Add loki.enrich component

[v-zhuravlev]

PR Description

This PR adds a new loki.enrich component that enriches Loki logs with labels from discovery.* components.
The component matches a label from incoming logs against a label from discovered targets, and copies specified labels from the matched target to the log entry.

Should solve #810 and likely https://community.grafana.com/t/enrich-logs-with-alloy/128738.

Features:

• Copy selected labels from matched targets to logs
• Support for any discovery component (file, DNS, HTTP, etc.)

Example use cases to ensure best logs-metrics correlation:

• Enrich Network devices syslog messages with device metadata(as labels) from IP address management (IPAM)/Data center infrastructure management(DCIM) like Netbox (https://github.com/FlxPeters/netbox-plugin-prometheus-sd). It could be same labels as used by prometheus.exporter.snmp or other metric scrapers.
• Ensure metrics and logs use same labelset (gathered from same discovery.* component) even if metrics are scraped from prometheus endpoints and logs are received via loki.source.api.

Notes to the Reviewer

• loki.enrich forwards logs unchanged if no match is found
• loki.enrich should work with any discovery.* component. Best combined with discovery.relabel to rename hidden labels if present.
• The integration test demonstrates:
  • Sample log pushed via HTTP API and then additional labels added using file-based discovery sample

PR Checklist

• CHANGELOG.md updated
• Documentation added
• Tests updated
• Config converters updated

[github-actions]

💻 Deploy preview deleted.

[v-zhuravlev]

Similar functionality, but not applicable to syslog as of now: https://grafana.com/docs/alloy/latest/reference/stdlib/array/#arraycombine_maps

[ptodev]

@v-zhuravlev thank you, this looks interesting! Could you please edit the description that this solves #810?

Btw we also have a similar component for traces - otelcol.processor.discovery.

[ptodev]

I think if the discovery component will just return an empty map if it hasn't discovered anything yet? Then loki.enrich would still not work for the first few seconds until the discovery starts working?

[v-zhuravlev]

hm, possibly. Is there any way to force discovery before component is initialized?

[ptodev]

I don't think so.

[v-zhuravlev]

is it acceptable?

[ptodev]

otelcol.processor.k8sattributes has had a similar problem and they added an optional wait_for_metadata_timeout argument to work around it. You could add something similar, but it's not necessary. As long as this limitation is documented that's ok.

[v-zhuravlev]

thanks for providing this example! I think I add a note for now.

[ptodev]

loki.enrich sounds like a good name. Initially I thought there should be a reference to discovery or targets in the name, but I gave up on that thought because in theory the targets don't have to come from a discovery component.

[github-actions]

💻 Deploy preview deleted.

[clayton-cornell]

Some initial input to the docs

[clayton-cornell]

Docs are OK for this iteration. I'll wait until code review is complete for the Approve from docs.

[ptodev]

LGTM, just one minor docs coment.