Vector Qryn Logs

I have been exploring expanding my observability stack for my home lab. In the past, I have worked with Loki and Grafana in the context of Kubernetes, but I didn’t want to dive into that once more. I recently came across an exciting new project called qryn, which describes itself as a polyglot observability framework. What caught my attention was its API compatibility with Loki and Prometheus. Operating a single system integrated with Grafana sounds appealing, so I set up a small test on my local machine.

Test setup

For this test, I chose to send system logs using Vector to the Loki compatible qryn API. The qryn docs send you to the loki docs to set vector up which didn’t work the first time, more on that latter.

The configuration I ended up using is as follows:

# /etc/vector/vector.toml
[sources.syslog]
type = "file"
include = ["/var/log/syslog"]

[transforms.parse_syslog]
type = "remap"
inputs = ["syslog"]
source = '''
. = parse_syslog!(string!(.message))
'''

[sinks.qryn]
type = "loki"
inputs = [ "parse_syslog" ]
endpoint = "http://local.loki:3100"
encoding.codec = "json"
labels = { host="local.nuc" }

This reads /var/log/syslog and sends a JSON to the qryn service.

Grafana setup

I didn’t do much besides add a filter for the host and pipe the log line to json

I like the information presented by the final Grafana Dashboard.

Final thoughts

Sending logs to qryn with vector is straightforward, although the vector documentation did not provide a fully functional example. I had to specify encoding.codec and labels before the configuration would validate and begin. The compatibility with Grafana seems excellent, and I haven’t encountered any issues.