Add GeoIP && UA-Parser support for Grafana Loki

Related tags

Learning resource loki-enhance-middleware
Overview

loki-enhance-middleware

typescript Test Suite

loki-enhance-middleware hijacks log push requests sent to loki and modifies it.

Deploy

docker-compose.yaml

services:
  loki:
    image: grafana/loki:2.6.1
    restart: always
    expose:
      - "3100"
    # ...

  enhance_middleware:
      image: nihiue/loki_enhance_middleware:latest
      restart: always

      environment:
        - LOKI_HOST=http://loki:3100
        - WORKER_COUNT=1
        - PORT=3100

      expose:
        - 3100

Config LogAgent

LogAgent needs to:

  • Send requests to middleware
  • Add placeholder to log line for middle to process, see Module - Geo IP for example

promtail-config.yaml

clients:
  - url: http://enhance_middleware:3100/loki/api/v1/push

Module - Geo IP

Injects GeoIP info for any log source

Powered by maxmind and maxmind-npm

GeoIP

promtail-config.yaml

scrape_configs:
  - job_name: caddy
    pipeline_stages:
      - json:
          expressions:
            level:
            status:
            host: request.host
            method: request.method
            url: request.uri
            remote_addr: request.remote_addr

      - labels:
          level:
          status:
          method:

      - template:
          source: output_msg
          template: 'url="{{ .url }}" host="{{ .host }}" GeoIP_Source="{{.remote_addr }}"'

      - output:
          source: output_msg

GeoIP_Source="[IP]" is the placeholder, and it will be replaced by geo-ip fileds.

Log line

foo=bar GeoIP_Source="22.22.22.22" abc=xyz

Result

foo=bar geo_ip_asn="HostSlick" geo_ip_continent="North America" geo_ip_city="Ashburn" geo_ip_city_geoname_id="4744870" geo_ip_country="United States" geo_ip_country_geoname_id="6252001" geo_ip_country_iso_code="US" geo_ip_latitude="39.018" geo_ip_longitude="-77.539" abc=xyz

Module - UserAgent Detect

Parse user_agent field to structure data.

Powered by device-detector-js

UA

Placeholder: Device_UA_Source="[UA]"

Log line - Normal

Device_UA_Source="Mozilla/5.0 (Linux; Android 11; Pixel 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.91 Mobile Safari/537.36"

Result

ua_client="Chrome Mobile;90.0" ua_device="Google;Pixel 5" ua_os="Android;11.0"

Log line - Search Engine Bot

Device_UA_Source="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

Result

ua_bot="Googlebot"
You might also like...

Query for CSS brower support data, combined from caniuse and MDN, including version support started and global support percentages.

css-browser-support Query for CSS browser support data, combined from caniuse and MDN, including version support started and global support percentage

Nov 2, 2022

A WASM shell parser and formatter with bash support, based on mvdan/sh

sh-syntax A WASM shell parser and formatter with bash support, based on mvdan/sh TOC Usage Install API Changelog License Usage Install # yarn yarn add

Jan 1, 2023

A querystring parser with nesting support

A querystring parser with nesting support

qs A querystring parsing and stringifying library with some added security. Lead Maintainer: Jordan Harband The qs module was originally created and m

Jan 4, 2023

A website for tracking community support for BIP21 QR codes that support on-chain and lightning bitcoin payments.

BIP21 Microsite This is a WIP microsite to promote the usage of a BIP21 payment URI QR code that can include lightning invoices or offers. Wallet supp

Nov 27, 2022

Persistent key/value data storage for your Browser and/or PWA, promisified, including file support and service worker support, all with IndexedDB. Perfectly suitable for your next (PWA) app.

Persistent key/value data storage for your Browser and/or PWA, promisified, including file support and service worker support, all with IndexedDB. Perfectly suitable for your next (PWA) app.

BrowstorJS 🚀 💾 🔒 Persistent key/value data storage for your Browser and/or PWA, promisified, including file support and service worker support, all

Aug 5, 2022

Live port of Lark's standalone parser to Javascript

Lark.js Generate LALR(1) parsers in Javascript Lark is a popular parsing toolkit for Python. This project is a live port of the Lark standalone parser

Nov 19, 2022

This is a test parser which can automatically parse the tests in from websites like codeforces, codechef, atcoder etc.

This is a test parser which can automatically parse the tests in from websites like codeforces, codechef, atcoder etc.

✔ Sublime test parser This is a test parser which can automatically parse the tests in from websites like codeforces, codechef, atcoder etc. See how i

Aug 6, 2022

A markdown parser and compiler. Built for speed.

Marked ⚡ built for speed ⬇️ low-level compiler for parsing markdown without caching or blocking for long periods of time ⚖️ light-weight while impleme

Jan 7, 2023

A lightweight Adobe Photoshop .psd/.psb file parser in typescript with zero-dependency for WebBrowser and NodeJS

@webtoon/psd A lightweight Adobe Photoshop .psd/.psb file parser in typescript with zero-dependency for WebBrowser and NodeJS Browser Support Chrome F

Jan 1, 2023
Comments
  • Support Basic auth

    Support Basic auth

    I am not entirely sure, but it seems like this middleware will not pass on the basic auth, meaning you cannot use it if you have authentication enabled for pushing logs to loki.

    Could it make sense to ensure that if basic auth is in the request, then it will be passed along?

    opened by mortenbirkelund 0
Owner
WangLei
less is more
WangLei
GitHub
Yara Station- Managment portal for LoKi scanner

Yara station is a management portal for Neo23x0-Loki. The mission is to transform the standalone nature of the Loki scanner into a centralized management solution that facilitates result investigation and easier scanning capabilities.

null 28 Dec 20, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
Json-parser - A parser for json-objects without dependencies

Json Parser This is a experimental tool that I create for educational purposes, it's based in the jq works With this tool you can parse json-like stri

Gabriel Guerra 1 Jan 3, 2022
RSS/Atom data source plugin for @grafana.

RSS/Atom data source plugin for Grafana Introduction The RSS/Atom data source is a plugin for Grafana that retrieves RSS/Atom feeds and allows to visu

Volkov Labs 9 Jan 2, 2023
Displays environment variables on your Grafana dashboards

Displays environment variables on your Grafana dashboards Introduction The Environment data source is a plugin for Grafana that returns environment va

Volkov Labs 7 Dec 26, 2022
The Trino datasource allows to query and visualize Trino data from within Grafana.

Trino Grafana Data Source Plugin The Trino datasource allows to query and visualize Trino data from within Grafana. Getting started Drop this into Gra

Starburst 13 Nov 3, 2022
Data Manipulation Form panel plugin for @grafana.

Data Manipulation Form panel plugin for Grafana Introduction The Data Manipulation Form Panel is a plugin for Grafana that can be used to insert, upda

Volkov Labs 25 Dec 28, 2022
Balena Application plugin for @grafana.

Balena Application plugin for Grafana Introduction The Balena Application plugin for Grafana allows to display device information and manage services

Volkov Labs 15 Jan 2, 2023
Apache ECharts Panel plugin for Grafana

Apache ECharts Panel plugin for Grafana Introduction The ECharts Panel is a plugin for Grafana that allows to visualize Apache ECharts on your Grafana

Volkov Labs 36 Dec 23, 2022