-ring for addresses if the
# scheduler-ring is configured.
# CLI flag: -querier.dns-lookup-period
[dns_lookup_duration: <duration> | default = 3s]

# Querier ID, sent to frontend service to identify requests from the same
# querier. Defaults to hostname.
# CLI flag: -querier.id
[id: <string> | default = ""]

# Configures the querier gRPC client used to communicate with the
# query-frontend. This can't be used in conjunction with 'grpc_client_config'.
# The CLI flags prefix for this block configuration is:
# querier.frontend-grpc-client
[query_frontend_grpc_client: <grpc_client>]

# Configures the querier gRPC client used to communicate with the query-frontend
# and with the query-scheduler. This can't be used in conjunction with
# 'query_frontend_grpc_client' or 'query_scheduler_grpc_client'.
# The CLI flags prefix for this block configuration is: querier.frontend-client
[grpc_client_config: <grpc_client>]

# Configures the querier gRPC client used to communicate with the
# query-scheduler. This can't be used in conjunction with 'grpc_client_config'.
# The CLI flags prefix for this block configuration is:
# querier.scheduler-grpc-client
[query_scheduler_grpc_client: <grpc_client>]

gcs_storage_config

gcs_storage_config 块配置与 Google Cloud Storage 对象存储后端的连接。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage
  • ruler.storage

 

yaml
# Name of GCS bucket. Please refer to
# https://cloud.google.com/docs/authentication/production for more information
# about how to configure authentication.
# CLI flag: -<prefix>.gcs.bucketname
[bucket_name: <string> | default = ""]

# Custom GCS endpoint URL.
# CLI flag: -<prefix>.gcs.endpoint
[endpoint: <string> | default = ""]

# Service account key content in JSON format, refer to
# https://cloud.google.com/iam/docs/creating-managing-service-account-keys for
# creation.
# CLI flag: -<prefix>.gcs.service-account
[service_account: <string> | default = ""]

# The size of the buffer that GCS client for each PUT request. 0 to disable
# buffering.
# CLI flag: -<prefix>.gcs.chunk-buffer-size
[chunk_buffer_size: <int> | default = 0]

# The duration after which the requests to GCS should be timed out.
# CLI flag: -<prefix>.gcs.request-timeout
[request_timeout: <duration> | default = 0s]

# Enable OpenCensus (OC) instrumentation for all requests.
# CLI flag: -<prefix>.gcs.enable-opencensus
[enable_opencensus: <boolean> | default = true]

# Enable HTTP2 connections.
# CLI flag: -<prefix>.gcs.enable-http2
[enable_http2: <boolean> | default = true]

# Enable automatic retries of failed idempotent requests.
# CLI flag: -<prefix>.gcs.enable-retries
[enable_retries: <boolean> | default = true]

grpc_client

grpc_client 块配置用于在 Loki 客户端和服务器组件之间通信的 gRPC 客户端。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • bigtable
  • blockbuilder.scheduler-grpc-client.
  • bloom-build.builder.grpc
  • bloom-gateway-client.grpc
  • boltdb.shipper.index-gateway-client.grpc
  • compactor.grpc-client
  • frontend.grpc-client-config
  • ingest-limits-frontend-client
  • ingest-limits-frontend.limits-client
  • ingester.client
  • pattern-ingester.client
  • querier.frontend-client
  • querier.frontend-grpc-client
  • querier.scheduler-grpc-client
  • query-scheduler.grpc-client-config
  • ruler.client
  • tsdb.shipper.index-gateway-client.grpc

 

yaml
# gRPC client max receive message size (bytes).
# CLI flag: -<prefix>.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]

# gRPC client max send message size (bytes).
# CLI flag: -<prefix>.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 104857600]

# Use compression when sending messages. Supported values are: 'gzip', 'snappy'
# and '' (disable compression)
# CLI flag: -<prefix>.grpc-compression
[grpc_compression: <string> | default = ""]

# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -<prefix>.grpc-client-rate-limit
[rate_limit: <float> | default = 0]

# Rate limit burst for gRPC client.
# CLI flag: -<prefix>.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]

# Enable backoff and retry when we hit rate limits.
# CLI flag: -<prefix>.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]

backoff_config:
  # Minimum delay when backing off.
  # CLI flag: -<prefix>.backoff-min-period
  [min_period: <duration> | default = 100ms]

  # Maximum delay when backing off.
  # CLI flag: -<prefix>.backoff-max-period
  [max_period: <duration> | default = 10s]

  # Number of times to backoff and retry before failing.
  # CLI flag: -<prefix>.backoff-retries
  [max_retries: <int> | default = 10]

# Initial stream window size. Values less than the default are not supported and
# are ignored. Setting this to a value other than the default disables the BDP
# estimator.
# CLI flag: -<prefix>.initial-stream-window-size
[initial_stream_window_size: <int> | default = 63KiB1023B]

# Initial connection window size. Values less than the default are not supported
# and are ignored. Setting this to a value other than the default disables the
# BDP estimator.
# CLI flag: -<prefix>.initial-connection-window-size
[initial_connection_window_size: <int> | default = 63KiB1023B]

# Enable TLS in the gRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -<prefix>.tls-enabled
[tls_enabled: <boolean> | default = false]

# The TLS configuration.
# The CLI flags prefix for this block configuration is:
# tsdb.shipper.index-gateway-client.grpc
[<tls_config>]

# The maximum amount of time to establish a connection. A value of 0 means
# default gRPC client connect timeout and backoff.
# CLI flag: -<prefix>.connect-timeout
[connect_timeout: <duration> | default = 5s]

# Initial backoff delay after first connection failure. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -<prefix>.connect-backoff-base-delay
[connect_backoff_base_delay: <duration> | default = 1s]

# Maximum backoff delay when establishing a connection. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -<prefix>.connect-backoff-max-delay
[connect_backoff_max_delay: <duration> | default = 5s]

cluster_validation:
  # Optionally define the cluster validation label.
  # CLI flag: -<prefix>.cluster-validation.label
  [label: <string> | default = ""]

index_gateway

index_gateway 块配置 Loki 索引网关服务器,负责提供索引查询服务而无需持续与对象存储交互。

yaml
# Defines in which mode the index gateway server will operate (default to
# 'simple'). It supports two modes:
# - 'simple': an index gateway server instance is responsible for handling,
# storing and returning requests for all indices for all tenants.
# - 'ring': an index gateway server instance is responsible for a subset of
# tenants instead of all tenants.
# CLI flag: -index-gateway.mode
[mode: <string> | default = "simple"]

# Defines the ring to be used by the index gateway servers and clients in case
# the servers are configured to run in 'ring' mode. In case this isn't
# configured, this block supports inheriting configuration from the common ring
# section.
ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -index-gateway.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -index-gateway.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: index-gateway.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: index-gateway.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -index-gateway.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -index-gateway.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to secondary store.
      # CLI flag: -index-gateway.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing value to secondary store.
      # CLI flag: -index-gateway.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring. 0 = disabled.
  # CLI flag: -index-gateway.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -index-gateway.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -index-gateway.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -index-gateway.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Deprecated: How many index gateway instances are assigned to each tenant.
  # Use -index-gateway.shard-size instead. The shard size is also a per-tenant
  # setting.
  # CLI flag: -replication-factor
  [replication_factor: <int> | default = 3]

  # Instance ID to register in the ring.
  # CLI flag: -index-gateway.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -index-gateway.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -index-gateway.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -index-gateway.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -index-gateway.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -index-gateway.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

ingester

ingester 块配置 ingester 以及 ingester 如何向键值存储注册自身。

yaml
# Configures how the lifecycle of the ingester will operate and where it will
# register for discovery.
lifecycler:
  ring:
    kvstore:
      # Backend storage to use for the ring. Supported values are: consul, etcd,
      # inmemory, memberlist, multi.
      # CLI flag: -ring.store
      [store: <string> | default = "consul"]

      # The prefix for the keys in the store. Should end with a /.
      # CLI flag: -ring.prefix
      [prefix: <string> | default = "collectors/"]

      # Configuration for a Consul client. Only applies if the selected kvstore
      # is consul.
      [consul: <consul>]

      # Configuration for an ETCD v3 client. Only applies if the selected
      # kvstore is etcd.
      [etcd: <etcd>]

      multi:
        # Primary backend storage used by multi-client.
        # CLI flag: -multi.primary
        [primary: <string> | default = ""]

        # Secondary backend storage used by multi-client.
        # CLI flag: -multi.secondary
        [secondary: <string> | default = ""]

        # Mirror writes to secondary store.
        # CLI flag: -multi.mirror-enabled
        [mirror_enabled: <boolean> | default = false]

        # Timeout for storing value to secondary store.
        # CLI flag: -multi.mirror-timeout
        [mirror_timeout: <duration> | default = 2s]

    # The heartbeat timeout after which ingesters are skipped for reads/writes.
    # 0 = never (timeout disabled).
    # CLI flag: -ring.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # The number of ingesters to write to and read from.
    # CLI flag: -distributor.replication-factor
    [replication_factor: <int> | default = 3]

    # True to enable the zone-awareness and replicate ingested samples across
    # different availability zones.
    # CLI flag: -distributor.zone-awareness-enabled
    [zone_awareness_enabled: <boolean> | default = false]

    # Comma-separated list of zones to exclude from the ring. Instances in
    # excluded zones will be filtered out from the ring.
    # CLI flag: -distributor.excluded-zones
    [excluded_zones: <string> | default = ""]

  # Number of tokens for each ingester.
  # CLI flag: -ingester.num-tokens
  [num_tokens: <int> | default = 128]

  # Period at which to heartbeat to consul. 0 = disabled.
  # CLI flag: -ingester.heartbeat-period
  [heartbeat_period: <duration> | default = 5s]

  # Heartbeat timeout after which instance is assumed to be unhealthy. 0 =
  # disabled.
  # CLI flag: -ingester.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # Observe tokens after generating to resolve collisions. Useful when using
  # gossiping ring.
  # CLI flag: -ingester.observe-period
  [observe_period: <duration> | default = 0s]

  # Period to wait for a claim from another member; will join automatically
  # after this.
  # CLI flag: -ingester.join-after
  [join_after: <duration> | default = 0s]

  # Minimum duration to wait after the internal readiness checks have passed but
  # before succeeding the readiness endpoint. This is used to slowdown
  # deployment controllers (eg. Kubernetes) after an instance is ready and
  # before they proceed with a rolling update, to give the rest of the cluster
  # instances enough time to receive ring updates.
  # CLI flag: -ingester.min-ready-duration
  [min_ready_duration: <duration> | default = 15s]

  # Name of network interface to read address from.
  # CLI flag: -ingester.lifecycler.interface
  [interface_names: <list of strings> | default = [<private network interfaces>]]

  # Enable IPv6 support. Required to make use of IP addresses from IPv6
  # interfaces.
  # CLI flag: -ingester.enable-inet6
  [enable_inet6: <boolean> | default = false]

  # Duration to sleep for before exiting, to ensure metrics are scraped.
  # CLI flag: -ingester.final-sleep
  [final_sleep: <duration> | default = 0s]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -ingester.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # The availability zone where this instance is running.
  # CLI flag: -ingester.availability-zone
  [availability_zone: <string> | default = ""]

  # Unregister from the ring upon clean shutdown. It can be useful to disable
  # for rolling restarts with consistent naming in conjunction with
  # -distributor.extend-writes=false.
  # CLI flag: -ingester.unregister-on-shutdown
  [unregister_on_shutdown: <boolean> | default = true]

  # When enabled the readiness probe succeeds only after all instances are
  # ACTIVE and healthy in the ring, otherwise only the instance itself is
  # checked. This option should be disabled if in your cluster multiple
  # instances can be rolled out simultaneously, otherwise rolling updates may be
  # slowed down.
  # CLI flag: -ingester.readiness-check-ring-health
  [readiness_check_ring_health: <boolean> | default = true]

  # IP address to advertise in the ring.
  # CLI flag: -ingester.lifecycler.addr
  [address: <string> | default = ""]

  # port to advertise in consul (defaults to server.grpc-listen-port).
  # CLI flag: -ingester.lifecycler.port
  [port: <int> | default = 0]

  # ID to register in the ring.
  # CLI flag: -ingester.lifecycler.ID
  [id: <string> | default = "<hostname>"]

# How many flushes can happen concurrently from each stream.
# CLI flag: -ingester.concurrent-flushes
[concurrent_flushes: <int> | default = 32]

# How often should the ingester see if there are any blocks to flush. The first
# flush check is delayed by a random time up to 0.8x the flush check period.
# Additionally, there is +/- 1% jitter added to the interval.
# CLI flag: -ingester.flush-check-period
[flush_check_period: <duration> | default = 30s]

flush_op_backoff:
  # Minimum backoff period when a flush fails. Each concurrent flush has its own
  # backoff, see `ingester.concurrent-flushes`.
  # CLI flag: -ingester.flush-op-backoff-min-period
  [min_period: <duration> | default = 10s]

  # Maximum backoff period when a flush fails. Each concurrent flush has its own
  # backoff, see `ingester.concurrent-flushes`.
  # CLI flag: -ingester.flush-op-backoff-max-period
  [max_period: <duration> | default = 1m]

  # Maximum retries for failed flushes.
  # CLI flag: -ingester.flush-op-backoff-retries
  [max_retries: <int> | default = 10]

# The timeout for an individual flush. Will be retried up to
# `flush-op-backoff-retries` times.
# CLI flag: -ingester.flush-op-timeout
[flush_op_timeout: <duration> | default = 10m]

# How long chunks should be retained in-memory after they've been flushed.
# CLI flag: -ingester.chunks-retain-period
[chunk_retain_period: <duration> | default = 0s]

# How long chunks should sit in-memory with no updates before being flushed if
# they don't hit the max block size. This means that half-empty chunks will
# still be flushed after a certain period as long as they receive no further
# activity.
# CLI flag: -ingester.chunks-idle-period
[chunk_idle_period: <duration> | default = 30m]

# The targeted _uncompressed_ size in bytes of a chunk block When this threshold
# is exceeded the head block will be cut and compressed inside the chunk.
# CLI flag: -ingester.chunks-block-size
[chunk_block_size: <int> | default = 262144]

# A target _compressed_ size in bytes for chunks. This is a desired size not an
# exact size, chunks may be slightly bigger or significantly smaller if they get
# flushed for other reasons (e.g. chunk_idle_period). A value of 0 creates
# chunks with a fixed 10 blocks, a non zero value will create chunks with a
# variable number of blocks to meet the target size.
# CLI flag: -ingester.chunk-target-size
[chunk_target_size: <int> | default = 1572864]

# The algorithm to use for compressing chunk. (none, gzip, lz4-64k, snappy,
# lz4-256k, lz4-1M, lz4, flate, zstd)
# CLI flag: -ingester.chunk-encoding
[chunk_encoding: <string> | default = "gzip"]

# The maximum duration of a timeseries chunk in memory. If a timeseries runs for
# longer than this, the current chunk will be flushed to the store and a new
# chunk created.
# CLI flag: -ingester.max-chunk-age
[max_chunk_age: <duration> | default = 2h]

# Forget about ingesters having heartbeat timestamps older than
# `ring.kvstore.heartbeat_timeout`. This is equivalent to clicking on the
# `/ring` `forget` button in the UI: the ingester is removed from the ring. This
# is a useful setting when you are sure that an unhealthy node won't return. An
# example is when not using stateful sets or the equivalent. Use
# `memberlist.rejoin_interval` > 0 to handle network partition cases when using
# a memberlist.
# CLI flag: -ingester.autoforget-unhealthy
[autoforget_unhealthy: <boolean> | default = false]

# Parameters used to synchronize ingesters to cut chunks at the same moment.
# Sync period is used to roll over incoming entry to a new chunk. If chunk's
# utilization isn't high enough (eg. less than 50% when sync_min_utilization is
# set to 0.5), then this chunk rollover doesn't happen.
# CLI flag: -ingester.sync-period
[sync_period: <duration> | default = 1h]

# Minimum utilization of chunk when doing synchronization.
# CLI flag: -ingester.sync-min-utilization
[sync_min_utilization: <float> | default = 0.1]

# The maximum number of errors a stream will report to the user when a push
# fails. 0 to make unlimited.
# CLI flag: -ingester.max-ignored-stream-errors
[max_returned_stream_errors: <int> | default = 10]

# How far back should an ingester be allowed to query the store for data, for
# use only with boltdb-shipper/tsdb index and filesystem object store. -1 for
# infinite.
# CLI flag: -ingester.query-store-max-look-back-period
[query_store_max_look_back_period: <duration> | default = 0s]

# The ingester WAL (Write Ahead Log) records incoming logs and stores them on
# the local file systems in order to guarantee persistence of acknowledged data
# in the event of a process crash.
wal:
  # Enable writing of ingested data into WAL.
  # CLI flag: -ingester.wal-enabled
  [enabled: <boolean> | default = true]

  # Directory where the WAL data is stored and/or recovered from.
  # CLI flag: -ingester.wal-dir
  [dir: <string> | default = "wal"]

  # Interval at which checkpoints should be created.
  # CLI flag: -ingester.checkpoint-duration
  [checkpoint_duration: <duration> | default = 5m]

  # When WAL is enabled, should chunks be flushed to long-term storage on
  # shutdown.
  # CLI flag: -ingester.flush-on-shutdown
  [flush_on_shutdown: <boolean> | default = false]

  # Maximum memory size the WAL may use during replay. After hitting this, it
  # will flush data to storage before continuing. A unit suffix (KB, MB, GB) may
  # be applied.
  # CLI flag: -ingester.wal-replay-memory-ceiling
  [replay_memory_ceiling: <int> | default = 4GB]

