Add loki.enrich component

[v-zhuravlev]

PR Description

This PR adds a new loki.enrich component that enriches Loki logs with labels from discovery.* components.
The component matches a label from incoming logs against a label from discovered targets, and copies specified labels from the matched target to the log entry.

Should solve #810 .

Features:

• Copy selected labels from matched targets to logs
• Support for any discovery component (file, DNS, HTTP, etc.)

Example use cases to ensure best logs-metrics correlation:

• Enrich Network devices syslog messages with device metadata(as labels) from IP address management (IPAM)/Data center infrastructure management(DCIM) like Netbox (https://github.com/FlxPeters/netbox-plugin-prometheus-sd). It could be same labels as used by prometheus.exporter.snmp or other metric scrapers.
• Ensure metrics and logs use same labelset (gathered from same discovery.* component) even if metrics are scraped from prometheus endpoints and logs are received via loki.source.api.

Notes to the Reviewer

• loki.enrich forwards logs unchanged if no match is found
• loki.enrich should work with any discovery.* component. Best combined with discovery.relabel to rename hidden labels if present.
• The integration test demonstrates:
  • Sample log pushed via HTTP API and then additional labels added using file-based discovery sample

PR Checklist

• CHANGELOG.md updated
• Documentation added
• Tests updated
• Config converters updated

[github-actions]

💻 Deploy preview deleted.

[v-zhuravlev]

Similar functionality, but not applicable to syslog as of now: https://grafana.com/docs/alloy/latest/reference/stdlib/array/#arraycombine_maps

[ptodev]

@v-zhuravlev thank you, this looks interesting! Could you please edit the description that this solves #810?

Btw we also have a similar component for traces - otelcol.processor.discovery.

[ptodev]

I wonder if we can think of a more descriptive name. target_labels could be labels that we got from the discovered targets just for matching but not for addition.

[v-zhuravlev]

how about labels_to_copy ?

[v-zhuravlev]

edited description.

[ptodev]

I like labels_to_copy! It's more descriptive.

[v-zhuravlev]

i'll change it then

[ptodev]

I think if the discovery component will just return an empty map if it hasn't discovered anything yet? Then loki.enrich would still not work for the first few seconds until the discovery starts working?

[v-zhuravlev]

hm, possibly. Is there any way to force discovery before component is initialized?

[ptodev]

I don't think so.

[ptodev]

loki.enrich sounds like a good name. Initially I thought there should be a reference to discovery or targets in the name, but I gave up on that thought because in theory the targets don't have to come from a discovery component.