redhat
prettier
+
k8s
+
+
swift
+
+
+
0b
+
ada
macos
clion
fiber
+
+
firebase
+
+
+
quarkus
--
d
scipy
ember
+
+
raspbian
+
jest
lua
+
+
eclipse
+
+
js
html
rails
rocket
+
+
sql
+
elm
+
+
django
prettier
+
+
lisp
!=
+
terraform
kotlin
+
+
+
+
koa
esbuild
qwik
+
โˆˆ
+
+
swift
+
dynamo
vercel
+
+
websocket
+
+
+
nomad
+
+
travis
+
json
+
+
+
+
+
Back to Blog
๐Ÿ“Š Grafana Loki Log Aggregation on AlmaLinux 9: Complete Guide
almalinux grafana-loki logging

๐Ÿ“Š Grafana Loki Log Aggregation on AlmaLinux 9: Complete Guide

Published Sep 6, 2025

Master centralized logging with Grafana Loki on AlmaLinux 9! Learn log aggregation, Promtail setup, Grafana integration, and powerful log queries with practical examples.

5 min read
0 views
Table of Contents

๐Ÿ“Š Grafana Loki Log Aggregation on AlmaLinux 9: Complete Guide

Welcome to the world of smart logging! ๐ŸŽ‰ Today weโ€™ll set up Grafana Loki on AlmaLinux 9, creating a powerful log aggregation system that makes finding needles in haystacks look easy! Letโ€™s dive in! ๐Ÿš€โœจ

๐Ÿค” Why is Grafana Loki Important?

Imagine Google for your logs! ๐Ÿ” Thatโ€™s Lokiโ€™s superpower! Hereโ€™s why itโ€™s revolutionary:

  • ๐Ÿš€ Lightning Fast - Search millions of logs in seconds!
  • ๐Ÿ’ฐ Cost Effective - Uses 10x less storage than traditional solutions
  • ๐Ÿ”„ Label-Based - Organize logs like Prometheus metrics
  • ๐Ÿ“Š Grafana Native - Beautiful dashboards for your logs
  • ๐ŸŽฏ Simple Queries - LogQL makes searching intuitive
  • ๐ŸŒ Scalable - From single server to massive clusters
  • ๐Ÿ’พ Efficient Storage - Only indexes metadata, not full text
  • ๐Ÿ”— Perfect Integration - Works seamlessly with Prometheus

๐ŸŽฏ What You Need

Before we start logging everything, gather these:

  • โœ… AlmaLinux 9 server (4GB RAM minimum, 8GB recommended)
  • โœ… Grafana installed (or weโ€™ll install it!)
  • โœ… 20GB+ free disk space for logs
  • โœ… Open ports 3100 (Loki) and 9080 (Promtail)
  • โœ… Root or sudo access
  • โœ… Basic command line knowledge
  • โœ… Applications to monitor
  • โœ… Enthusiasm for awesome logging! ๐ŸŽŠ

๐Ÿ“ Step 1: Install Loki on AlmaLinux 9

Letโ€™s install the log aggregation powerhouse! ๐Ÿ—๏ธ

Download and Install Loki

# Create Loki user and directories
sudo useradd --system --home /var/lib/loki --shell /bin/false loki
sudo mkdir -p /etc/loki /var/lib/loki
sudo chown -R loki:loki /var/lib/loki

# Download latest Loki binary
cd /tmp
curl -O -L "https://github.com/grafana/loki/releases/download/v2.9.4/loki-linux-amd64.zip"

# Extract and install
sudo dnf install -y unzip  # Install unzip if needed
unzip loki-linux-amd64.zip
sudo mv loki-linux-amd64 /usr/local/bin/loki
sudo chmod +x /usr/local/bin/loki