# Shard factor used in the ingesters for the in process reverse index. This MUST
# be evenly divisible by ALL schema shard factors or Loki will not start.
# CLI flag: -ingester.index-shards
[index_shards: <int> | default = 32]

# Maximum number of dropped streams to keep in memory during tailing.
# CLI flag: -ingester.tailer.max-dropped-streams
[max_dropped_streams: <int> | default = 10]

# Path where the shutdown marker file is stored. If not set and
# common.path_prefix is set then common.path_prefix will be used.
# CLI flag: -ingester.shutdown-marker-path
[shutdown_marker_path: <string> | default = ""]

# Interval at which the ingester ownedStreamService checks for changes in the
# ring to recalculate owned streams.
# CLI flag: -ingester.owned-streams-check-interval
[owned_streams_check_interval: <duration> | default = 30s]

kafka_ingestion:
  # Whether the kafka ingester is enabled.
  # CLI flag: -ingester.kafka-ingestion-enabled
  [enabled: <boolean> | default = false]

  partition_ring:
    # The key-value store used to share the hash ring across multiple instances.
    # This option needs be set on ingesters, distributors, queriers, and rulers
    # when running in microservices mode.
    kvstore:
      # Backend storage to use for the ring. Supported values are: consul, etcd,
      # inmemory, memberlist, multi.
      # CLI flag: -ingester.partition-ring.store
      [store: <string> | default = "memberlist"]

      # The prefix for the keys in the store. Should end with a /.
      # CLI flag: -ingester.partition-ring.prefix
      [prefix: <string> | default = "collectors/"]

      # Configuration for a Consul client. Only applies if the selected kvstore
      # is consul.
      # The CLI flags prefix for this block configuration is:
      # ingester.partition-ring
      [consul: <consul>]

      # Configuration for an ETCD v3 client. Only applies if the selected
      # kvstore is etcd.
      # The CLI flags prefix for this block configuration is:
      # ingester.partition-ring
      [etcd: <etcd>]

      multi:
        # Primary backend storage used by multi-client.
        # CLI flag: -ingester.partition-ring.multi.primary
        [primary: <string> | default = ""]

        # Secondary backend storage used by multi-client.
        # CLI flag: -ingester.partition-ring.multi.secondary
        [secondary: <string> | default = ""]

        # Mirror writes to secondary store.
        # CLI flag: -ingester.partition-ring.multi.mirror-enabled
        [mirror_enabled: <boolean> | default = false]

        # Timeout for storing value to secondary store.
        # CLI flag: -ingester.partition-ring.multi.mirror-timeout
        [mirror_timeout: <duration> | default = 2s]

    # Minimum number of owners to wait before a PENDING partition gets switched
    # to ACTIVE.
    # CLI flag: -ingester.partition-ring.min-partition-owners-count
    [min_partition_owners_count: <int> | default = 1]

    # How long the minimum number of owners are enforced before a PENDING
    # partition gets switched to ACTIVE.
    # CLI flag: -ingester.partition-ring.min-partition-owners-duration
    [min_partition_owners_duration: <duration> | default = 10s]

    # How long to wait before an INACTIVE partition is eligible for deletion.
    # The partition is deleted only if it has been in INACTIVE state for at
    # least the configured duration and it has no owners registered. A value of
    # 0 disables partitions deletion.
    # CLI flag: -ingester.partition-ring.delete-inactive-partition-after
    [delete_inactive_partition_after: <duration> | default = 13h]

ingester_client

ingester_client 块配置 distributor 如何连接到 ingester。仅适用于运行所有组件、distributor 或 querier 的情况。

yaml
# Configures how connections are pooled.
pool_config:
  # How frequently to clean up clients for ingesters that have gone away.
  # CLI flag: -distributor.client-cleanup-period
  [client_cleanup_period: <duration> | default = 15s]

  # Run a health check on each ingester client during periodic cleanup.
  # CLI flag: -distributor.health-check-ingesters
  [health_check_ingesters: <boolean> | default = true]

  # How quickly a dead client will be removed after it has been detected to
  # disappear. Set this to a value to allow time for a secondary health check to
  # recover the missing client.
  # CLI flag: -ingester.client.healthcheck-timeout
  [remote_timeout: <duration> | default = 1s]

# The remote request timeout on the client side.
# CLI flag: -ingester.client.timeout
[remote_timeout: <duration> | default = 5s]

# Configures how the gRPC connection to ingesters work as a client.
# The CLI flags prefix for this block configuration is: ingester.client
[grpc_client_config: <grpc_client>]

limits_config

limits_config 块配置 Loki 中的全局和每租户限制。此处的值可以在 runtime_config 文件的 overrides 部分中被覆盖。

yaml
# Whether the ingestion rate limit should be applied individually to each
# distributor instance (local), or evenly shared across the cluster (global).
# The ingestion rate strategy cannot be overridden on a per-tenant basis.
# - local: enforces the limit on a per distributor basis. The actual effective
# rate limit will be N times higher, where N is the number of distributor
# replicas.
# - global: enforces the limit globally, configuring a per-distributor local
# rate limiter as 'ingestion_rate / N', where N is the number of distributor
# replicas (it's automatically adjusted if the number of replicas change). The
# global strategy requires the distributors to form their own ring, which is
# used to keep track of the current number of healthy distributor replicas.
# CLI flag: -distributor.ingestion-rate-limit-strategy
[ingestion_rate_strategy: <string> | default = "global"]

# Per-user ingestion rate limit in sample size per second. Sample size includes
# size of the logs line and the size of structured metadata labels. Units in MB.
# CLI flag: -distributor.ingestion-rate-limit-mb
[ingestion_rate_mb: <float> | default = 4]

# Per-user allowed ingestion burst size (in sample size). Units in MB. The burst
# size refers to the per-distributor local rate limiter even in the case of the
# 'global' strategy, and should be set at least to the maximum logs size
# expected in a single push request.
# CLI flag: -distributor.ingestion-burst-size-mb
[ingestion_burst_size_mb: <float> | default = 6]

# Maximum length accepted for label names.
# CLI flag: -validation.max-length-label-name
[max_label_name_length: <int> | default = 1024]

# Maximum length accepted for label value. This setting also applies to the
# metric name.
# CLI flag: -validation.max-length-label-value
[max_label_value_length: <int> | default = 2048]

# Maximum number of label names per series.
# CLI flag: -validation.max-label-names-per-series
[max_label_names_per_series: <int> | default = 15]

# Whether or not old samples will be rejected.
# CLI flag: -validation.reject-old-samples
[reject_old_samples: <boolean> | default = true]

# Maximum accepted sample age before rejecting.
# CLI flag: -validation.reject-old-samples.max-age
[reject_old_samples_max_age: <duration> | default = 1w]

# Duration which table will be created/deleted before/after it's needed; we
# won't accept sample from before this time.
# CLI flag: -validation.create-grace-period
[creation_grace_period: <duration> | default = 10m]

# Maximum line size on ingestion path. Example: 256kb. Any log line exceeding
# this limit will be discarded unless `distributor.max-line-size-truncate` is
# set which in case it is truncated instead of discarding it completely. There
# is no limit when unset or set to 0.
# CLI flag: -distributor.max-line-size
[max_line_size: <int> | default = 256KB]

# Whether to truncate lines that exceed max_line_size.
# CLI flag: -distributor.max-line-size-truncate
[max_line_size_truncate: <boolean> | default = false]

# Alter the log line timestamp during ingestion when the timestamp is the same
# as the previous entry for the same stream. When enabled, if a log line in a
# push request has the same timestamp as the previous line for the same stream,
# one nanosecond is added to the log line. This will preserve the received order
# of log lines with the exact same timestamp when they are queried, by slightly
# altering their stored timestamp. NOTE: This is imperfect, because Loki accepts
# out of order writes, and another push request for the same stream could
# contain duplicate timestamps to existing entries and they will not be
# incremented.
# CLI flag: -validation.increment-duplicate-timestamps
[increment_duplicate_timestamp: <boolean> | default = false]

# Simulated latency to add to push requests. Used for testing. Set to 0s to
# disable.
# CLI flag: -limits.simulated-push-latency
[simulated_push_latency: <duration> | default = 0s]

# Enable experimental support for running multiple query variants over the same
# underlying data. For example, running both a rate() and count_over_time()
# query over the same range selector.
# CLI flag: -limits.enable-multi-variant-queries
[enable_multi_variant_queries: <boolean> | default = false]

# Experimental: Detect fields from stream labels, structured metadata, or
# json/logfmt formatted log line and put them into structured metadata of the
# log entry.
discover_generic_fields:
  [fields: <map of string to list of strings>]

# If no service_name label exists, Loki maps a single label from the configured
# list to service_name. If none of the configured labels exist in the stream,
# label is set to unknown_service. Empty list disables setting the label.
# CLI flag: -validation.discover-service-name
[discover_service_name: <list of strings> | default = [service app application app_name name app_kubernetes_io_name container container_name k8s_container_name component workload job k8s_job_name]]

# Discover and add log levels during ingestion, if not present already. Levels
# would be added to Structured Metadata with name
# level/LEVEL/Level/Severity/severity/SEVERITY/lvl/LVL/Lvl (case-sensitive) and
# one of the values from 'trace', 'debug', 'info', 'warn', 'error', 'critical',
# 'fatal' (case insensitive).
# CLI flag: -validation.discover-log-levels
[discover_log_levels: <boolean> | default = true]

# Field name to use for log levels. If not set, log level would be detected
# based on pre-defined labels as mentioned above.
# CLI flag: -validation.log-level-fields
[log_level_fields: <list of strings> | default = [level LEVEL Level Severity severity SEVERITY lvl LVL Lvl severity_text Severity_Text SEVERITY_TEXT]]

# Maximum depth to search for log level fields in JSON logs. A value of 0 or
# less means unlimited depth. Default is 2 which searches the first 2 levels of
# the JSON object.
# CLI flag: -validation.log-level-from-json-max-depth
[log_level_from_json_max_depth: <int> | default = 2]

# When true an ingester takes into account only the streams that it owns
# according to the ring while applying the stream limit.
# CLI flag: -ingester.use-owned-stream-count
[use_owned_stream_count: <boolean> | default = false]

# Maximum number of active streams per user, per ingester. 0 to disable.
# CLI flag: -ingester.max-streams-per-user
[max_streams_per_user: <int> | default = 0]

# Maximum number of active streams per user, across the cluster. 0 to disable.
# When the global limit is enabled, each ingester is configured with a dynamic
# local limit based on the replication factor and the current number of healthy
# ingesters, and is kept updated whenever the number of ingesters change.
# CLI flag: -ingester.max-global-streams-per-user
[max_global_streams_per_user: <int> | default = 5000]

# Deprecated. When true, out-of-order writes are accepted.
# CLI flag: -ingester.unordered-writes
[unordered_writes: <boolean> | default = true]

# Maximum byte rate per second per stream, also expressible in human readable
# forms (1MB, 256KB, etc).
# CLI flag: -ingester.per-stream-rate-limit
[per_stream_rate_limit: <int> | default = 3MB]

# Maximum burst bytes per stream, also expressible in human readable forms (1MB,
# 256KB, etc). This is how far above the rate limit a stream can 'burst' before
# the stream is limited.
# CLI flag: -ingester.per-stream-rate-limit-burst
[per_stream_rate_limit_burst: <int> | default = 15MB]

# Maximum number of chunks that can be fetched in a single query.
# CLI flag: -store.query-chunk-limit
[max_chunks_per_query: <int> | default = 2000000]

# Limit the maximum of unique series that is returned by a metric query. When
# the limit is reached an error is returned.
# CLI flag: -querier.max-query-series
[max_query_series: <int> | default = 500]

# Limit how far back in time series data and metadata can be queried, up until
# lookback duration ago. This limit is enforced in the query frontend, the
# querier and the ruler. If the requested time range is outside the allowed
# range, the request will not fail, but will be modified to only query data
# within the allowed time range. The default value of 0 does not set a limit.
# CLI flag: -querier.max-query-lookback
[max_query_lookback: <duration> | default = 0s]

# The limit to length of chunk store queries. 0 to disable.
# CLI flag: -store.max-query-length
[max_query_length: <duration> | default = 30d1h]

# Limit the length of the [range] inside a range query. Default is 0 or
# unlimited
# CLI flag: -querier.max-query-range
[max_query_range: <duration> | default = 0s]

# Maximum number of queries that will be scheduled in parallel by the frontend.
# CLI flag: -querier.max-query-parallelism
[max_query_parallelism: <int> | default = 32]

# Maximum number of queries will be scheduled in parallel by the frontend for
# TSDB schemas.
# CLI flag: -querier.tsdb-max-query-parallelism
[tsdb_max_query_parallelism: <int> | default = 128]

# Target maximum number of bytes assigned to a single sharded query. Also
# expressible in human readable forms (1GB, etc). Note: This is a _target_ and
# not an absolute limit. The actual limit can be higher, but the query planner
# will try to build shards up to this limit.
# CLI flag: -querier.tsdb-max-bytes-per-shard
[tsdb_max_bytes_per_shard: <int> | default = 600MB]

# sharding strategy to use in query planning. Suggested to use bounded once all
# nodes can recognize it.
# CLI flag: -limits.tsdb-sharding-strategy
[tsdb_sharding_strategy: <string> | default = "power_of_two"]

# Precompute chunks for TSDB queries. This can improve query performance at the
# cost of increased memory usage by computing chunks once during planning,
# reducing index calls.
# CLI flag: -querier.tsdb-precompute-chunks
[tsdb_precompute_chunks: <boolean> | default = false]

# Cardinality limit for index queries.
# CLI flag: -store.cardinality-limit
[cardinality_limit: <int> | default = 100000]

# Maximum number of stream matchers per query.
# CLI flag: -querier.max-streams-matcher-per-query
[max_streams_matchers_per_query: <int> | default = 1000]

# Maximum number of concurrent tail requests.
# CLI flag: -querier.max-concurrent-tail-requests
[max_concurrent_tail_requests: <int> | default = 10]

# Maximum number of log entries that will be returned for a query.
# CLI flag: -validation.max-entries-limit
[max_entries_limit_per_query: <int> | default = 5000]

# Most recent allowed cacheable result per-tenant, to prevent caching very
# recent results that might still be in flux.
# CLI flag: -frontend.max-cache-freshness
[max_cache_freshness_per_query: <duration> | default = 10m]

# Do not cache metadata request if the end time is within the
# frontend.max-metadata-cache-freshness window. Set this to 0 to apply no such
# limits. Defaults to 24h.
# CLI flag: -frontend.max-metadata-cache-freshness
[max_metadata_cache_freshness: <duration> | default = 1d]

# Do not cache requests with an end time that falls within Now minus this
# duration. 0 disables this feature (default).
# CLI flag: -frontend.max-stats-cache-freshness
[max_stats_cache_freshness: <duration> | default = 10m]

# Maximum number of queriers that can handle requests for a single tenant. If
# set to 0 or value higher than number of available queriers, *all* queriers
# will handle requests for the tenant. Each frontend (or query-scheduler, if
# used) will select the same set of queriers for the same tenant (given that all
# queriers are connected to all frontends / query-schedulers). This option only
# works with queriers connecting to the query-frontend / query-scheduler, not
# when using downstream URL.
# CLI flag: -frontend.max-queriers-per-tenant
[max_queriers_per_tenant: <int> | default = 0]

# How much of the available query capacity ("querier" components in distributed
# mode, "read" components in SSD mode) can be used by a single tenant. Allowed
# values are 0.0 to 1.0. For example, setting this to 0.5 would allow a tenant
# to use half of the available queriers for processing the query workload. If
# set to 0, query capacity is determined by frontend.max-queriers-per-tenant.
# When both frontend.max-queriers-per-tenant and frontend.max-query-capacity are
# configured, smaller value of the resulting querier replica count is
# considered: min(frontend.max-queriers-per-tenant, ceil(querier_replicas *
# frontend.max-query-capacity)). *All* queriers will handle requests for the
# tenant if neither limits are applied. This option only works with queriers
# connecting to the query-frontend / query-scheduler, not when using downstream
# URL. Use this feature in a multi-tenant setup where you need to limit query
# capacity for certain tenants.
# CLI flag: -frontend.max-query-capacity
[max_query_capacity: <float> | default = 0]

# Number of days of index to be kept always downloaded for queries. Applies only
# to per user index in boltdb-shipper index store. 0 to disable.
# CLI flag: -store.query-ready-index-num-days
[query_ready_index_num_days: <int> | default = 0]

# Timeout when querying backends (ingesters or storage) during the execution of
# a query request. When a specific per-tenant timeout is used, the global
# timeout is ignored.
# CLI flag: -querier.query-timeout
[query_timeout: <duration> | default = 1m]

# Split queries by a time interval and execute in parallel. The value 0 disables
# splitting by time. This also determines how cache keys are chosen when result
# caching is enabled.
# CLI flag: -querier.split-queries-by-interval
[split_queries_by_interval: <duration> | default = 1h]

# Split metadata queries by a time interval and execute in parallel. The value 0
# disables splitting metadata queries by time. This also determines how cache
# keys are chosen when label/series result caching is enabled.
# CLI flag: -querier.split-metadata-queries-by-interval
[split_metadata_queries_by_interval: <duration> | default = 1d]

