Promtail Agent

Overview

Promtail is an open source agent for receiving log data and forwarding that data using the Loki Push API. It has been replaced by Grafana Alloy but still remains popular for its simplicity in use and configuration.

Promtail supports receiving log data from a variety of sources, including files, the kernel log and Windows event log, Kubernetes, and more.

Promtail can ship logs to SparkLogs by sending data with the Loki Push API.

Unlike Loki, which requires low cardinality of labels for good cost and performance, SparkLogs is schemaless and allows unlimited fields and values, and does not bog down with high cardinality of labels.

1. Create agent and get config template

In the app, click the Configure sidebar button:

and then click the Agents tab.

As appropriate, create a new agent, or highlight an existing agent and click View API Key. In the dialog that shows the agent configuration template, click the Promtail tab and copy the configuration template.

2. Customize configuration

Copy the configuration template and customize it based on your needs. At a minimum, add additional inputs in the config as appropriate (e.g., for files, kernel logs, etc.).

Example Promtail configuration template

Make sure to get your configuration template from the app, as your ingestion endpoint can vary based on your provisioned region. This is an example of what it will look like:

clients:
  - url: https://ingest-<REGION>.engine.sparklogs.app:443/loki/api/v1/push
    headers:
      Authorization: "Bearer <AGENT-ID>:<AGENT-AUTH-TOKEN>"

# other configuration to scrape log data

3. Deploy Promtail agents

On each system that will ship data to SparkLogs for this agent, install the Promtail agent with the appropriate configuration.

Overview​

1. Create agent and get config template​

2. Customize configuration​

3. Deploy Promtail agents​

Overview

1. Create agent and get config template

2. Customize configuration

3. Deploy Promtail agents