# Verify installation
loki --version  # Should show version info

Create Loki Configuration

# Create Loki config file
sudo tee /etc/loki/loki-config.yaml <<EOF
auth_enabled: false

server:
  http_listen_port: 3100
  grpc_listen_port: 9096

common:
  path_prefix: /var/lib/loki
  storage:
    filesystem:
      chunks_directory: /var/lib/loki/chunks
      rules_directory: /var/lib/loki/rules
  replication_factor: 1
  ring:
    instance_addr: 127.0.0.1
    kvstore:
      store: inmemory

schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v11
      index:
        prefix: index_
        period: 24h

ruler:
  alertmanager_url: http://localhost:9093

analytics:
  reporting_enabled: false
EOF

# Set permissions
sudo chown loki:loki /etc/loki/loki-config.yaml

Create Systemd Service

# Create Loki systemd service
sudo tee /etc/systemd/system/loki.service <<EOF
[Unit]
Description=Loki Log Aggregation System
After=network.target

[Service]
Type=simple
User=loki
Group=loki
ExecStart=/usr/local/bin/loki -config.file=/etc/loki/loki-config.yaml
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

# Reload systemd and start Loki
sudo systemctl daemon-reload
sudo systemctl enable --now loki

# Check if Loki is running
sudo systemctl status loki  # Should show active
curl http://localhost:3100/ready  # Should return "ready"

๐Ÿ”ง Step 2: Install Promtail (Log Collector)

Now letโ€™s set up Promtail to send logs to Loki! ๐Ÿ“จ

Download and Install Promtail

# Download Promtail binary
cd /tmp
curl -O -L "https://github.com/grafana/loki/releases/download/v2.9.4/promtail-linux-amd64.zip"

# Extract and install
unzip promtail-linux-amd64.zip
sudo mv promtail-linux-amd64 /usr/local/bin/promtail
sudo chmod +x /usr/local/bin/promtail

# Create directories
sudo mkdir -p /etc/promtail /var/lib/promtail

# Verify installation
promtail --version  # Should show version

Configure Promtail

# Create Promtail config
sudo tee /etc/promtail/promtail-config.yaml <<EOF
server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /var/lib/promtail/positions.yaml

clients:
  - url: http://localhost:3100/loki/api/v1/push

scrape_configs:
  # Scrape system logs
  - job_name: system
    static_configs:
    - targets:
        - localhost
      labels:
        job: varlogs
        __path__: /var/log/*.log
        host: almalinux9

  # Scrape journal logs
  - job_name: journal
    journal:
      json: false
      max_age: 12h
      labels:
        job: systemd-journal
    relabel_configs:
      - source_labels: ['__journal__systemd_unit']
        target_label: 'unit'
      - source_labels: ['__journal__hostname']
        target_label: 'hostname'

  # Scrape nginx logs
  - job_name: nginx
    static_configs:
    - targets:
        - localhost
      labels:
        job: nginx
        __path__: /var/log/nginx/*.log
        app: nginx

  # Scrape application logs
  - job_name: apps
    static_configs:
    - targets:
        - localhost
      labels:
        job: applications
        __path__: /var/log/apps/**/*.log
EOF

# Set permissions
sudo chown -R root:root /etc/promtail

Create Promtail Service

# Create systemd service for Promtail
sudo tee /etc/systemd/system/promtail.service <<EOF
[Unit]
Description=Promtail Log Collector
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/promtail -config.file=/etc/promtail/promtail-config.yaml
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

# Start Promtail
sudo systemctl daemon-reload
sudo systemctl enable --now promtail

# Verify Promtail is running
sudo systemctl status promtail  # Should be active
curl http://localhost:9080/ready  # Should return "ready"

๐ŸŒŸ Step 3: Install and Configure Grafana

Letโ€™s set up Grafana to visualize our logs! ๐ŸŽจ

Install Grafana

# Add Grafana repository
sudo tee /etc/yum.repos.d/grafana.repo <<EOF
[grafana]
name=grafana
baseurl=https://rpm.grafana.com
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://rpm.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

# Install Grafana
sudo dnf install -y grafana

# Start Grafana service
sudo systemctl enable --now grafana-server

# Check status
sudo systemctl status grafana-server  # Should be active

Configure Loki Data Source

# Access Grafana at http://YOUR_IP:3000
# Default login: admin/admin

# Add Loki data source via API
curl -X POST http://admin:admin@localhost:3000/api/datasources \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Loki",
    "type": "loki",
    "url": "http://localhost:3100",
    "access": "proxy",
    "isDefault": true
  }'

echo "โœจ Grafana is ready at http://YOUR_IP:3000"