# Experimental. Split interval to use for the portion of metadata request that
# falls within `recent_metadata_query_window`. Rest of the request which is
# outside the window still uses `split_metadata_queries_by_interval`. If set to
# 0, the entire request defaults to using a split interval of
# `split_metadata_queries_by_interval.`.
# CLI flag: -experimental.querier.split-recent-metadata-queries-by-interval
[split_recent_metadata_queries_by_interval: <duration> | default = 1h]

# Experimental. Metadata query window inside which
# `split_recent_metadata_queries_by_interval` gets applied, portion of the
# metadata request that falls in this window is split using
# `split_recent_metadata_queries_by_interval`. The value 0 disables using a
# different split interval for recent metadata queries.
# 
# This is added to improve cacheability of recent metadata queries. Query split
# interval also determines the interval used in cache key. The default split
# interval of 24h is useful for caching long queries, each cache key holding 1
# day's results. But metadata queries are often shorter than 24h, to cache them
# effectively we need a smaller split interval. `recent_metadata_query_window`
# along with `split_recent_metadata_queries_by_interval` help configure a
# shorter split interval for recent metadata queries.
# CLI flag: -experimental.querier.recent-metadata-query-window
[recent_metadata_query_window: <duration> | default = 0s]

# Split instant metric queries by a time interval and execute in parallel. The
# value 0 disables splitting instant metric queries by time. This also
# determines how cache keys are chosen when instant metric query result caching
# is enabled.
# CLI flag: -querier.split-instant-metric-queries-by-interval
[split_instant_metric_queries_by_interval: <duration> | default = 1h]

# Interval to use for time-based splitting when a request is within the
# `query_ingesters_within` window; defaults to `split-queries-by-interval` by
# setting to 0.
# CLI flag: -querier.split-ingester-queries-by-interval
[split_ingester_queries_by_interval: <duration> | default = 0s]

# Limit queries that can be sharded. Queries within the time range of now and
# now minus this sharding lookback are not sharded. The default value of 0s
# disables the lookback, causing sharding of all queries at all times.
# CLI flag: -frontend.min-sharding-lookback
[min_sharding_lookback: <duration> | default = 0s]

# Max number of bytes a query can fetch. Enforced in log and metric queries only
# when TSDB is used. This limit is not enforced on log queries without filters.
# The default value of 0 disables this limit.
# CLI flag: -frontend.max-query-bytes-read
[max_query_bytes_read: <int> | default = 0B]

# Max number of bytes a query can fetch after splitting and sharding. Enforced
# in log and metric queries only when TSDB is used. This limit is not enforced
# on log queries without filters. The default value of 0 disables this limit.
# CLI flag: -frontend.max-querier-bytes-read
[max_querier_bytes_read: <int> | default = 150GB]

# Enable log-volume endpoints.
# CLI flag: -limits.volume-enabled
[volume_enabled: <boolean> | default = true]

# The maximum number of aggregated series in a log-volume response
# CLI flag: -limits.volume-max-series
[volume_max_series: <int> | default = 1000]

# Maximum number of rules per rule group per-tenant. 0 to disable.
# CLI flag: -ruler.max-rules-per-rule-group
[ruler_max_rules_per_rule_group: <int> | default = 0]

# Maximum number of rule groups per-tenant. 0 to disable.
# CLI flag: -ruler.max-rule-groups-per-tenant
[ruler_max_rule_groups_per_tenant: <int> | default = 0]

# The default tenant's shard size when shuffle-sharding is enabled in the ruler.
# When this setting is specified in the per-tenant overrides, a value of 0
# disables shuffle sharding for the tenant.
# CLI flag: -ruler.tenant-shard-size
[ruler_tenant_shard_size: <int> | default = 0]

# Enable WAL replay on ruler startup. Disabling this can reduce memory usage on
# startup at the cost of not recovering in-memory WAL metrics on restart.
# CLI flag: -ruler.enable-wal-replay
[ruler_enable_wal_replay: <boolean> | default = true]

# Disable recording rules remote-write.
[ruler_remote_write_disabled: <boolean>]

# Deprecated: Use 'ruler_remote_write_config' instead. The URL of the endpoint
# to send samples to.
[ruler_remote_write_url: <string> | default = ""]

# Deprecated: Use 'ruler_remote_write_config' instead. Timeout for requests to
# the remote write endpoint.
[ruler_remote_write_timeout: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Custom HTTP headers to be
# sent along with each remote write request. Be aware that headers that are set
# by Loki itself can't be overwritten.
[ruler_remote_write_headers: <headers>]

# Deprecated: Use 'ruler_remote_write_config' instead. List of remote write
# relabel configurations.
[ruler_remote_write_relabel_configs: <relabel_config...>]

# Deprecated: Use 'ruler_remote_write_config' instead. Number of samples to
# buffer per shard before we block reading of more samples from the WAL. It is
# recommended to have enough capacity in each shard to buffer several requests
# to keep throughput up while processing occasional slow remote requests.
[ruler_remote_write_queue_capacity: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Minimum number of shards,
# i.e. amount of concurrency.
[ruler_remote_write_queue_min_shards: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of shards,
# i.e. amount of concurrency.
[ruler_remote_write_queue_max_shards: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of samples
# per send.
[ruler_remote_write_queue_max_samples_per_send: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum time a sample
# will wait in buffer.
[ruler_remote_write_queue_batch_send_deadline: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Initial retry delay. Gets
# doubled for every retry.
[ruler_remote_write_queue_min_backoff: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum retry delay.
[ruler_remote_write_queue_max_backoff: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Retry upon receiving a
# 429 status code from the remote-write storage. This is experimental and might
# change in the future.
[ruler_remote_write_queue_retry_on_ratelimit: <boolean>]

# Deprecated: Use 'ruler_remote_write_config' instead. Configures AWS's
# Signature Verification 4 signing process to sign every remote write request.
ruler_remote_write_sigv4_config:
  [region: <string> | default = ""]

  [access_key: <string> | default = ""]

  [secret_key: <string> | default = ""]

  [profile: <string> | default = ""]

  [role_arn: <string> | default = ""]

# Configures global and per-tenant limits for remote write clients. A map with
# remote client id as key.
[ruler_remote_write_config: <map of string to RemoteWriteConfig>]

# Timeout for a remote rule evaluation. Defaults to the value of
# 'querier.query-timeout'.
[ruler_remote_evaluation_timeout: <duration>]

# Maximum size (in bytes) of the allowable response size from a remote rule
# evaluation. Set to 0 to allow any response size (default).
[ruler_remote_evaluation_max_response_size: <int>]

# Deletion mode. Can be one of 'disabled', 'filter-only', or
# 'filter-and-delete'. When set to 'filter-only' or 'filter-and-delete', and if
# retention_enabled is true, then the log entry deletion API endpoints are
# available.
# CLI flag: -compactor.deletion-mode
[deletion_mode: <string> | default = "filter-and-delete"]

# Retention period to apply to stored data, only applies if retention_enabled is
# true in the compactor config. As of version 2.8.0, a zero value of 0 or 0s
# disables retention. In previous releases, Loki did not properly honor a zero
# value to disable retention and a really large value should be used instead.
# CLI flag: -store.retention
[retention_period: <duration> | default = 0s]

# Per-stream retention to apply, if the retention is enabled on the compactor
# side.
# Example:
#  retention_stream:
#  - selector: '{namespace="dev"}'
#  priority: 1
#  period: 24h
# - selector: '{container="nginx"}'
#  priority: 1
#  period: 744h
# Selector is a Prometheus labels matchers that will apply the 'period'
# retention only if the stream is matching. In case multiple streams are
# matching, the highest priority will be picked. If no rule is matched the
# 'retention_period' is used.
[retention_stream: <list of StreamRetentions>]

# Feature renamed to 'runtime configuration', flag deprecated in favor of
# -runtime-config.file (runtime_config.file in YAML).
# CLI flag: -limits.per-user-override-config
[per_tenant_override_config: <string> | default = ""]

# Feature renamed to 'runtime configuration'; flag deprecated in favor of
# -runtime-config.reload-period (runtime_config.period in YAML).
# CLI flag: -limits.per-user-override-period
[per_tenant_override_period: <duration> | default = 10s]

# Deprecated: Use deletion_mode per tenant configuration instead.
[allow_deletes: <boolean>]

# Define streams sharding behavior.
shard_streams:
  # Automatically shard streams to keep them under the per-stream rate limit.
  # Sharding is dictated by the desired rate.
  # CLI flag: -shard-streams.enabled
  [enabled: <boolean> | default = true]

  # Automatically shard streams by adding a __time_shard__ label, with values
  # calculated from the log timestamps divided by MaxChunkAge/2. This allows the
  # out-of-order ingestion of very old logs. If both flags are enabled,
  # time-based sharding will happen before rate-based sharding.
  # CLI flag: -shard-streams.time-sharding-enabled
  [time_sharding_enabled: <boolean> | default = false]

  # Logs with timestamps that are newer than this value will not be
  # time-sharded.
  # CLI flag: -shard-streams.time-sharding-ignore-recent
  [time_sharding_ignore_recent: <duration> | default = 40m]

  # Whether to log sharding streams behavior or not. Not recommended for
  # production environments.
  # CLI flag: -shard-streams.logging-enabled
  [logging_enabled: <boolean> | default = false]

  # Threshold used to cut a new shard. Default (1536KB) means if a rate is above
  # 1536KB/s, it will be sharded into two streams.
  # CLI flag: -shard-streams.desired-rate
  [desired_rate: <int> | default = 1536KB]

[blocked_queries: <blocked_query...>]

# Define a list of required selector labels.
[required_labels: <list of strings>]

# Minimum number of label matchers a query should contain.
[minimum_labels_number: <int>]

# The shard size defines how many index gateways should be used by a tenant for
# querying. If the global shard factor is 0, the global shard factor is set to
# the deprecated -replication-factor for backwards compatibility reasons.
# CLI flag: -index-gateway.shard-size
[index_gateway_shard_size: <int> | default = 0]

# Experimental. Whether to use the bloom gateway component in the read path to
# filter chunks.
# CLI flag: -bloom-gateway.enable-filtering
[bloom_gateway_enable_filtering: <boolean> | default = false]

# Experimental. Maximum number of builders to use when building blooms. 0 allows
# unlimited builders.
# CLI flag: -bloom-build.max-builders
[bloom_build_max_builders: <int> | default = 0]

# Experimental. Maximum number of retries for a failed task. If a task fails
# more than this number of times, it is considered failed and will not be
# retried. A value of 0 disables this limit.
# CLI flag: -bloom-build.task-max-retries
[bloom_build_task_max_retries: <int> | default = 3]

# Experimental. Timeout for a builder to finish a task. If a builder does not
# respond within this time, it is considered failed and the task will be
# requeued. 0 disables the timeout.
# CLI flag: -bloom-build.builder-response-timeout
[bloom_build_builder_response_timeout: <duration> | default = 0s]

# Experimental. Whether to create blooms for the tenant.
# CLI flag: -bloom-build.enable
[bloom_creation_enabled: <boolean> | default = false]

# Experimental. Bloom planning strategy to use in bloom creation. Can be one of:
# 'split_keyspace_by_factor', 'split_by_series_chunks_size'
# CLI flag: -bloom-build.planning-strategy
[bloom_planning_strategy: <string> | default = "split_keyspace_by_factor"]

# Experimental. Only if `bloom-build.planning-strategy` is 'split'. Number of
# splits to create for the series keyspace when building blooms. The series
# keyspace is split into this many parts to parallelize bloom creation.
# CLI flag: -bloom-build.split-keyspace-by
[bloom_split_series_keyspace_by: <int> | default = 256]

# Experimental. Target chunk size in bytes for bloom tasks. Default is 20GB.
# CLI flag: -bloom-build.split-target-series-chunk-size
[bloom_task_target_series_chunk_size: <int> | default = 20GB]

# Experimental. Compression algorithm for bloom block pages.
# CLI flag: -bloom-build.block-encoding
[bloom_block_encoding: <string> | default = "none"]

# Experimental. Prefetch blocks on bloom gateways as soon as they are built.
# CLI flag: -bloom-build.prefetch-blocks
[bloom_prefetch_blocks: <boolean> | default = false]

# Experimental. The maximum bloom block size. A value of 0 sets an unlimited
# size. Default is 200MB. The actual block size might exceed this limit since
# blooms will be added to blocks until the block exceeds the maximum block size.
# CLI flag: -bloom-build.max-block-size
[bloom_max_block_size: <int> | default = 200MB]

# Experimental. The maximum bloom size per log stream. A log stream whose
# generated bloom filter exceeds this size will be discarded. A value of 0 sets
# an unlimited size. Default is 128MB.
# CLI flag: -bloom-build.max-bloom-size
[bloom_max_bloom_size: <int> | default = 128MB]

# Allow user to send structured metadata in push payload.
# CLI flag: -validation.allow-structured-metadata
[allow_structured_metadata: <boolean> | default = true]

# Maximum size accepted for structured metadata per log line.
# CLI flag: -limits.max-structured-metadata-size
[max_structured_metadata_size: <int> | default = 64KB]

# Maximum number of structured metadata entries per log line.
# CLI flag: -limits.max-structured-metadata-entries-count
[max_structured_metadata_entries_count: <int> | default = 128]

# OTLP log ingestion configurations
otlp_config:
  # Configuration for resource attributes to store them as index labels or
  # Structured Metadata or drop them altogether
  resource_attributes:
    # Configure whether to ignore the default list of resource attributes set in
    # 'distributor.otlp.default_resource_attributes_as_index_labels' to be
    # stored as index labels and only use the given resource attributes config
    [ignore_defaults: <boolean> | default = false]

    [attributes_config: <list of attributes_configs>]

  # Configuration for scope attributes to store them as Structured Metadata or
  # drop them altogether
  [scope_attributes: <list of attributes_configs>]

  # Configuration for log attributes to store them as index labels or Structured
  # Metadata or drop them altogether
  [log_attributes: <list of attributes_configs>]

  # When true, the severity_text field from log records will be stored as an
  # index label. It is recommended not to use this option unless absolutely
  # necessary
  [severity_text_as_label: <boolean> | default = false]

# Block ingestion for policy until the configured date. The policy '*' is the
# global policy, which is applied to all streams not matching a policy and can
# be overridden by other policies. The time should be in RFC3339 format. The
# policy is based on the policy_stream_mapping configuration.
[block_ingestion_policy_until: <map of string to Time>]

# Block ingestion until the configured date. The time should be in RFC3339
# format.
# CLI flag: -limits.block-ingestion-until
[block_ingestion_until: <time> | default = 0]

# HTTP status code to return when ingestion is blocked. If 200, the ingestion
# will be blocked without returning an error to the client. By Default, a custom
# status code (260) is returned to the client along with an error message.
# CLI flag: -limits.block-ingestion-status-code
[block_ingestion_status_code: <int> | default = 260]

# List of labels that must be present in the stream. If any of the labels are
# missing, the stream will be discarded. This flag configures it globally for
# all tenants. Experimental.
# CLI flag: -validation.enforced-labels
[enforced_labels: <list of strings> | default = []]

# Map of policies to enforced labels. The policy '*' is the global policy, which
# is applied to all streams and can be extended by other policies. Example:
#  policy_enforced_labels: 
#   policy1: 
#     - label1 
#     - label2 
#   policy2: 
#     - label3 
#     - label4
#   '*':
#     - label5
[policy_enforced_labels: <map of string to list of strings>]

# Map of policies to stream selectors with a priority. Experimental.  Example:
#  policy_stream_mapping: 
#   finance: 
#     - selector: '{namespace="prod", container="billing"}' 
#       priority: 2 
#   ops: 
#     - selector: '{namespace="prod", container="ops"}' 
#       priority: 1 
#   staging: 
#     - selector: '{namespace="staging"}' 
#       priority: 1
[policy_stream_mapping: <map of string to list of PriorityStreams>]

# The number of partitions a tenant's data should be sharded to when using kafka
# ingestion. Tenants are sharded across partitions using shuffle-sharding. 0
# disables shuffle sharding and tenant is sharded across all partitions.
# CLI flag: -limits.ingestion-partition-tenant-shard-size
[ingestion_partitions_tenant_shard_size: <int> | default = 0]

# List of LogQL vector and range aggregations that should be sharded.
[shard_aggregations: <list of strings>]

# Enable metric aggregation. When enabled, pushed streams will be sampled for
# bytes and count, and these metric will be written back into Loki as a special
# __aggregated_metric__ stream, which can be queried for faster histogram
# queries.
# CLI flag: -limits.metric-aggregation-enabled
[metric_aggregation_enabled: <boolean> | default = false]

# S3 server-side encryption type. Required to enable server-side encryption
# overrides for a specific tenant. If not set, the default S3 client settings
# are used.
[s3_sse_type: <string> | default = ""]

# S3 server-side encryption KMS Key ID. Ignored if the SSE type override is not
# set.
[s3_sse_kms_key_id: <string> | default = ""]

# S3 server-side encryption KMS encryption context. If unset and the key ID
# override is set, the encryption context will not be provided to S3. Ignored if
# the SSE type override is not set.
[s3_sse_kms_encryption_context: <string> | default = ""]

local_storage_config

local_storage_config 块配置将本地文件系统用作对象存储后端。

yaml
# Directory to store chunks in.
# CLI flag: -local.chunk-directory
[directory: <string> | default = ""]

memberlist

memberlist 客户端配置。仅在选定的 kvstore 为 memberlist 时适用。

当定义了至少包含 1 个 join_members 的 memberlist 配置时,memberlist 类型的 kvstore 会自动为所有需要环的组件选择,除非在组件的配置部分中另有指定。

yaml
# Name of the node in memberlist cluster. Defaults to hostname.
# CLI flag: -memberlist.nodename
[node_name: <string> | default = ""]

