server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /var/lib/promtail/positions.yaml

clients:
  - url: {{ loki_url }}/loki/api/v1/push
    tenant_id: home-infra
    batchwait: 1s
    batchsize: 1048576
    timeout: 10s

scrape_configs:
  # Syslog listener for network devices
  - job_name: syslog
    syslog:
      listen_address: 0.0.0.0:514
      listen_protocol: udp
      idle_timeout: 60s
      label_structured_data: true
      labels:
        job: syslog
        source: network-devices
    relabel_configs:
      - source_labels: ['__syslog_message_hostname']
        target_label: 'host'
      - source_labels: ['__syslog_message_severity']
        target_label: 'severity'
      - source_labels: ['__syslog_message_facility']
        target_label: 'facility'
      - source_labels: ['__syslog_message_app_name']
        target_label: 'app'
    pipeline_stages:
      - match:
          selector: '{job="syslog"}'
          stages:
            # Extract common patterns from network device logs
            - regex:
                expression: '(?P<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
            - labels:
                src_ip:

  # Local system journal (RPi logs)
  - job_name: journal
    journal:
      max_age: 12h
      labels:
        job: systemd-journal
        host: rpi
    relabel_configs:
      - source_labels: ['__journal__systemd_unit']
        target_label: 'unit'
      - source_labels: ['__journal_priority_keyword']
        target_label: 'severity'