โœ… Step 4: Configure Log Collection

Letโ€™s collect logs from various sources! ๐Ÿ“š

Configure Docker Logs

# Add Docker log collection to Promtail
sudo tee -a /etc/promtail/promtail-config.yaml <<EOF

  # Docker container logs
  - job_name: docker
    docker_sd_configs:
      - host: unix:///var/run/docker.sock
        refresh_interval: 5s
    relabel_configs:
      - source_labels: ['__meta_docker_container_name']
        regex: '/(.*)'
        target_label: 'container'
      - source_labels: ['__meta_docker_container_log_stream']
        target_label: 'stream'
EOF

# Restart Promtail
sudo systemctl restart promtail

Configure Kubernetes Logs

# For Kubernetes environments
sudo tee -a /etc/promtail/promtail-config.yaml <<EOF

  # Kubernetes pods logs
  - job_name: kubernetes-pods
    kubernetes_sd_configs:
      - role: pod
    relabel_configs:
      - source_labels: [__meta_kubernetes_pod_node_name]
        target_label: node
      - source_labels: [__meta_kubernetes_namespace]
        target_label: namespace
      - source_labels: [__meta_kubernetes_pod_name]
        target_label: pod
EOF

๐ŸŽฎ Quick Examples

Letโ€™s explore our logs with LogQL! ๐Ÿ”

Example 1: Basic Log Queries

# Send test logs
echo "Test log entry from AlmaLinux!" | sudo tee -a /var/log/test.log
logger "System test message"

# Query in Grafana Explore:
# {job="varlogs"}  # Show all var logs
# {job="systemd-journal"}  # Show journal logs
# {job="varlogs"} |= "error"  # Filter for errors
# {job="nginx"} |~ "404|500"  # Regex for status codes

Example 2: Create Log Dashboard

# Import this dashboard JSON in Grafana
{
  "dashboard": {
    "title": "Loki Logs Dashboard",
    "panels": [
      {
        "title": "Log Volume",
        "targets": [
          {
            "expr": "sum(rate({job=~\".+\"}[5m])) by (job)"
          }
        ]
      },
      {
        "title": "Error Logs",
        "targets": [
          {
            "expr": "{job=~\".+\"} |= \"error\" |= \"ERROR\""
          }
        ]
      },
      {
        "title": "Recent Logs",
        "targets": [
          {
            "expr": "{job=~\".+\"}"
          }
        ]
      }
    ]
  }
}

Example 3: Set Up Alerts

# Create alert rules in /var/lib/loki/rules/alerts.yaml
groups:
  - name: log_alerts
    rules:
      - alert: HighErrorRate
        expr: |
          sum(rate({job=~".+"} |= "error" [5m])) > 10
        for: 5m
        labels:
          severity: warning
        annotations:
          summary: High error rate detected
          
      - alert: DiskSpaceWarning
        expr: |
          {job="systemd-journal"} |= "No space left on device"
        for: 1m
        labels:
          severity: critical

๐Ÿšจ Fix Common Problems

Donโ€™t worry, weโ€™ve got solutions! ๐Ÿ’ช

Problem 1: Loki Not Starting

# Check logs for errors
sudo journalctl -u loki -f

# Common fix: permissions
sudo chown -R loki:loki /var/lib/loki
sudo chmod 755 /var/lib/loki

# Check disk space
df -h /var/lib/loki

# Restart with debug mode
sudo -u loki loki -config.file=/etc/loki/loki-config.yaml -log.level=debug

Problem 2: Promtail Not Sending Logs

# Check Promtail targets
curl http://localhost:9080/targets

# Verify connectivity to Loki
curl http://localhost:3100/ready

# Check Promtail logs
sudo journalctl -u promtail -f

# Test with manual push
echo '{"streams": [{"stream": {"job": "test"}, "values": [["'$(date +%s)'000000000", "test log"]]}]}' | \
  curl -X POST -H "Content-Type: application/json" \
  http://localhost:3100/loki/api/v1/push --data @-