# Add random suffix to the node name.
# CLI flag: -memberlist.randomize-node-name
[randomize_node_name: <boolean> | default = true]

# The timeout for establishing a connection with a remote node, and for
# read/write operations.
# CLI flag: -memberlist.stream-timeout
[stream_timeout: <duration> | default = 2s]

# Multiplication factor used when sending out messages (factor * log(N+1)).
# CLI flag: -memberlist.retransmit-factor
[retransmit_factor: <int> | default = 4]

# How often to use pull/push sync.
# CLI flag: -memberlist.pullpush-interval
[pull_push_interval: <duration> | default = 30s]

# How often to gossip.
# CLI flag: -memberlist.gossip-interval
[gossip_interval: <duration> | default = 200ms]

# How many nodes to gossip to.
# CLI flag: -memberlist.gossip-nodes
[gossip_nodes: <int> | default = 3]

# How long to keep gossiping to dead nodes, to give them chance to refute their
# death.
# CLI flag: -memberlist.gossip-to-dead-nodes-time
[gossip_to_dead_nodes_time: <duration> | default = 30s]

# How soon can dead node's name be reclaimed with new address. 0 to disable.
# CLI flag: -memberlist.dead-node-reclaim-time
[dead_node_reclaim_time: <duration> | default = 0s]

# Enable message compression. This can be used to reduce bandwidth usage at the
# cost of slightly more CPU utilization.
# CLI flag: -memberlist.compression-enabled
[compression_enabled: <boolean> | default = true]

# How frequently to notify watchers when a key changes. Can reduce CPU activity
# in large memberlist deployments. 0 to notify without delay.
# CLI flag: -memberlist.notify-interval
[notify_interval: <duration> | default = 0s]

# Gossip address to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-addr
[advertise_addr: <string> | default = ""]

# Gossip port to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-port
[advertise_port: <int> | default = 7946]

# The cluster label is an optional string to include in outbound packets and
# gossip streams. Other members in the memberlist cluster will discard any
# message whose label doesn't match the configured one, unless the
# 'cluster-label-verification-disabled' configuration option is set to true.
# CLI flag: -memberlist.cluster-label
[cluster_label: <string> | default = ""]

# When true, memberlist doesn't verify that inbound packets and gossip streams
# have the cluster label matching the configured one. This verification should
# be disabled while rolling out the change to the configured cluster label in a
# live memberlist cluster.
# CLI flag: -memberlist.cluster-label-verification-disabled
[cluster_label_verification_disabled: <boolean> | default = false]

# Other cluster members to join. Can be specified multiple times. It can be an
# IP, hostname or an entry specified in the DNS Service Discovery format.
# CLI flag: -memberlist.join
[join_members: <list of strings> | default = []]

# Min backoff duration to join other cluster members.
# CLI flag: -memberlist.min-join-backoff
[min_join_backoff: <duration> | default = 1s]

# Max backoff duration to join other cluster members.
# CLI flag: -memberlist.max-join-backoff
[max_join_backoff: <duration> | default = 1m]

# Max number of retries to join other cluster members.
# CLI flag: -memberlist.max-join-retries
[max_join_retries: <int> | default = 10]

# If this node fails to join memberlist cluster, abort.
# CLI flag: -memberlist.abort-if-join-fails
[abort_if_cluster_join_fails: <boolean> | default = false]

# If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix
# the cluster split issue, and is harmless otherwise. For example when using
# only few components as a seed nodes (via -memberlist.join), then it's
# recommended to use rejoin. If -memberlist.join points to dynamic service that
# resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin
# is not needed.
# CLI flag: -memberlist.rejoin-interval
[rejoin_interval: <duration> | default = 0s]

# How long to keep LEFT ingesters in the ring.
# CLI flag: -memberlist.left-ingesters-timeout
[left_ingesters_timeout: <duration> | default = 5m]

# How long to keep obsolete entries in the KV store.
# CLI flag: -memberlist.obsolete-entries-timeout
[obsolete_entries_timeout: <duration> | default = 30s]

# Timeout for leaving memberlist cluster.
# CLI flag: -memberlist.leave-timeout
[leave_timeout: <duration> | default = 20s]

# Timeout for broadcasting all remaining locally-generated updates to other
# nodes when shutting down. Only used if there are nodes left in the memberlist
# cluster, and only applies to locally-generated updates, not to broadcast
# messages that are result of incoming gossip updates. 0 = no timeout, wait
# until all locally-generated updates are sent.
# CLI flag: -memberlist.broadcast-timeout-for-local-updates-on-shutdown
[broadcast_timeout_for_local_updates_on_shutdown: <duration> | default = 10s]

# How much space to use for keeping received and sent messages in memory for
# troubleshooting (two buffers). 0 to disable.
# CLI flag: -memberlist.message-history-buffer-bytes
[message_history_buffer_bytes: <int> | default = 0]

# IP address to listen on for gossip messages. Multiple addresses may be
# specified. Defaults to 0.0.0.0
# CLI flag: -memberlist.bind-addr
[bind_addr: <list of strings> | default = []]

# Port to listen on for gossip messages.
# CLI flag: -memberlist.bind-port
[bind_port: <int> | default = 7946]

# Timeout used when connecting to other nodes to send packet.
# CLI flag: -memberlist.packet-dial-timeout
[packet_dial_timeout: <duration> | default = 2s]

# Timeout for writing 'packet' data.
# CLI flag: -memberlist.packet-write-timeout
[packet_write_timeout: <duration> | default = 5s]

# Maximum number of concurrent writes to other nodes.
# CLI flag: -memberlist.max-concurrent-writes
[max_concurrent_writes: <int> | default = 3]

# Timeout for acquiring one of the concurrent write slots. After this time, the
# message will be dropped.
# CLI flag: -memberlist.acquire-writer-timeout
[acquire_writer_timeout: <duration> | default = 250ms]

# Enable TLS on the memberlist transport layer.
# CLI flag: -memberlist.tls-enabled
[tls_enabled: <boolean> | default = false]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: memberlist
[<tls_config>]

named_stores_config

配置给定存储提供商的附加对象存储。支持的存储:aws, azure, bos, filesystem, gcs, swift。例如:

yaml
    storage_config:
      named_stores:
        aws:
          store-1:
            endpoint: s3://foo-bucket
            region: us-west1

此示例中的命名存储可以通过在 period_config 中将 object_store 设置为 store-1 来使用。

yaml
[aws: <map of string to aws_storage_config>]

[azure: <map of string to azure_storage_config>]

[bos: <map of string to bos_storage_config>]

[filesystem: <map of string to local_storage_config>]

[gcs: <map of string to gcs_storage_config>]

[alibabacloud: <map of string to alibabacloud_storage_config>]

[swift: <map of string to swift_storage_config>]

[cos: <map of string to cos_storage_config>]

operational_config

这些值允许您控制 Loki 运行的各个方面,最常用于控制更高详细级别日志记录的类型,此处的值可以在 runtime_config 文件的 configs 部分中被覆盖。

yaml
# Log every new stream created by a push request (very verbose, recommend to
# enable via runtime config only).
# CLI flag: -operation-config.log-stream-creation
[log_stream_creation: <boolean> | default = false]

# Log every push request (very verbose, recommend to enable via runtime config
# only).
# CLI flag: -operation-config.log-push-request
[log_push_request: <boolean> | default = false]

# Log every stream in a push request (very verbose, recommend to enable via
# runtime config only).
# CLI flag: -operation-config.log-push-request-streams
[log_push_request_streams: <boolean> | default = false]

# Log metrics for duplicate lines received.
# CLI flag: -operation-config.log-duplicate-metrics
[log_duplicate_metrics: <boolean> | default = false]

# Log stream info for duplicate lines received
# CLI flag: -operation-config.log-duplicate-stream-info
[log_duplicate_stream_info: <boolean> | default = false]

# Log push errors with a rate limited logger, will show client push errors
# without overly spamming logs.
# CLI flag: -operation-config.limited-log-push-errors
[limited_log_push_errors: <boolean> | default = true]

period_config

period_config 块配置特定时间段应使用的索引模式。

yaml
# The date of the first day that index buckets should be created. Use a date in
# the past if this is your only period_config, otherwise use a date when you
# want the schema to switch over. In YYYY-MM-DD format, for example: 2018-04-15.
[from: <daytime>]

# store and object_store below affect which <storage_config> key is used. Which
# index to use. Either tsdb or boltdb-shipper. Following stores are deprecated:
# aws, aws-dynamo, gcp, gcp-columnkey, bigtable, bigtable-hashed, cassandra,
# grpc.
[store: <string> | default = ""]

# Which store to use for the chunks. Either aws (alias s3), azure, gcs,
# alibabacloud, bos, cos, swift, filesystem, or a named_store (refer to
# named_stores_config). Following stores are deprecated: aws-dynamo, gcp,
# gcp-columnkey, bigtable, bigtable-hashed, cassandra, grpc.
[object_store: <string> | default = ""]

# The schema version to use, current recommended schema is v13.
[schema: <string> | default = ""]

# Configures how the index is updated and stored.
index:
  # Path prefix for index tables. Prefix always needs to end with a path
  # delimiter '/', except when the prefix is empty.
  [path_prefix: <string> | default = "index/"]

  # Table prefix for all period tables.
  [prefix: <string> | default = ""]

  # Table period.
  [period: <duration>]

  # A map to be added to all managed tables.
  [tags: <map of string to string>]

# Configured how the chunks are updated and stored.
chunks:
  # Table prefix for all period tables.
  [prefix: <string> | default = ""]

  # Table period.
  [period: <duration>]

  # A map to be added to all managed tables.
  [tags: <map of string to string>]

# How many shards will be created. Only used if schema is v10 or greater.
[row_shards: <int> | default = 16]

profiling

profiling 选项的配置。

yaml
# Sets the value for runtime.SetBlockProfilingRate
# CLI flag: -profiling.block-profile-rate
[block_profile_rate: <int> | default = 0]

# Sets the value for runtime.SetCPUProfileRate
# CLI flag: -profiling.cpu-profile-rate
[cpu_profile_rate: <int> | default = 0]

# Sets the value for runtime.SetMutexProfileFraction
# CLI flag: -profiling.mutex-profile-fraction
[mutex_profile_fraction: <int> | default = 0]

querier

配置 querier。仅在运行所有模块或仅运行 querier 时适用。

yaml
# Maximum duration for which the live tailing requests are served.
# CLI flag: -querier.tail-max-duration
[tail_max_duration: <duration> | default = 1h]

# Time to wait before sending more than the minimum successful query requests.
# CLI flag: -querier.extra-query-delay
[extra_query_delay: <duration> | default = 0s]

# Maximum lookback beyond which queries are not sent to ingester. 0 means all
# queries are sent to ingester.
# CLI flag: -querier.query-ingesters-within
[query_ingesters_within: <duration> | default = 3h]

engine:
  # The maximum amount of time to look back for log lines. Used only for instant
  # log queries.
  # CLI flag: -querier.engine.max-lookback-period
  [max_look_back_period: <duration> | default = 30s]

  # The maximum number of labels the heap of a topk query using a count min
  # sketch can track.
  # CLI flag: -querier.engine.max-count-min-sketch-heap-size
  [max_count_min_sketch_heap_size: <int> | default = 10000]

# The maximum number of queries that can be simultaneously processed by the
# querier.
# CLI flag: -querier.max-concurrent
[max_concurrent: <int> | default = 4]

# Only query the store, and not attempt any ingesters. This is useful for
# running a standalone querier pool operating only against stored data.
# CLI flag: -querier.query-store-only
[query_store_only: <boolean> | default = false]

# When true, queriers only query the ingesters, and not stored data. This is
# useful when the object store is unavailable.
# CLI flag: -querier.query-ingester-only
[query_ingester_only: <boolean> | default = false]

# When true, allow queries to span multiple tenants.
# CLI flag: -querier.multi-tenant-queries-enabled
[multi_tenant_queries_enabled: <boolean> | default = false]

# When true, querier limits sent via a header are enforced.
# CLI flag: -querier.per-request-limits-enabled
[per_request_limits_enabled: <boolean> | default = false]

# When true, querier directs ingester queries to the partition-ingesters instead
# of the normal ingesters.
# CLI flag: -querier.query-partition-ingesters
[query_partition_ingesters: <boolean> | default = false]

query_range

query_range 块配置 Loki 查询前端中的查询拆分和缓存。

yaml
# Mutate incoming queries to align their start and end with their step.
# CLI flag: -querier.align-querier-with-step
[align_queries_with_step: <boolean> | default = false]

results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is: frontend
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.compression
  [compression: <string> | default = ""]

# Cache query results.
# CLI flag: -querier.cache-results
[cache_results: <boolean> | default = false]

# Maximum number of retries for a single request; beyond this, the downstream
# error is returned.
# CLI flag: -querier.max-retries-per-request
[max_retries: <int> | default = 5]

# Perform query parallelisations based on storage sharding configuration and
# query ASTs. This feature is supported only by the chunks storage engine.
# CLI flag: -querier.parallelise-shardable-queries
[parallelise_shardable_queries: <boolean> | default = true]

# A comma-separated list of LogQL vector and range aggregations that should be
# sharded. Possible values 'quantile_over_time', 'last_over_time',
# 'first_over_time'.
# CLI flag: -querier.shard-aggregations
[shard_aggregations: <string> | default = ""]

# Cache index stats query results.
# CLI flag: -querier.cache-index-stats-results
[cache_index_stats_results: <boolean> | default = true]

# If a cache config is not specified and cache_index_stats_results is true, the
# config for the results cache is used.
index_stats_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.index-stats-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.index-stats-results-cache.compression
  [compression: <string> | default = ""]

# Cache volume query results.
# CLI flag: -querier.cache-volume-results
[cache_volume_results: <boolean> | default = true]

# If a cache config is not specified and cache_volume_results is true, the
# config for the results cache is used.
volume_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.volume-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.volume-results-cache.compression
  [compression: <string> | default = ""]

# Cache instant metric query results.
# CLI flag: -querier.cache-instant-metric-results
[cache_instant_metric_results: <boolean> | default = false]

# If a cache config is not specified and cache_instant_metric_results is true,
# the config for the results cache is used.
instant_metric_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.instant-metric-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.instant-metric-results-cache.compression
  [compression: <string> | default = ""]

# Whether to align the splits of instant metric query with splitByInterval and
# query's exec time. Useful when instant_metric_cache is enabled
# CLI flag: -querier.instant-metric-query-split-align
[instant_metric_query_split_align: <boolean> | default = false]

# Cache series query results.
# CLI flag: -querier.cache-series-results
[cache_series_results: <boolean> | default = true]

# If series_results_cache is not configured and cache_series_results is true,
# the config for the results cache is used.
series_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.series-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.series-results-cache.compression
  [compression: <string> | default = ""]

# Cache label query results.
# CLI flag: -querier.cache-label-results
[cache_label_results: <boolean> | default = true]

# If label_results_cache is not configured and cache_label_results is true, the
# config for the results cache is used.
label_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.label-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.label-results-cache.compression
  [compression: <string> | default = ""]

query_scheduler

query_scheduler 块配置 Loki 查询调度器。配置后,它将租户查询队列与查询前端分开。

yaml
# Maximum number of outstanding requests per tenant per query-scheduler.
# In-flight requests above this limit will fail with HTTP response status code
# 429.
# CLI flag: -query-scheduler.max-outstanding-requests-per-tenant
[max_outstanding_requests_per_tenant: <int> | default = 32000]

# Maximum number of levels of nesting of hierarchical queues. 0 means that
# hierarchical queues are disabled.
# CLI flag: -query-scheduler.max-queue-hierarchy-levels
[max_queue_hierarchy_levels: <int> | default = 3]

# If a querier disconnects without sending notification about graceful shutdown,
# the query-scheduler will keep the querier in the tenant's shard until the
# forget delay has passed. This feature is useful to reduce the blast radius
# when shuffle-sharding is enabled.
# CLI flag: -query-scheduler.querier-forget-delay
[querier_forget_delay: <duration> | default = 0s]

# This configures the gRPC client used to report errors back to the
# query-frontend.
# The CLI flags prefix for this block configuration is:
# query-scheduler.grpc-client-config
[grpc_client_config: <grpc_client>]

# Set to true to have the query schedulers create and place themselves in a
# ring. If no frontend_address or scheduler_address are present anywhere else in
# the configuration, Loki will toggle this value to true.
# CLI flag: -query-scheduler.use-scheduler-ring
[use_scheduler_ring: <boolean> | default = false]

# The hash ring configuration. This option is required only if
# use_scheduler_ring is true.
scheduler_ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -query-scheduler.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -query-scheduler.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: query-scheduler.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: query-scheduler.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -query-scheduler.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -query-scheduler.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to secondary store.
      # CLI flag: -query-scheduler.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing value to secondary store.
      # CLI flag: -query-scheduler.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring. 0 = disabled.
  # CLI flag: -query-scheduler.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -query-scheduler.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -query-scheduler.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -query-scheduler.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Instance ID to register in the ring.
  # CLI flag: -query-scheduler.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -query-scheduler.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -query-scheduler.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -query-scheduler.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -query-scheduler.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -query-scheduler.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

ruler

ruler 块配置 Loki ruler。

yaml
# Base URL of the Grafana instance.
# CLI flag: -ruler.external.url
[external_url: <url>]

