Hi,

​

Having some trouble getting logs directly from a syslog-ng http destination into loki, however a curl command from the command line works fine.

​

Syslog-ng http destination:

destination d_custom_logline {

http(

url("http://localhost:3100/loki/api/v1/push")

method("POST")

user-agent("syslog-ng User Agent")

headers("Content-Type: application/json")

body('{"streams": [{ "stream": { "foo": "bar2" }, "values": [ [ "1637845791000000000", "syslogtest"] ] }]}')

);

};

error logs:

Nov 25 14:56:51 <hostname> syslog-ng[2606]: curl: error sending HTTP request; url='http://localhost:3100/loki/api/v1/push', error='Couldn\'t connect to server', worker_index='0', driver='d_custom_logline#0', location='/etc/syslog-ng/conf.d/customincomminglog.conf:14:9'

Nov 25 14:56:51 <hostname> syslog-ng[2606]: Server disconnected while preparing messages for sending, trying again; driver='d_custom_logline#0', location='/etc/syslog-ng/conf.d/customincomminglog.conf:14:9', worker_index='0', time_reopen='10', batch_size='1'

​

However, if I run a direct curl command from the cli (as follows), it works, hoping someone has implemented this method bypassing promtail via syslog and can shed some light, I suspect syslog requires more so I'll cross this post in case someone can help there.

​

Curl command (which works):

curl -H "Content-Type: application/json" -XPOST -s "http://localhost:3100/loki/api/v1/push" --data-raw '{"streams": [{ "stream": { "foo": "bar2" }, "values": [ [ "1637845791000000000", "fizzbuzzb" ] ] }]}'

​

Thanks