Problem 3: No Logs in Grafana

# Verify Loki data source
curl http://localhost:3000/api/datasources

# Check Loki for stored logs
curl "http://localhost:3100/loki/api/v1/query_range?query={job=~\".+\"}"

# Test LogQL query
logcli --addr=http://localhost:3100 query '{job=~".+"}'

# Restart all services
sudo systemctl restart loki promtail grafana-server

๐Ÿ“‹ Simple Commands Summary

Your logging command toolkit! ๐Ÿ“š

CommandWhat It DoesWhen to Use
sudo systemctl start lokiStart Loki serviceInitial setup
sudo systemctl status promtailCheck Promtail statusTroubleshooting
curl http://localhost:3100/readyCheck Loki healthVerify running
curl http://localhost:9080/targetsList Promtail targetsCheck sources
logcli query '{job="nginx"}'Query logs via CLIQuick search
sudo journalctl -u loki -fView Loki logsDebug issues
grafana-cli plugins install grafana-loki-datasourceInstall pluginGrafana setup
promtail --dry-runTest configBefore starting
loki --versionCheck versionVerify install
sudo tail -f /var/log/loki.logWatch Loki logsMonitor activity

๐Ÿ’ก Tips for Success

Become a logging expert with these tips! ๐Ÿ†

Query Optimization

  • ๐ŸŽฏ Use specific labels to narrow searches
  • โšก Add time ranges to queries for speed
  • ๐Ÿ“Š Use aggregations for dashboards
  • ๐Ÿ” Learn LogQL operators for powerful searches
  • ๐Ÿ’พ Create recording rules for common queries

Storage Management

  • ๐Ÿ“ Configure retention policies appropriately
  • ๐Ÿ—œ๏ธ Enable compression for older chunks
  • ๐Ÿ”„ Set up automated cleanup jobs
  • ๐Ÿ’ฝ Monitor disk usage regularly
  • ๐ŸŒ Consider S3 for long-term storage

Best Practices

  • ๐Ÿท๏ธ Use consistent label naming
  • ๐Ÿ“ Add metadata labels for better filtering
  • ๐Ÿ”’ Secure Loki API with authentication
  • ๐Ÿ“ˆ Monitor Lokiโ€™s own metrics
  • ๐ŸŽจ Create separate dashboards per service
  • โš ๏ธ Set up alerting for critical patterns
  • ๐Ÿ”„ Regular backups of positions file

๐Ÿ† What You Learned

Fantastic work! Youโ€™re now a log master! ๐ŸŽ‰ You can:

  • โœ… Install Loki and Promtail on AlmaLinux 9
  • โœ… Configure log collection from multiple sources
  • โœ… Set up Grafana for log visualization
  • โœ… Write LogQL queries to search logs
  • โœ… Create dashboards and alerts
  • โœ… Troubleshoot common logging issues
  • โœ… Optimize log storage and queries
  • โœ… Build production-ready logging infrastructure

๐ŸŽฏ Why This Matters

Youโ€™ve built Google-like search for your logs! ๐Ÿš€ With Loki:

  • Instant Insights - Find problems in seconds, not hours
  • Cost Savings - 10x cheaper than traditional solutions
  • Unified Platform - Logs and metrics in one place
  • Scalable Solution - Grows with your infrastructure
  • Better Debugging - Correlate logs with metrics easily
  • Compliance Ready - Centralized audit logging
  • Team Efficiency - Everyone can search logs easily

Your logging infrastructure is now enterprise-grade! No more SSH-ing into servers to grep logs. Everything is searchable, visualized, and alertable from one central location.

Keep exploring advanced features like log sampling, cardinality management, and multi-tenancy. Youโ€™re now equipped to handle logs at any scale! ๐ŸŒŸ

Remember: Logs are your systemโ€™s story - Loki helps you read it! Happy logging! ๐ŸŽŠ๐Ÿ“Š


P.S. - Explore Lokiโ€™s ecosystem including logcli, lambda-promtail, and fluentd integration. Join the Grafana community and share your logging dashboards! โญ๐Ÿ™Œ