# Datasource UID for the dashboard.
# CLI flag: -ruler.datasource-uid
[datasource_uid: <string> | default = ""]

# Labels to add to all alerts.
[external_labels: <list of Labels>]

# The grpc_client block configures the gRPC client used to communicate between a
# client and server component in Loki.
# The CLI flags prefix for this block configuration is: ruler.client
[ruler_client: <grpc_client>]

# How frequently to evaluate rules.
# CLI flag: -ruler.evaluation-interval
[evaluation_interval: <duration> | default = 1m]

# How frequently to poll for rule changes.
# CLI flag: -ruler.poll-interval
[poll_interval: <duration> | default = 1m]

# Deprecated: Use -ruler-storage. CLI flags and their respective YAML config
# options instead.
storage:
  # Method to use for backend rule storage (configdb, azure, gcs, s3, swift,
  # local, bos, cos)
  # CLI flag: -ruler.storage.type
  [type: <string> | default = ""]

  # Configures backend rule storage for Azure.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [azure: <azure_storage_config>]

  # Configures backend rule storage for AlibabaCloud Object Storage (OSS).
  # The CLI flags prefix for this block configuration is: ruler.storage
  [alibabacloud: <alibabacloud_storage_config>]

  # Configures backend rule storage for GCS.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [gcs: <gcs_storage_config>]

  # Configures backend rule storage for S3.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [s3: <s3_storage_config>]

  # Configures backend rule storage for Baidu Object Storage (BOS).
  # The CLI flags prefix for this block configuration is: ruler.storage
  [bos: <bos_storage_config>]

  # Configures backend rule storage for Swift.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [swift: <swift_storage_config>]

  # Configures backend rule storage for IBM Cloud Object Storage (COS).
  # The CLI flags prefix for this block configuration is: ruler.storage
  [cos: <cos_storage_config>]

  # Configures backend rule storage for a local file system directory.
  local:
    # Directory to scan for rules
    # CLI flag: -ruler.storage.local.directory
    [directory: <string> | default = ""]

# File path to store temporary rule files.
# CLI flag: -ruler.rule-path
[rule_path: <string> | default = "/rules"]

# Comma-separated list of Alertmanager URLs to send notifications to. Each
# Alertmanager URL is treated as a separate group in the configuration. Multiple
# Alertmanagers in HA per group can be supported by using DNS resolution via
# '-ruler.alertmanager-discovery'.
# CLI flag: -ruler.alertmanager-url
[alertmanager_url: <string> | default = ""]

# Use DNS SRV records to discover Alertmanager hosts.
# CLI flag: -ruler.alertmanager-discovery
[enable_alertmanager_discovery: <boolean> | default = false]

# How long to wait between refreshing DNS resolutions of Alertmanager hosts.
# CLI flag: -ruler.alertmanager-refresh-interval
[alertmanager_refresh_interval: <duration> | default = 1m]

# Use Alertmanager APIv2. APIv1 was deprecated in Alertmanager 0.16.0 and is
# removed as of 0.27.0.
# CLI flag: -ruler.alertmanager-use-v2
[enable_alertmanager_v2: <boolean> | default = true]

# List of alert relabel configs.
[alert_relabel_configs: <relabel_config...>]

# Capacity of the queue for notifications to be sent to the Alertmanager.
# CLI flag: -ruler.notification-queue-capacity
[notification_queue_capacity: <int> | default = 10000]

# HTTP timeout duration when sending notifications to the Alertmanager.
# CLI flag: -ruler.notification-timeout
[notification_timeout: <duration> | default = 10s]

alertmanager_client:
  # The TLS configuration.
  # The CLI flags prefix for this block configuration is:
  # ruler.alertmanager-client
  [<tls_config>]

  # HTTP Basic authentication username. It overrides the username set in the URL
  # (if any).
  # CLI flag: -ruler.alertmanager-client.basic-auth-username
  [basic_auth_username: <string> | default = ""]

  # HTTP Basic authentication password. It overrides the password set in the URL
  # (if any).
  # CLI flag: -ruler.alertmanager-client.basic-auth-password
  [basic_auth_password: <string> | default = ""]

  # HTTP Header authorization type (default: Bearer).
  # CLI flag: -ruler.alertmanager-client.type
  [type: <string> | default = "Bearer"]

  # HTTP Header authorization credentials.
  # CLI flag: -ruler.alertmanager-client.credentials
  [credentials: <string> | default = ""]

  # HTTP Header authorization credentials file.
  # CLI flag: -ruler.alertmanager-client.credentials-file
  [credentials_file: <string> | default = ""]

# Max time to tolerate outage for restoring "for" state of alert.
# CLI flag: -ruler.for-outage-tolerance
[for_outage_tolerance: <duration> | default = 1h]

# Minimum duration between alert and restored "for" state. This is maintained
# only for alerts with configured "for" time greater than the grace period.
# CLI flag: -ruler.for-grace-period
[for_grace_period: <duration> | default = 10m]

# Minimum amount of time to wait before resending an alert to Alertmanager.
# CLI flag: -ruler.resend-delay
[resend_delay: <duration> | default = 1m]

# Distribute rule evaluation using ring backend.
# CLI flag: -ruler.enable-sharding
[enable_sharding: <boolean> | default = false]

# The sharding strategy to use. Supported values are: default, shuffle-sharding.
# CLI flag: -ruler.sharding-strategy
[sharding_strategy: <string> | default = "default"]

# The sharding algorithm to use for deciding how rules & groups are sharded.
# Supported values are: by-group, by-rule.
# CLI flag: -ruler.sharding-algo
[sharding_algo: <string> | default = "by-group"]

# Time to spend searching for a pending ruler when shutting down.
# CLI flag: -ruler.search-pending-for
[search_pending_for: <duration> | default = 5m]

# Ring used by Loki ruler. The CLI flags prefix for this block configuration is
# 'ruler.ring'.
ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -ruler.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -ruler.ring.prefix
    [prefix: <string> | default = "rulers/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: ruler.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: ruler.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -ruler.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -ruler.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to secondary store.
      # CLI flag: -ruler.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing value to secondary store.
      # CLI flag: -ruler.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Interval between heartbeats sent to the ring. 0 = disabled.
  # CLI flag: -ruler.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 5s]

  # The heartbeat timeout after which ruler ring members are considered
  # unhealthy within the ring. 0 = never (timeout disabled).
  # CLI flag: -ruler.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # Name of network interface to read addresses from.
  # CLI flag: -ruler.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # The number of tokens the lifecycler will generate and put into the ring if
  # it joined without transferring tokens from another lifecycler.
  # CLI flag: -ruler.ring.num-tokens
  [num_tokens: <int> | default = 128]

# Period with which to attempt to flush rule groups.
# CLI flag: -ruler.flush-period
[flush_period: <duration> | default = 1m]

# Enable the ruler API.
# CLI flag: -ruler.enable-api
[enable_api: <boolean> | default = true]

# Comma separated list of tenants whose rules this ruler can evaluate. If
# specified, only these tenants will be handled by ruler, otherwise this ruler
# can process rules from all tenants. Subject to sharding.
# CLI flag: -ruler.enabled-tenants
[enabled_tenants: <string> | default = ""]

# Comma separated list of tenants whose rules this ruler cannot evaluate. If
# specified, a ruler that would normally pick the specified tenant(s) for
# processing will ignore them instead. Subject to sharding.
# CLI flag: -ruler.disabled-tenants
[disabled_tenants: <string> | default = ""]

# Report the wall time for ruler queries to complete as a per user metric and as
# an info level log message.
# CLI flag: -ruler.query-stats-enabled
[query_stats_enabled: <boolean> | default = false]

# Disable the rule_group label on exported metrics.
# CLI flag: -ruler.disable-rule-group-label
[disable_rule_group_label: <boolean> | default = false]

wal:
  # The directory in which to write tenant WAL files. Each tenant will have its
  # own directory one level below this directory.
  # CLI flag: -ruler.wal.dir
  [dir: <string> | default = "ruler-wal"]

  # Frequency with which to run the WAL truncation process.
  # CLI flag: -ruler.wal.truncate-frequency
  [truncate_frequency: <duration> | default = 1h]

  # Minimum age that samples must exist in the WAL before being truncated.
  # CLI flag: -ruler.wal.min-age
  [min_age: <duration> | default = 5m]

  # Maximum age that samples must exist in the WAL before being truncated.
  # CLI flag: -ruler.wal.max-age
  [max_age: <duration> | default = 4h]

wal_cleaner:
  # The minimum age of a WAL to consider for cleaning.
  # CLI flag: -ruler.wal-cleaner.min-age
  [min_age: <duration> | default = 12h]

  # How often to run the WAL cleaner. 0 = disabled.
  # CLI flag: -ruler.wal-cleaner.period
  [period: <duration> | default = 0s]

# Remote-write configuration to send rule samples to a Prometheus remote-write
# endpoint.
remote_write:
  # Deprecated: Use 'clients' instead. Configure remote write client.
  [client: <RemoteWriteConfig>]

  # Configure remote write clients. A map with remote client id as key. For
  # details, see
  # https://prometheus.ac.cn/docs/prometheus/latest/configuration/configuration/#remote_write
  # Specifying a header with key 'X-Scope-OrgID' under the 'headers' section of
  # RemoteWriteConfig is not permitted. If specified, it will be dropped during
  # config parsing.
  [clients: <map of string to RemoteWriteConfig>]

  # Enable remote-write functionality.
  # CLI flag: -ruler.remote-write.enabled
  [enabled: <boolean> | default = false]

  # Minimum period to wait between refreshing remote-write reconfigurations.
  # This should be greater than or equivalent to
  # -limits.per-user-override-period.
  # CLI flag: -ruler.remote-write.config-refresh-period
  [config_refresh_period: <duration> | default = 10s]

  # Add an X-Scope-OrgID header in remote write requests with the tenant ID of a
  # Loki tenant that the recording rules are part of.
  # CLI flag: -ruler.remote-write.add-org-id-header
  [add_org_id_header: <boolean> | default = true]

# Configuration for rule evaluation.
evaluation:
  # The evaluation mode for the ruler. Can be either 'local' or 'remote'. If set
  # to 'local', the ruler will evaluate rules locally. If set to 'remote', the
  # ruler will evaluate rules remotely. If unset, the ruler will evaluate rules
  # locally.
  # CLI flag: -ruler.evaluation.mode
  [mode: <string> | default = "local"]

  # Upper bound of random duration to wait before rule evaluation to avoid
  # contention during concurrent execution of rules. Jitter is calculated
  # consistently for a given rule. Set 0 to disable (default).
  # CLI flag: -ruler.evaluation.max-jitter
  [max_jitter: <duration> | default = 0s]

  query_frontend:
    # GRPC listen address of the query-frontend(s). Must be a DNS address
    # (prefixed with dns:///) to enable client side load balancing.
    # CLI flag: -ruler.evaluation.query-frontend.address
    [address: <string> | default = ""]

    # Set to true if query-frontend connection requires TLS.
    # CLI flag: -ruler.evaluation.query-frontend.tls-enabled
    [tls_enabled: <boolean> | default = false]

    # The TLS configuration.
    # The CLI flags prefix for this block configuration is:
    # ruler.evaluation.query-frontend
    [<tls_config>]

runtime_config

“runtime config” 模块的配置,负责重新加载运行时配置文件。

yaml
# How often to check runtime config files.
# CLI flag: -runtime-config.reload-period
[period: <duration> | default = 10s]

# Comma separated list of yaml files with the configuration that can be updated
# at runtime. Runtime config files will be merged from left to right.
# CLI flag: -runtime-config.file
[file: <string> | default = ""]

s3_storage_config

s3_storage_config 块配置与 Amazon S3 对象存储后端的连接。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage
  • ruler.storage

 

yaml
# S3 endpoint URL with escaped Key and Secret encoded. If only region is
# specified as a host, proper endpoint will be deduced. Use
# inmemory:///<bucket-name> to use a mock in-memory implementation.
# CLI flag: -<prefix>.s3.url
[s3: <url>]

# Set this to `true` to force the request to use path-style addressing.
# CLI flag: -<prefix>.s3.force-path-style
[s3forcepathstyle: <boolean> | default = false]

# Comma separated list of bucket names to evenly distribute chunks over.
# Overrides any buckets specified in s3.url flag
# CLI flag: -<prefix>.s3.buckets
[bucketnames: <string> | default = ""]

# S3 Endpoint to connect to.
# CLI flag: -<prefix>.s3.endpoint
[endpoint: <string> | default = ""]

# AWS region to use.
# CLI flag: -<prefix>.s3.region
[region: <string> | default = ""]

# AWS Access Key ID
# CLI flag: -<prefix>.s3.access-key-id
[access_key_id: <string> | default = ""]

# AWS Secret Access Key
# CLI flag: -<prefix>.s3.secret-access-key
[secret_access_key: <string> | default = ""]

# AWS Session Token
# CLI flag: -<prefix>.s3.session-token
[session_token: <string> | default = ""]

# Disable https on s3 connection.
# CLI flag: -<prefix>.s3.insecure
[insecure: <boolean> | default = false]

# Delimiter used to replace the default delimiter ':' in chunk IDs when storing
# chunks. This is mainly intended when you run a MinIO instance on a Windows
# machine. You should not change this value inflight.
# CLI flag: -<prefix>.s3.chunk-delimiter
[chunk_delimiter: <string> | default = ""]

http_config:
  # Timeout specifies a time limit for requests made by s3 Client.
  # CLI flag: -<prefix>.s3.http.timeout
  [timeout: <duration> | default = 0s]

  # The maximum amount of time an idle connection will be held open.
  # CLI flag: -<prefix>.s3.http.idle-conn-timeout
  [idle_conn_timeout: <duration> | default = 1m30s]

  # If non-zero, specifies the amount of time to wait for a server's response
  # headers after fully writing the request.
  # CLI flag: -<prefix>.s3.http.response-header-timeout
  [response_header_timeout: <duration> | default = 0s]

  # Set to true to skip verifying the certificate chain and hostname.
  # CLI flag: -<prefix>.s3.http.insecure-skip-verify
  [insecure_skip_verify: <boolean> | default = false]

  # Path to the trusted CA file that signed the SSL certificate of the S3
  # endpoint.
  # CLI flag: -<prefix>.s3.http.ca-file
  [ca_file: <string> | default = ""]

# The signature version to use for authenticating against S3. Supported values
# are: v4.
# CLI flag: -<prefix>.s3.signature-version
[signature_version: <string> | default = "v4"]

# The S3 storage class which objects will use. Supported values are: GLACIER,
# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS,
# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA.
# CLI flag: -<prefix>.s3.storage-class
[storage_class: <string> | default = "STANDARD"]

sse:
  # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
  # CLI flag: -<prefix>.s3.sse.type
  [type: <string> | default = ""]

  # KMS Key ID used to encrypt objects in S3
  # CLI flag: -<prefix>.s3.sse.kms-key-id
  [kms_key_id: <string> | default = ""]

  # KMS Encryption Context used for object encryption. It expects JSON formatted
  # string.
  # CLI flag: -<prefix>.s3.sse.kms-encryption-context
  [kms_encryption_context: <string> | default = ""]

# Configures back off when S3 get Object.
backoff_config:
  # Minimum backoff time when s3 get Object
  # CLI flag: -<prefix>.s3.min-backoff
  [min_period: <duration> | default = 100ms]

  # Maximum backoff time when s3 get Object
  # CLI flag: -<prefix>.s3.max-backoff
  [max_period: <duration> | default = 3s]

  # Maximum number of times to retry for s3 GetObject or ObjectExists
  # CLI flag: -<prefix>.s3.max-retries
  [max_retries: <int> | default = 5]

# Disable forcing S3 dualstack endpoint usage.
# CLI flag: -<prefix>.s3.disable-dualstack
[disable_dualstack: <boolean> | default = false]

schema_config

配置块索引模式及其存储位置。

yaml
[configs: <list of period_configs>]

server

配置启动模块的 server

yaml
# HTTP server listen network, default tcp
# CLI flag: -server.http-listen-network
[http_listen_network: <string> | default = "tcp"]

# HTTP server listen address.
# CLI flag: -server.http-listen-address
[http_listen_address: <string> | default = ""]

# HTTP server listen port.
# CLI flag: -server.http-listen-port
[http_listen_port: <int> | default = 3100]

# Maximum number of simultaneous http connections, <=0 to disable
# CLI flag: -server.http-conn-limit
[http_listen_conn_limit: <int> | default = 0]

# gRPC server listen network
# CLI flag: -server.grpc-listen-network
[grpc_listen_network: <string> | default = "tcp"]

# gRPC server listen address.
# CLI flag: -server.grpc-listen-address
[grpc_listen_address: <string> | default = ""]

# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
[grpc_listen_port: <int> | default = 9095]

# Maximum number of simultaneous grpc connections, <=0 to disable
# CLI flag: -server.grpc-conn-limit
[grpc_listen_conn_limit: <int> | default = 0]

# Enables PROXY protocol.
# CLI flag: -server.proxy-protocol-enabled
[proxy_protocol_enabled: <boolean> | default = false]

# Comma-separated list of cipher suites to use. If blank, the default Go cipher
# suites is used.
# CLI flag: -server.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]

# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11,
# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used.
# CLI flag: -server.tls-min-version
[tls_min_version: <string> | default = ""]

http_tls_config:
  # Server TLS certificate. This configuration parameter is YAML only.
  [cert: <string> | default = ""]

  # Server TLS key. This configuration parameter is YAML only.
  [key: <string> | default = ""]

  # Root certificate authority used to verify client certificates. This
  # configuration parameter is YAML only.
  [client_ca: <string> | default = ""]

