Ingesting logs into Loki

Here is the standard Loki log processing flow that I use for my logs. The pipeline is comprised of the following stages: adding job label (so that I can query all logs ingested from files) add directory label (by obtaining the directory name from the filename label) packing the filename label into the log entry using the stage.pack stage (reducing cardinality of the labels, querying can be done by the directory label) adding hostname and agent_hostname labels to the logs (agent_hostname refers to the machine running the agent, hostname is obtained from the logs. Continue reading

Ingesting SCCM logs into Loki

System Center Configuration Manager (SCCM) is still in use in my lab, mostly as a means of deployment of applications and updates. Whilst I’m working on moving some of the functionality into Intune, SCCM will remain for forseeable future the update orchestrator for my server environment. SCCM logs seem to be standardized around two formats. Here are the examples of them: Service is up and running.~~ $$<SMS_REST_PROVIDER><01-26-2025 17:35:20.122+00><thread=13372 (0x343C)> <![LOG[Worker M365ADeploymentPlanWorker was triggered by timer. Continue reading