  # HTTP server cert path.
  # CLI flag: -server.http-tls-cert-path
  [cert_file: <string> | default = ""]

  # HTTP server key path.
  # CLI flag: -server.http-tls-key-path
  [key_file: <string> | default = ""]

  # HTTP TLS Client Auth type.
  # CLI flag: -server.http-tls-client-auth
  [client_auth_type: <string> | default = ""]

  # HTTP TLS Client CA path.
  # CLI flag: -server.http-tls-ca-path
  [client_ca_file: <string> | default = ""]

grpc_tls_config:
  # Server TLS certificate. This configuration parameter is YAML only.
  [cert: <string> | default = ""]

  # Server TLS key. This configuration parameter is YAML only.
  [key: <string> | default = ""]

  # Root certificate authority used to verify client certificates. This
  # configuration parameter is YAML only.
  [client_ca: <string> | default = ""]

  # GRPC TLS server cert path.
  # CLI flag: -server.grpc-tls-cert-path
  [cert_file: <string> | default = ""]

  # GRPC TLS server key path.
  # CLI flag: -server.grpc-tls-key-path
  [key_file: <string> | default = ""]

  # GRPC TLS Client Auth type.
  # CLI flag: -server.grpc-tls-client-auth
  [client_auth_type: <string> | default = ""]

  # GRPC TLS Client CA path.
  # CLI flag: -server.grpc-tls-ca-path
  [client_ca_file: <string> | default = ""]

# Register the intrumentation handlers (/metrics etc).
# CLI flag: -server.register-instrumentation
[register_instrumentation: <boolean> | default = true]

# If set to true, gRPC statuses will be reported in instrumentation labels with
# their string representations. Otherwise, they will be reported as "error".
# CLI flag: -server.report-grpc-codes-in-instrumentation-label-enabled
[report_grpc_codes_in_instrumentation_label_enabled: <boolean> | default = false]

# Timeout for graceful shutdowns
# CLI flag: -server.graceful-shutdown-timeout
[graceful_shutdown_timeout: <duration> | default = 30s]

# Read timeout for entire HTTP request, including headers and body.
# CLI flag: -server.http-read-timeout
[http_server_read_timeout: <duration> | default = 30s]

# Read timeout for HTTP request headers. If set to 0, value of
# -server.http-read-timeout is used.
# CLI flag: -server.http-read-header-timeout
[http_server_read_header_timeout: <duration> | default = 0s]

# Write timeout for HTTP server
# CLI flag: -server.http-write-timeout
[http_server_write_timeout: <duration> | default = 30s]

# Idle timeout for HTTP server
# CLI flag: -server.http-idle-timeout
[http_server_idle_timeout: <duration> | default = 2m]

# Log closed connections that did not receive any response, most likely because
# client didn't send any request within timeout.
# CLI flag: -server.http-log-closed-connections-without-response-enabled
[http_log_closed_connections_without_response_enabled: <boolean> | default = false]

# Limit on the size of a gRPC message this server can receive (bytes).
# CLI flag: -server.grpc-max-recv-msg-size-bytes
[grpc_server_max_recv_msg_size: <int> | default = 4194304]

# Limit on the size of a gRPC message this server can send (bytes).
# CLI flag: -server.grpc-max-send-msg-size-bytes
[grpc_server_max_send_msg_size: <int> | default = 4194304]

# Limit on the number of concurrent streams for gRPC calls per client connection
# (0 = unlimited)
# CLI flag: -server.grpc-max-concurrent-streams
[grpc_server_max_concurrent_streams: <int> | default = 100]

# The duration after which an idle connection should be closed. Default:
# infinity
# CLI flag: -server.grpc.keepalive.max-connection-idle
[grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s]

# The duration for the maximum amount of time a connection may exist before it
# will be closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age
[grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s]

# An additive period after max-connection-age after which the connection will be
# forcibly closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age-grace
[grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s]

# Duration after which a keepalive probe is sent in case of no activity over the
# connection., Default: 2h
# CLI flag: -server.grpc.keepalive.time
[grpc_server_keepalive_time: <duration> | default = 2h]

# After having pinged for keepalive check, the duration after which an idle
# connection should be closed, Default: 20s
# CLI flag: -server.grpc.keepalive.timeout
[grpc_server_keepalive_timeout: <duration> | default = 20s]

# Minimum amount of time a client should wait before sending a keepalive ping.
# If client sends keepalive ping more often, server will send GOAWAY and close
# the connection.
# CLI flag: -server.grpc.keepalive.min-time-between-pings
[grpc_server_min_time_between_pings: <duration> | default = 10s]

# If true, server allows keepalive pings even when there are no active
# streams(RPCs). If false, and client sends ping when there are no active
# streams, server will send GOAWAY and close the connection.
# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed
[grpc_server_ping_without_stream_allowed: <boolean> | default = true]

# If non-zero, configures the amount of GRPC server workers used to serve the
# requests.
# CLI flag: -server.grpc.num-workers
[grpc_server_num_workers: <int> | default = 0]

# If true, the request_message_bytes, response_message_bytes, and
# inflight_requests metrics will be tracked. Enabling this option prevents the
# use of memory pools for parsing gRPC request bodies and may lead to more
# memory allocations.
# CLI flag: -server.grpc.stats-tracking-enabled
[grpc_server_stats_tracking_enabled: <boolean> | default = true]

# Deprecated option, has no effect and will be removed in a future version.
# CLI flag: -server.grpc.recv-buffer-pools-enabled
[grpc_server_recv_buffer_pools_enabled: <boolean> | default = false]

# Output log messages in the given format. Valid formats: [logfmt, json]
# CLI flag: -log.format
[log_format: <string> | default = "logfmt"]

# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
[log_level: <string> | default = "info"]

# Optionally log the source IPs.
# CLI flag: -server.log-source-ips-enabled
[log_source_ips_enabled: <boolean> | default = false]

# Log all source IPs instead of only the originating one. Only used if
# server.log-source-ips-enabled is true
# CLI flag: -server.log-source-ips-full
[log_source_ips_full: <boolean> | default = false]

# Header field storing the source IPs. Only used if
# server.log-source-ips-enabled is true. If not set the default Forwarded,
# X-Real-IP and X-Forwarded-For headers are used
# CLI flag: -server.log-source-ips-header
[log_source_ips_header: <string> | default = ""]

# Regex for matching the source IPs. Only used if server.log-source-ips-enabled
# is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For
# headers are used
# CLI flag: -server.log-source-ips-regex
[log_source_ips_regex: <string> | default = ""]

# Optionally log request headers.
# CLI flag: -server.log-request-headers
[log_request_headers: <boolean> | default = false]

# Optionally log requests at info level instead of debug level. Applies to
# request headers as well if server.log-request-headers is enabled.
# CLI flag: -server.log-request-at-info-level-enabled
[log_request_at_info_level_enabled: <boolean> | default = false]

# Comma separated list of headers to exclude from loggin. Only used if
# server.log-request-headers is true.
# CLI flag: -server.log-request-headers-exclude-list
[log_request_exclude_headers_list: <string> | default = ""]

# Base path to serve all API routes from (e.g. /v1/)
# CLI flag: -server.path-prefix
[http_path_prefix: <string> | default = ""]

cluster_validation:
  # Optionally define the cluster validation label.
  # CLI flag: -server.cluster-validation.label
  [label: <string> | default = ""]

  grpc:
    # When enabled, cluster label validation is executed: configured cluster
    # validation label is compared with the cluster validation label received
    # through the requests.
    # CLI flag: -server.cluster-validation.grpc.enabled
    [enabled: <boolean> | default = false]

    # When enabled, soft cluster label validation is executed. Can be enabled
    # only together with server.cluster-validation.grpc.enabled
    # CLI flag: -server.cluster-validation.grpc.soft-validation
    [soft_validation: <boolean> | default = false]

storage_config

storage_config 块配置索引和块的多种可能存储之一。应在 schema_config 块中定义要选择的配置。

yaml
# The alibabacloud_storage_config block configures the connection to Alibaba
# Cloud Storage object storage backend.
[alibabacloud: <alibabacloud_storage_config>]

# The aws_storage_config block configures the connection to dynamoDB and S3
# object storage. Either one of them or both can be configured.
[aws: <aws_storage_config>]

# The azure_storage_config block configures the connection to Azure object
# storage backend.
[azure: <azure_storage_config>]

# The bos_storage_config block configures the connection to Baidu Object Storage
# (BOS) object storage backend.
[bos: <bos_storage_config>]

# Deprecated: Configures storing indexes in Bigtable. Required fields only
# required when bigtable is defined in config.
bigtable:
  # Bigtable project ID.
  # CLI flag: -bigtable.project
  [project: <string> | default = ""]

  # Bigtable instance ID. Please refer to
  # https://cloud.google.com/docs/authentication/production for more information
  # about how to configure authentication.
  # CLI flag: -bigtable.instance
  [instance: <string> | default = ""]

  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is: bigtable
  [grpc_client_config: <grpc_client>]

  # If enabled, once a tables info is fetched, it is cached.
  # CLI flag: -bigtable.table-cache.enabled
  [table_cache_enabled: <boolean> | default = true]

  # Duration to cache tables before checking again.
  # CLI flag: -bigtable.table-cache.expiration
  [table_cache_expiration: <duration> | default = 30m]

# Configures storing chunks in GCS. Required fields only required when gcs is
# defined in config.
[gcs: <gcs_storage_config>]

# Deprecated: Configures storing chunks and/or the index in Cassandra.
cassandra:
  # Comma-separated hostnames or IPs of Cassandra instances.
  # CLI flag: -cassandra.addresses
  [addresses: <string> | default = ""]

  # Port that Cassandra is running on
  # CLI flag: -cassandra.port
  [port: <int> | default = 9042]

  # Keyspace to use in Cassandra.
  # CLI flag: -cassandra.keyspace
  [keyspace: <string> | default = ""]

  # Consistency level for Cassandra.
  # CLI flag: -cassandra.consistency
  [consistency: <string> | default = "QUORUM"]

  # Replication factor to use in Cassandra.
  # CLI flag: -cassandra.replication-factor
  [replication_factor: <int> | default = 3]

  # Instruct the cassandra driver to not attempt to get host info from the
  # system.peers table.
  # CLI flag: -cassandra.disable-initial-host-lookup
  [disable_initial_host_lookup: <boolean> | default = false]

  # Use SSL when connecting to cassandra instances.
  # CLI flag: -cassandra.ssl
  [SSL: <boolean> | default = false]

  # Require SSL certificate validation.
  # CLI flag: -cassandra.host-verification
  [host_verification: <boolean> | default = true]

  # Policy for selecting Cassandra host. Supported values are: round-robin,
  # token-aware.
  # CLI flag: -cassandra.host-selection-policy
  [host_selection_policy: <string> | default = "round-robin"]

  # Path to certificate file to verify the peer.
  # CLI flag: -cassandra.ca-path
  [CA_path: <string> | default = ""]

  # Path to certificate file used by TLS.
  # CLI flag: -cassandra.tls-cert-path
  [tls_cert_path: <string> | default = ""]

  # Path to private key file used by TLS.
  # CLI flag: -cassandra.tls-key-path
  [tls_key_path: <string> | default = ""]

  # Enable password authentication when connecting to cassandra.
  # CLI flag: -cassandra.auth
  [auth: <boolean> | default = false]

  # Username to use when connecting to cassandra.
  # CLI flag: -cassandra.username
  [username: <string> | default = ""]

  # Password to use when connecting to cassandra.
  # CLI flag: -cassandra.password
  [password: <string> | default = ""]

  # File containing password to use when connecting to cassandra.
  # CLI flag: -cassandra.password-file
  [password_file: <string> | default = ""]

  # If set, when authenticating with cassandra a custom authenticator will be
  # expected during the handshake. This flag can be set multiple times.
  # CLI flag: -cassandra.custom-authenticator
  [custom_authenticators: <list of strings> | default = []]

  # Timeout when connecting to cassandra.
  # CLI flag: -cassandra.timeout
  [timeout: <duration> | default = 2s]

  # Initial connection timeout, used during initial dial to server.
  # CLI flag: -cassandra.connect-timeout
  [connect_timeout: <duration> | default = 5s]

  # Interval to retry connecting to cassandra nodes marked as DOWN.
  # CLI flag: -cassandra.reconnent-interval
  [reconnect_interval: <duration> | default = 1s]

  # Number of retries to perform on a request. Set to 0 to disable retries.
  # CLI flag: -cassandra.max-retries
  [max_retries: <int> | default = 0]

  # Maximum time to wait before retrying a failed request.
  # CLI flag: -cassandra.retry-max-backoff
  [retry_max_backoff: <duration> | default = 10s]

  # Minimum time to wait before retrying a failed request.
  # CLI flag: -cassandra.retry-min-backoff
  [retry_min_backoff: <duration> | default = 100ms]

  # Limit number of concurrent queries to Cassandra. Set to 0 to disable the
  # limit.
  # CLI flag: -cassandra.query-concurrency
  [query_concurrency: <int> | default = 0]

  # Number of TCP connections per host.
  # CLI flag: -cassandra.num-connections
  [num_connections: <int> | default = 2]

  # Convict hosts of being down on failure.
  # CLI flag: -cassandra.convict-hosts-on-failure
  [convict_hosts_on_failure: <boolean> | default = true]

  # Table options used to create index or chunk tables. This value is used as
  # plain text in the table `WITH` like this, "CREATE TABLE
  # <generated_by_cortex> (...) WITH <cassandra.table-options>". For details,
  # see https://cortexmetrics.io/docs/production/cassandra. By default it will
  # use the default table options of your Cassandra cluster.
  # CLI flag: -cassandra.table-options
  [table_options: <string> | default = ""]

# Deprecated: Configures storing index in BoltDB. Required fields only required
# when boltdb is present in the configuration.
boltdb:
  # Location of BoltDB index files.
  # CLI flag: -boltdb.dir
  [directory: <string> | default = ""]

# Configures storing the chunks on the local file system. Required fields only
# required when filesystem is present in the configuration.
[filesystem: <local_storage_config>]

# The swift_storage_config block configures the connection to OpenStack Object
# Storage (Swift) object storage backend.
[swift: <swift_storage_config>]

# Deprecated:
grpc_store:
  # Hostname or IP of the gRPC store instance.
  # CLI flag: -grpc-store.server-address
  [server_address: <string> | default = ""]

hedging:
  # If set to a non-zero value a second request will be issued at the provided
  # duration. Default is 0 (disabled)
  # CLI flag: -store.hedge-requests-at
  [at: <duration> | default = 0s]

  # The maximum of hedge requests allowed.
  # CLI flag: -store.hedge-requests-up-to
  [up_to: <int> | default = 2]

  # The maximum of hedge requests allowed per seconds.
  # CLI flag: -store.hedge-max-per-second
  [max_per_second: <int> | default = 5]

# Configures additional object stores for a given storage provider.
# Supported stores: aws, azure, bos, filesystem, gcs, swift.
# Example:
# ```yaml
#     storage_config:
#       named_stores:
#         aws:
#           store-1:
#             endpoint: s3://foo-bucket
#             region: us-west1
# ```
# Named store from this example can be used by setting object_store to store-1
# in period_config.
[named_stores: <named_stores_config>]

# The cos_storage_config block configures the connection to IBM Cloud Object
# Storage (COS) backend.
[cos: <cos_storage_config>]

# Cache validity for active index entries. Should be no higher than
# -ingester.max-chunk-idle.
# CLI flag: -store.index-cache-validity
[index_cache_validity: <duration> | default = 5m]

congestion_control:
  # Use storage congestion control (default: disabled).
  # CLI flag: -store.congestion-control.enabled
  [enabled: <boolean> | default = false]

  controller:
    # Congestion control strategy to use (default: none, options: 'aimd').
    # CLI flag: -store.congestion-control.strategy
    [strategy: <string> | default = ""]

    aimd:
      # AIMD starting throughput window size: how many requests can be sent per
      # second (default: 2000).
      # CLI flag: -store.congestion-control.strategy.aimd.start
      [start: <int> | default = 2000]

      # AIMD maximum throughput window size: upper limit of requests sent per
      # second (default: 10000).
      # CLI flag: -store.congestion-control.strategy.aimd.upper-bound
      [upper_bound: <int> | default = 10000]

      # AIMD backoff factor when upstream service is throttled to decrease
      # number of requests sent per second (default: 0.5).
      # CLI flag: -store.congestion-control.strategy.aimd.backoff-factor
      [backoff_factor: <float> | default = 0.5]

  retry:
    # Congestion control retry strategy to use (default: none, options:
    # 'limited').
    # CLI flag: -store.congestion-control.retry.strategy
    [strategy: <string> | default = ""]

    # Maximum number of retries allowed.
    # CLI flag: -store.congestion-control.retry.strategy.limited.limit
    [limit: <int> | default = 2]

  hedging:
    config:
      [at: <duration>]

      [up_to: <int>]

      [max_per_second: <int>]

    # Congestion control hedge strategy to use (default: none, options:
    # 'limited').
    # CLI flag: -store.congestion-control.hedge.strategy
    [strategy: <string> | default = ""]

# Experimental. Sets a constant prefix for all keys inserted into object
# storage. Example: loki/
# CLI flag: -store.object-prefix
[object_prefix: <string> | default = ""]

# The cache_config block configures the cache backend for a specific Loki
# component.
# The CLI flags prefix for this block configuration is: store.index-cache-read
[index_queries_cache_config: <cache_config>]

# Disable broad index queries which results in reduced cache usage and faster
# query performance at the expense of somewhat higher QPS on the index store.
# CLI flag: -store.disable-broad-index-queries
[disable_broad_index_queries: <boolean> | default = false]

# Maximum number of parallel chunk reads.
# CLI flag: -store.max-parallel-get-chunk
[max_parallel_get_chunk: <int> | default = 150]

# Enables the use of thanos-io/objstore clients for connecting to object
# storage. When set to true, the configuration inside
# `storage_config.object_store` or `common.storage.object_store` block takes
# effect.
# CLI flag: -use-thanos-objstore
[use_thanos_objstore: <boolean> | default = false]

object_store:
  # The thanos_object_store_config block configures the connection to object
  # storage backend using thanos-io/objstore clients. This will become the
  # default way of configuring object store clients in future releases.
  # Currently this is opt-in and takes effect only when `-use-thanos-objstore`
  # is set to true.
  # The CLI flags prefix for this block configuration is: object-store
  [<thanos_object_store_config>]

  named_stores:
    [azure: <map of string to NamedAzureStorageConfig>]

    [filesystem: <map of string to NamedFilesystemStorageConfig>]

    [gcs: <map of string to NamedGCSStorageConfig>]

    [s3: <map of string to NamedS3StorageConfig>]

    [swift: <map of string to NamedSwiftStorageConfig>]

# The maximum number of chunks to fetch per batch.
# CLI flag: -store.max-chunk-batch-size
[max_chunk_batch_size: <int> | default = 50]

# Configures storing index in an Object Store
# (GCS/S3/Azure/Swift/COS/Filesystem) in the form of boltdb files. Required
# fields only required when boltdb-shipper is defined in config.
boltdb_shipper:
  # Directory where ingesters would write index files which would then be
  # uploaded by shipper to configured storage
  # CLI flag: -boltdb.shipper.active-index-directory
  [active_index_directory: <string> | default = ""]

  # Cache location for restoring index files from storage for queries
  # CLI flag: -boltdb.shipper.cache-location
  [cache_location: <string> | default = ""]

  # TTL for index files restored in cache for queries
  # CLI flag: -boltdb.shipper.cache-ttl
  [cache_ttl: <duration> | default = 24h]

  # Resync downloaded files with the storage
  # CLI flag: -boltdb.shipper.resync-interval
  [resync_interval: <duration> | default = 5m]

  # Number of days of common index to be kept downloaded for queries. For per
  # tenant index query readiness, use limits overrides config.
  # CLI flag: -boltdb.shipper.query-ready-num-days
  [query_ready_num_days: <int> | default = 0]

  index_gateway_client:
    # The grpc_client block configures the gRPC client used to communicate
    # between a client and server component in Loki.
    # The CLI flags prefix for this block configuration is:
    # boltdb.shipper.index-gateway-client.grpc
    [grpc_client_config: <grpc_client>]

    # Hostname or IP of the Index Gateway gRPC server running in simple mode.
    # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A
    # record with multiple IP's, a DNS SRV record with a followup A record
    # lookup, or a DNS SRV record without a followup A record lookup,
    # respectively.
    # CLI flag: -boltdb.shipper.index-gateway-client.server-address
    [server_address: <string> | default = ""]

    # Whether requests sent to the gateway should be logged or not.
    # CLI flag: -boltdb.shipper.index-gateway-client.log-gateway-requests
    [log_gateway_requests: <boolean> | default = false]

  [ingestername: <string> | default = ""]

  [mode: <string> | default = ""]

  [ingesterdbretainperiod: <duration>]

  # Build per tenant index files
  # CLI flag: -boltdb.shipper.build-per-tenant-index
  [build_per_tenant_index: <boolean> | default = false]

# Configures storing index in an Object Store
# (GCS/S3/Azure/Swift/COS/Filesystem) in a prometheus TSDB-like format. Required
# fields only required when TSDB is defined in config.
tsdb_shipper:
  # Directory where ingesters would write index files which would then be
  # uploaded by shipper to configured storage
  # CLI flag: -tsdb.shipper.active-index-directory
  [active_index_directory: <string> | default = ""]

  # Cache location for restoring index files from storage for queries
  # CLI flag: -tsdb.shipper.cache-location
  [cache_location: <string> | default = ""]

  # TTL for index files restored in cache for queries
  # CLI flag: -tsdb.shipper.cache-ttl
  [cache_ttl: <duration> | default = 24h]

  # Resync downloaded files with the storage
  # CLI flag: -tsdb.shipper.resync-interval
  [resync_interval: <duration> | default = 5m]

  # Number of days of common index to be kept downloaded for queries. For per
  # tenant index query readiness, use limits overrides config.
  # CLI flag: -tsdb.shipper.query-ready-num-days
  [query_ready_num_days: <int> | default = 0]

  index_gateway_client:
    # The grpc_client block configures the gRPC client used to communicate
    # between a client and server component in Loki.
    # The CLI flags prefix for this block configuration is:
    # tsdb.shipper.index-gateway-client.grpc
    [grpc_client_config: <grpc_client>]

    # Hostname or IP of the Index Gateway gRPC server running in simple mode.
    # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A
    # record with multiple IP's, a DNS SRV record with a followup A record
    # lookup, or a DNS SRV record without a followup A record lookup,
    # respectively.
    # CLI flag: -tsdb.shipper.index-gateway-client.server-address
    [server_address: <string> | default = ""]

    # Whether requests sent to the gateway should be logged or not.
    # CLI flag: -tsdb.shipper.index-gateway-client.log-gateway-requests
    [log_gateway_requests: <boolean> | default = false]

  [ingestername: <string> | default = ""]

  [mode: <string> | default = ""]

  [ingesterdbretainperiod: <duration>]

# Experimental: Configures the bloom shipper component, which contains the store
# abstraction to fetch bloom filters from and put them to object storage.
bloom_shipper:
  # Working directory to store downloaded bloom blocks. Supports multiple
  # directories, separated by comma.
  # CLI flag: -bloom.shipper.working-directory
  [working_directory: <string> | default = "/data/blooms"]

  # Maximum size of bloom pages that should be queried. Larger pages than this
  # limit are skipped when querying blooms to limit memory usage.
  # CLI flag: -bloom.max-query-page-size
  [max_query_page_size: <int> | default = 64MiB]

  # The amount of maximum concurrent bloom blocks downloads. Usually set to 2x
  # number of CPU cores.
  # CLI flag: -bloom.download-parallelism
  [download_parallelism: <int> | default = 8]

  blocks_cache:
    # Cache for bloom blocks. Soft limit of the cache in bytes. Exceeding this
    # limit will trigger evictions of least recently used items in the
    # background.
    # CLI flag: -bloom.blocks-cache.soft-limit
    [soft_limit: <int> | default = 32GiB]

    # Cache for bloom blocks. Hard limit of the cache in bytes. Exceeding this
    # limit will block execution until soft limit is deceeded.
    # CLI flag: -bloom.blocks-cache.hard-limit
    [hard_limit: <int> | default = 64GiB]

    # Cache for bloom blocks. The time to live for items in the cache before
    # they get purged.
    # CLI flag: -bloom.blocks-cache.ttl
    [ttl: <duration> | default = 24h]

  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is: bloom.metas-cache
  [metas_cache: <cache_config>]

  metas_lru_cache:
    # In-memory LRU cache for bloom metas. Whether embedded cache is enabled.
    # CLI flag: -bloom.metas-lru-cache.enabled
    [enabled: <boolean> | default = false]

    # In-memory LRU cache for bloom metas. Maximum memory size of the cache in
    # MB.
    # CLI flag: -bloom.metas-lru-cache.max-size-mb
    [max_size_mb: <int> | default = 100]

    # In-memory LRU cache for bloom metas. Maximum number of entries in the
    # cache.
    # CLI flag: -bloom.metas-lru-cache.max-size-items
    [max_size_items: <int> | default = 0]

    # In-memory LRU cache for bloom metas. The time to live for items in the
    # cache before they get purged.
    # CLI flag: -bloom.metas-lru-cache.ttl
    [ttl: <duration> | default = 1h]

swift_storage_config

swift_storage_config 块配置与 OpenStack Object Storage (Swift) 对象存储后端的连接。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage
  • ruler.storage

 

yaml
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -<prefix>.swift.auth-version
[auth_version: <int> | default = 0]

# OpenStack Swift authentication URL
# CLI flag: -<prefix>.swift.auth-url
[auth_url: <string> | default = ""]

# Set this to true to use the internal OpenStack Swift endpoint URL
# CLI flag: -<prefix>.swift.internal
[internal: <boolean> | default = false]

# OpenStack Swift username.
# CLI flag: -<prefix>.swift.username
[username: <string> | default = ""]

# OpenStack Swift user's domain name.
# CLI flag: -<prefix>.swift.user-domain-name
[user_domain_name: <string> | default = ""]

# OpenStack Swift user's domain ID.
# CLI flag: -<prefix>.swift.user-domain-id
[user_domain_id: <string> | default = ""]

# OpenStack Swift user ID.
# CLI flag: -<prefix>.swift.user-id
[user_id: <string> | default = ""]

# OpenStack Swift API key.
# CLI flag: -<prefix>.swift.password
[password: <string> | default = ""]

# OpenStack Swift user's domain ID.
# CLI flag: -<prefix>.swift.domain-id
[domain_id: <string> | default = ""]

# OpenStack Swift user's domain name.
# CLI flag: -<prefix>.swift.domain-name
[domain_name: <string> | default = ""]

# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -<prefix>.swift.project-id
[project_id: <string> | default = ""]

# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -<prefix>.swift.project-name
[project_name: <string> | default = ""]

# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs the from user domain.
# CLI flag: -<prefix>.swift.project-domain-id
[project_domain_id: <string> | default = ""]

# Name of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs from the user domain.
# CLI flag: -<prefix>.swift.project-domain-name
[project_domain_name: <string> | default = ""]

# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -<prefix>.swift.region-name
[region_name: <string> | default = ""]

# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -<prefix>.swift.container-name
[container_name: <string> | default = ""]

# Max retries on requests error.
# CLI flag: -<prefix>.swift.max-retries
[max_retries: <int> | default = 3]

# Time after which a connection attempt is aborted.
# CLI flag: -<prefix>.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]

# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no data
# is received on a request.
# CLI flag: -<prefix>.swift.request-timeout
[request_timeout: <duration> | default = 5s]

http:
  # Path to the CA certificates to validate server certificate against. If not
  # set, the host's root CA certificates are used.
  # CLI flag: -<prefix>.swift.http.tls-ca-path
  [tls_ca_path: <string> | default = ""]

table_manager

table_manager 块配置用于保留的表格管理器。

yaml
# If true, disable all changes to DB capacity
# CLI flag: -table-manager.throughput-updates-disabled
[throughput_updates_disabled: <boolean> | default = false]

# If true, enables retention deletes of DB tables
# CLI flag: -table-manager.retention-deletes-enabled
[retention_deletes_enabled: <boolean> | default = false]

# Tables older than this retention period are deleted. Must be either 0
# (disabled) or a multiple of 24h. When enabled, be aware this setting is
# destructive to data!
# CLI flag: -table-manager.retention-period
[retention_period: <duration> | default = 0s]

# How frequently to poll backend to learn our capacity.
# CLI flag: -table-manager.poll-interval
[poll_interval: <duration> | default = 2m]

# Periodic tables grace period (duration which table will be created/deleted
# before/after it's needed).
# CLI flag: -table-manager.periodic-table.grace-period
[creation_grace_period: <duration> | default = 10m]

index_tables_provisioning:
  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.index-table.enable-ondemand-throughput-mode
  [enable_ondemand_throughput_mode: <boolean> | default = false]

  # Table default write throughput. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.write-throughput
  [provisioned_write_throughput: <int> | default = 1000]

  # Table default read throughput. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.read-throughput
  [provisioned_read_throughput: <int> | default = 300]

  write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.write-throughput.scale.target-value
    [target: <float> | default = 80]

  read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.index-table.inactive-enable-ondemand-throughput-mode
  [enable_inactive_throughput_on_demand_mode: <boolean> | default = false]

  # Table write throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.inactive-write-throughput
  [inactive_write_throughput: <int> | default = 1]

  # Table read throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.inactive-read-throughput
  [inactive_read_throughput: <int> | default = 300]

  inactive_write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.target-value
    [target: <float> | default = 80]

  inactive_read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Number of last inactive tables to enable write autoscale.
  # CLI flag: -table-manager.index-table.inactive-write-throughput.scale-last-n
  [inactive_write_scale_lastn: <int> | default = 4]

  # Number of last inactive tables to enable read autoscale.
  # CLI flag: -table-manager.index-table.inactive-read-throughput.scale-last-n
  [inactive_read_scale_lastn: <int> | default = 4]

chunk_tables_provisioning:
  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.chunk-table.enable-ondemand-throughput-mode
  [enable_ondemand_throughput_mode: <boolean> | default = false]

  # Table default write throughput. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.write-throughput
  [provisioned_write_throughput: <int> | default = 1000]

  # Table default read throughput. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.read-throughput
  [provisioned_read_throughput: <int> | default = 300]

  write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.target-value
    [target: <float> | default = 80]

  read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.chunk-table.inactive-enable-ondemand-throughput-mode
  [enable_inactive_throughput_on_demand_mode: <boolean> | default = false]

  # Table write throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.inactive-write-throughput
  [inactive_write_throughput: <int> | default = 1]

  # Table read throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.inactive-read-throughput
  [inactive_read_throughput: <int> | default = 300]

  inactive_write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.target-value
    [target: <float> | default = 80]

  inactive_read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Number of last inactive tables to enable write autoscale.
  # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale-last-n
  [inactive_write_scale_lastn: <int> | default = 4]

  # Number of last inactive tables to enable read autoscale.
  # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale-last-n
  [inactive_read_scale_lastn: <int> | default = 4]

thanos_object_store_config

thanos_object_store_config 块配置使用 thanos-io/objstore 客户端连接到对象存储后端。这将成为未来版本中配置对象存储客户端的默认方式。目前这是可选加入的,并且仅在 -use-thanos-objstore 设置为 true 时生效。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • common.storage.object-store
  • object-store
  • ruler-storage

 

yaml
s3:
  # The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
  # https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
  # S3-compatible service in hostname:port format.
  # CLI flag: -<prefix>.s3.endpoint
  [endpoint: <string> | default = ""]

  # S3 region. If unset, the client will issue a S3 GetBucketLocation API call
  # to autodetect it.
  # CLI flag: -<prefix>.s3.region
  [region: <string> | default = ""]

  # S3 bucket name
  # CLI flag: -<prefix>.s3.bucket-name
  [bucket_name: <string> | default = ""]

  # S3 secret access key
  # CLI flag: -<prefix>.s3.secret-access-key
  [secret_access_key: <string> | default = ""]

  # S3 access key ID
  # CLI flag: -<prefix>.s3.access-key-id
  [access_key_id: <string> | default = ""]

  # S3 session token
  # CLI flag: -<prefix>.s3.session-token
  [session_token: <string> | default = ""]

  # If enabled, use http:// for the S3 endpoint instead of https://. This could
  # be useful in local dev/test environments while using an S3-compatible
  # backend storage, like Minio.
  # CLI flag: -<prefix>.s3.insecure
  [insecure: <boolean> | default = false]

  # Use a specific version of the S3 list object API. Supported values are v1 or
  # v2. Default is unset.
  # CLI flag: -<prefix>.s3.list-objects-version
  [list_objects_version: <string> | default = ""]

  # Bucket lookup style type, used to access bucket in S3-compatible service.
  # Default is auto. Supported values are: auto, path, virtual-hosted.
  # CLI flag: -<prefix>.s3.bucket-lookup-type
  [bucket_lookup_type: <int> | default = auto]

  # When enabled, direct all AWS S3 requests to the dual-stack IPv4/IPv6
  # endpoint for the configured region.
  # CLI flag: -<prefix>.s3.dualstack-enabled
  [dualstack_enabled: <boolean> | default = true]

  # The S3 storage class to use, not set by default. Details can be found at
  # https://aws.amazon.com/s3/storage-classes/. Supported values are: STANDARD,
  # REDUCED_REDUNDANCY, GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
  # DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE
  # CLI flag: -<prefix>.s3.storage-class
  [storage_class: <string> | default = ""]

  # If enabled, it will use the default authentication methods of the AWS SDK
  # for go based on known environment variables and known AWS config files.
  # CLI flag: -<prefix>.s3.native-aws-auth-enabled
  [native_aws_auth_enabled: <boolean> | default = false]

  # The minimum file size in bytes used for multipart uploads. If 0, the value
  # is optimally computed for each object.
  # CLI flag: -<prefix>.s3.part-size
  [part_size: <int> | default = 0]

  # If enabled, a Content-MD5 header is sent with S3 Put Object requests.
  # Consumes more resources to compute the MD5, but may improve compatibility
  # with object storage services that do not support checksums.
  # CLI flag: -<prefix>.s3.send-content-md5
  [send_content_md5: <boolean> | default = false]

  # Accessing S3 resources using temporary, secure credentials provided by AWS
  # Security Token Service.
  # CLI flag: -<prefix>.s3.sts-endpoint
  [sts_endpoint: <string> | default = ""]

  # The maximum number of retries for S3 requests that are retryable. Default is
  # 10, set this to 1 to disable retries.
  # CLI flag: -<prefix>.s3.max-retries
  [max_retries: <int> | default = 10]

  sse:
    # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
    # CLI flag: -<prefix>.s3.sse.type
    [type: <string> | default = ""]

    # KMS Key ID used to encrypt objects in S3
    # CLI flag: -<prefix>.s3.sse.kms-key-id
    [kms_key_id: <string> | default = ""]

    # KMS Encryption Context used for object encryption. It expects JSON
    # formatted string.
    # CLI flag: -<prefix>.s3.sse.kms-encryption-context
    [kms_encryption_context: <string> | default = ""]

  http:
    # The time an idle connection will remain idle before closing.
    # CLI flag: -<prefix>.s3.http.idle-conn-timeout
    [idle_conn_timeout: <duration> | default = 1m30s]

    # The amount of time the client will wait for a servers response headers.
    # CLI flag: -<prefix>.s3.http.response-header-timeout
    [response_header_timeout: <duration> | default = 2m]

    # If the client connects via HTTPS and this option is enabled, the client
    # will accept any certificate and hostname.
    # CLI flag: -<prefix>.s3.http.insecure-skip-verify
    [insecure_skip_verify: <boolean> | default = false]

    # Maximum time to wait for a TLS handshake. 0 means no limit.
    # CLI flag: -<prefix>.s3.tls-handshake-timeout
    [tls_handshake_timeout: <duration> | default = 10s]

    # The time to wait for a server's first response headers after fully writing
    # the request headers if the request has an Expect header. 0 to send the
    # request body immediately.
    # CLI flag: -<prefix>.s3.expect-continue-timeout
    [expect_continue_timeout: <duration> | default = 1s]

    # Maximum number of idle (keep-alive) connections across all hosts. 0 means
    # no limit.
    # CLI flag: -<prefix>.s3.max-idle-connections
    [max_idle_connections: <int> | default = 100]

    # Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
    # built-in default value is used.
    # CLI flag: -<prefix>.s3.max-idle-connections-per-host
    [max_idle_connections_per_host: <int> | default = 100]

    # Maximum number of connections per host. 0 means no limit.
    # CLI flag: -<prefix>.s3.max-connections-per-host
    [max_connections_per_host: <int> | default = 0]

    # Path to the CA certificates to validate server certificate against. If not
    # set, the host's root CA certificates are used.
    # CLI flag: -<prefix>.s3.http.tls-ca-path
    [tls_ca_path: <string> | default = ""]

    # Path to the client certificate, which will be used for authenticating with
    # the server. Also requires the key path to be configured.
    # CLI flag: -<prefix>.s3.http.tls-cert-path
    [tls_cert_path: <string> | default = ""]

    # Path to the key for the client certificate. Also requires the client
    # certificate to be configured.
    # CLI flag: -<prefix>.s3.http.tls-key-path
    [tls_key_path: <string> | default = ""]

    # Override the expected name on the server certificate.
    # CLI flag: -<prefix>.s3.http.tls-server-name
    [tls_server_name: <string> | default = ""]

  trace:
    # When enabled, low-level S3 HTTP operation information is logged at the
    # debug level.
    # CLI flag: -<prefix>.s3.trace.enabled
    [enabled: <boolean> | default = false]

gcs:
  # GCS bucket name
  # CLI flag: -<prefix>.gcs.bucket-name
  [bucket_name: <string> | default = ""]

  # JSON either from a Google Developers Console client_credentials.json file,
  # or a Google Developers service account key. Needs to be valid JSON, not a
  # filesystem path. If empty, fallback to Google default logic:
  # 1. A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS
  # environment variable. For workload identity federation, refer to
  # https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation
  # on how to generate the JSON configuration file for on-prem/non-Google cloud
  # platforms.
  # 2. A JSON file in a location known to the gcloud command-line tool:
  # $HOME/.config/gcloud/application_default_credentials.json.
  # 3. On Google Compute Engine it fetches credentials from the metadata server.
  # CLI flag: -<prefix>.gcs.service-account
  [service_account: <string> | default = ""]

  # The maximum size of the buffer that GCS client for a single PUT request. 0
  # to disable buffering.
  # CLI flag: -<prefix>.gcs.chunk-buffer-size
  [chunk_buffer_size: <int> | default = 0]

  # The maximum number of retries for idempotent operations. Overrides the
  # default gcs storage client behavior if this value is greater than 0. Set
  # this to 1 to disable retries.
  # CLI flag: -<prefix>.gcs.max-retries
  [max_retries: <int> | default = 10]

azure:
  # Azure storage account name
  # CLI flag: -<prefix>.azure.account-name
  [account_name: <string> | default = ""]

  # Azure storage account key. If unset, Azure managed identities will be used
  # for authentication instead.
  # CLI flag: -<prefix>.azure.account-key
  [account_key: <string> | default = ""]

  # If `connection-string` is set, the value of `endpoint-suffix` will not be
  # used. Use this method over `account-key` if you need to authenticate via a
  # SAS token. Or if you use the Azurite emulator.
  # CLI flag: -<prefix>.azure.connection-string
  [connection_string: <string> | default = ""]

  # Azure storage container name
  # CLI flag: -<prefix>.azure.container-name
  [container_name: <string> | default = ""]

  # Azure storage endpoint suffix without schema. The account name will be
  # prefixed to this value to create the FQDN. If set to empty string, default
  # endpoint suffix is used.
  # CLI flag: -<prefix>.azure.endpoint-suffix
  [endpoint_suffix: <string> | default = ""]

  # Number of retries for recoverable errors
  # CLI flag: -<prefix>.azure.max-retries
  [max_retries: <int> | default = 20]

  # User assigned managed identity. If empty, then System assigned identity is
  # used.
  # CLI flag: -<prefix>.azure.user-assigned-id
  [user_assigned_id: <string> | default = ""]

  # Delimiter used to replace ':' in chunk IDs when storing chunks
  # CLI flag: -<prefix>.azure.chunk-delimiter
  [chunk_delimiter: <string> | default = "-"]

swift:
  # OpenStack Swift application credential id
  # CLI flag: -<prefix>.swift.application-credential-id
  [application_credential_id: <string> | default = ""]

  # OpenStack Swift application credential name
  # CLI flag: -<prefix>.swift.application-credential-name
  [application_credential_name: <string> | default = ""]

  # OpenStack Swift application credential secret
  # CLI flag: -<prefix>.swift.application-credential-secret
  [application_credential_secret: <string> | default = ""]

  # OpenStack Swift authentication API version. 0 to autodetect.
  # CLI flag: -<prefix>.swift.auth-version
  [auth_version: <int> | default = 0]

  # OpenStack Swift authentication URL
  # CLI flag: -<prefix>.swift.auth-url
  [auth_url: <string> | default = ""]

  # OpenStack Swift username.
  # CLI flag: -<prefix>.swift.username
  [username: <string> | default = ""]

  # OpenStack Swift user's domain name.
  # CLI flag: -<prefix>.swift.user-domain-name
  [user_domain_name: <string> | default = ""]

  # OpenStack Swift user's domain ID.
  # CLI flag: -<prefix>.swift.user-domain-id
  [user_domain_id: <string> | default = ""]

  # OpenStack Swift user ID.
  # CLI flag: -<prefix>.swift.user-id
  [user_id: <string> | default = ""]

  # OpenStack Swift API key.
  # CLI flag: -<prefix>.swift.password
  [password: <string> | default = ""]

  # OpenStack Swift user's domain ID.
  # CLI flag: -<prefix>.swift.domain-id
  [domain_id: <string> | default = ""]

  # OpenStack Swift user's domain name.
  # CLI flag: -<prefix>.swift.domain-name
  [domain_name: <string> | default = ""]

  # OpenStack Swift project ID (v2,v3 auth only).
  # CLI flag: -<prefix>.swift.project-id
  [project_id: <string> | default = ""]

  # OpenStack Swift project name (v2,v3 auth only).
  # CLI flag: -<prefix>.swift.project-name
  [project_name: <string> | default = ""]

  # ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
  # differs the from user domain.
  # CLI flag: -<prefix>.swift.project-domain-id
  [project_domain_id: <string> | default = ""]

  # Name of the OpenStack Swift project's domain (v3 auth only), only needed if
  # it differs from the user domain.
  # CLI flag: -<prefix>.swift.project-domain-name
  [project_domain_name: <string> | default = ""]

  # OpenStack Swift Region to use (v2,v3 auth only).
  # CLI flag: -<prefix>.swift.region-name
  [region_name: <string> | default = ""]

  # Name of the OpenStack Swift container to put chunks in.
  # CLI flag: -<prefix>.swift.container-name
  [container_name: <string> | default = ""]

  # Max retries on requests error.
  # CLI flag: -<prefix>.swift.max-retries
  [max_retries: <int> | default = 3]

  # Time after which a connection attempt is aborted.
  # CLI flag: -<prefix>.swift.connect-timeout
  [connect_timeout: <duration> | default = 10s]

  # Time after which an idle request is aborted. The timeout watchdog is reset
  # each time some data is received, so the timeout triggers after X time no
  # data is received on a request.
  # CLI flag: -<prefix>.swift.request-timeout
  [request_timeout: <duration> | default = 5s]

  http:
    # The time an idle connection will remain idle before closing.
    # CLI flag: -<prefix>.swift.http.idle-conn-timeout
    [idle_conn_timeout: <duration> | default = 1m30s]

    # The amount of time the client will wait for a servers response headers.
    # CLI flag: -<prefix>.swift.http.response-header-timeout
    [response_header_timeout: <duration> | default = 2m]

    # If the client connects via HTTPS and this option is enabled, the client
    # will accept any certificate and hostname.
    # CLI flag: -<prefix>.swift.http.insecure-skip-verify
    [insecure_skip_verify: <boolean> | default = false]

    # Maximum time to wait for a TLS handshake. 0 means no limit.
    # CLI flag: -<prefix>.swift.tls-handshake-timeout
    [tls_handshake_timeout: <duration> | default = 10s]

    # The time to wait for a server's first response headers after fully writing
    # the request headers if the request has an Expect header. 0 to send the
    # request body immediately.
    # CLI flag: -<prefix>.swift.expect-continue-timeout
    [expect_continue_timeout: <duration> | default = 1s]

    # Maximum number of idle (keep-alive) connections across all hosts. 0 means
    # no limit.
    # CLI flag: -<prefix>.swift.max-idle-connections
    [max_idle_connections: <int> | default = 100]

    # Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
    # built-in default value is used.
    # CLI flag: -<prefix>.swift.max-idle-connections-per-host
    [max_idle_connections_per_host: <int> | default = 100]

    # Maximum number of connections per host. 0 means no limit.
    # CLI flag: -<prefix>.swift.max-connections-per-host
    [max_connections_per_host: <int> | default = 0]

    # Path to the CA certificates to validate server certificate against. If not
    # set, the host's root CA certificates are used.
    # CLI flag: -<prefix>.swift.http.tls-ca-path
    [tls_ca_path: <string> | default = ""]

    # Path to the client certificate, which will be used for authenticating with
    # the server. Also requires the key path to be configured.
    # CLI flag: -<prefix>.swift.http.tls-cert-path
    [tls_cert_path: <string> | default = ""]

    # Path to the key for the client certificate. Also requires the client
    # certificate to be configured.
    # CLI flag: -<prefix>.swift.http.tls-key-path
    [tls_key_path: <string> | default = ""]

    # Override the expected name on the server certificate.
    # CLI flag: -<prefix>.swift.http.tls-server-name
    [tls_server_name: <string> | default = ""]

filesystem:
  # Local filesystem storage directory.
  # CLI flag: -<prefix>.filesystem.dir
  [dir: <string> | default = ""]

alibaba:
  # Endpoint to connect to.
  # CLI flag: -<prefix>.oss.endpoint
  [endpoint: <string> | default = ""]

  # Name of OSS bucket.
  # CLI flag: -<prefix>.oss.bucketname
  [bucket: <string> | default = ""]

  # alibabacloud Access Key ID
  # CLI flag: -<prefix>.oss.access-key-id
  [access_key_id: <string> | default = ""]

  # alibabacloud Secret Access Key
  # CLI flag: -<prefix>.oss.access-key-secret
  [access_key_secret: <string> | default = ""]

bos:
  # Name of BOS bucket.
  # CLI flag: -<prefix>.bos.bucket
  [bucket: <string> | default = ""]

  # BOS endpoint to connect to.
  # CLI flag: -<prefix>.bos.endpoint
  [endpoint: <string> | default = ""]

  # Baidu Cloud Engine (BCE) Access Key ID.
  # CLI flag: -<prefix>.bos.access-key
  [access_key: <string> | default = ""]

  # Baidu Cloud Engine (BCE) Secret Access Key.
  # CLI flag: -<prefix>.bos.secret-key
  [secret_key: <string> | default = ""]

# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits, English alphabet letters and dashes.
# CLI flag: -<prefix>.storage-prefix
[storage_prefix: <string> | default = ""]

tls_config

TLS 配置。支持的用于引用此配置块的 CLI 标志 <prefix> 包括

  • bigtable
  • blockbuilder.scheduler-grpc-client
  • bloom-build.builder.grpc
  • bloom-gateway-client.grpc
  • bloom.metas-cache.memcached
  • boltdb.shipper.index-gateway-client.grpc
  • common.storage.ring.etcd
  • compactor.grpc-client
  • compactor.ring.etcd
  • distributor.ring.etcd
  • etcd
  • frontend.grpc-client-config
  • frontend.index-stats-results-cache.memcached
  • frontend.instant-metric-results-cache.memcached
  • frontend.label-results-cache.memcached
  • frontend.memcached
  • frontend.series-results-cache.memcached
  • frontend.tail-tls-config
  • frontend.volume-results-cache.memcached
  • index-gateway.ring.etcd
  • ingest-limits-frontend-client
  • ingest-limits-frontend.etcd
  • ingest-limits-frontend.limits-client
  • ingest-limits.etcd
  • ingester.client
  • ingester.partition-ring.etcd
  • memberlist
  • pattern-ingester.client
  • pattern-ingester.etcd
  • querier.frontend-client
  • querier.frontend-grpc-client
  • querier.scheduler-grpc-client
  • query-scheduler.grpc-client-config
  • query-scheduler.ring.etcd
  • reporting.tls-config
  • ruler.alertmanager-client
  • ruler.client
  • ruler.evaluation.query-frontend
  • ruler.ring.etcd
  • store.chunks-cache-l2.memcached
  • store.chunks-cache.memcached
  • store.index-cache-read.memcached
  • store.index-cache-write.memcached
  • tsdb.shipper.index-gateway-client.grpc

 

yaml
# Path to the client certificate, which will be used for authenticating with the
# server. Also requires the key path to be configured.
# CLI flag: -<prefix>.tls-cert-path
[tls_cert_path: <string> | default = ""]

# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -<prefix>.tls-key-path
[tls_key_path: <string> | default = ""]

# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -<prefix>.tls-ca-path
[tls_ca_path: <string> | default = ""]

# Override the expected name on the server certificate.
# CLI flag: -<prefix>.tls-server-name
[tls_server_name: <string> | default = ""]

# Skip validating server certificate.
# CLI flag: -<prefix>.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]

# Override the default cipher suite list (separated by commas). Allowed values:
# 
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
# 
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]

# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.tls-min-version
[tls_min_version: <string> | default = ""]

tracing

tracing 的配置。

yaml
# Set to false to disable tracing.
# CLI flag: -tracing.enabled
[enabled: <boolean> | default = true]

运行时配置文件

Loki 有一个“运行时配置”文件的概念,它只是一个在 Loki 运行时会被重新加载的文件。某些 Loki 组件使用它来允许操作员更改 Loki 配置的某些方面而无需重启。文件通过使用 -runtime-config.file=<filename> 标志指定,重新加载周期(默认为 10 秒)可以通过 -runtime-config.reload-period=<duration> 标志更改。以前,此机制仅用于限制覆盖,标志分别称为 -limits.per-user-override-config=<filename>-limits.per-user-override-period=10s。如果未指定 -runtime-config.file=<filename>,则仍使用这些标志。

目前,有两个组件使用运行时配置:限制和多 KV 存储。

运行时配置重新加载的选项也可以通过 YAML 进行配置

yaml
# Configuration file to periodically check and reload.
[file: <string>: default = empty]

# How often to check the file.
[period: <duration>: default 10s]

运行时配置文件示例

yaml
overrides:
  tenant1:
    ingestion_rate_mb: 10
    max_streams_per_user: 100000
    max_chunks_per_query: 100000
  tenant2:
    max_streams_per_user: 1000000
    max_chunks_per_query: 1000000

multi_kv_config:
    mirror-enabled: false
    primary: consul

接受乱序写入

从 Loki 开始以来,日志条目必须按时间顺序写入 Loki。此限制已被解除。乱序写入默认情况下全局启用,但可以在集群或每个租户的基础上禁用/启用。

  • 要对所有租户禁用乱序写入,请在 limits_config 部分放置

    yaml
    limits_config:
        unordered_writes: false
  • 要为特定租户禁用乱序写入,请配置运行时配置文件

    yaml
    runtime_config:
      file: overrides.yaml

    overrides.yaml 文件中,为允许进行乱序写入的每个租户添加 unordered_writes

    yaml
    overrides:
      "tenantA":
        unordered_writes: false

可接受的乱序日志条目最远可以追溯到多长时间,这可以通过 max_chunk_age 进行配置。max_chunk_age 默认为 2 小时。Loki 计算乱序条目可能存在的并被接受的最早时间:

yaml
time_of_most_recent_line - (max_chunk_age/2)

时间戳在此最早时间之后的日志条目被接受。时间更靠前的日志条目将返回乱序错误。

例如,如果 max_chunk_age 为 2 小时,并且流 {foo="bar"}8:00 有一个条目,则 Loki 将接受该流的最早数据时间为 7:00。如果在 10:00 写入了另一行日志,则 Loki 将接受该流的最早数据时间为 9:00