diff --git a/6-1-loki-alerts/docker-compose.yml b/6-1-loki-alerts/docker-compose.yml
new file mode 100644
index 0000000..fc22423
--- /dev/null
+++ b/6-1-loki-alerts/docker-compose.yml
@@ -0,0 +1,21 @@
+version: "3.9"
+
+services:
+  grafana:
+    image: "grafana/grafana:8.4.2"
+    ports:
+      - "3000:3000"
+    volumes:
+      - ./provisioning:/etc/grafana/provisioning
+
+  loki:
+    image: "grafana/loki:2.4.2"
+    command: --config.file=/mnt/config/loki.yml
+    ports:
+      - "3100:3100"
+    volumes:
+      - ./loki.yml:/mnt/config/loki.yml
+      - ./rules.yml:/etc/loki/rules/fake/rules.yml
+
+volumes:
+  logs_dir:
\ No newline at end of file
diff --git a/6-1-loki-alerts/loki.yml b/6-1-loki-alerts/loki.yml
new file mode 100644
index 0000000..b9ecdc9
--- /dev/null
+++ b/6-1-loki-alerts/loki.yml
@@ -0,0 +1,38 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+  http_listen_address: 0.0.0.0
+
+ruler:
+  evaluation_interval: 10s
+  poll_interval: 10s
+  storage:
+    type: local
+    local:
+      directory: /etc/loki/rules
+  rule_path: /tmp/loki/rules-temp
+  enable_api: true
+  enable_alertmanager_v2: true
+
+schema_config:
+  configs:
+    - from: 2020-08-01
+      store: boltdb-shipper
+      object_store: filesystem
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+
+common:
+  path_prefix: /tmp/loki
+  storage:
+    filesystem:
+      chunks_directory: /tmp/loki/chunks
+      rules_directory: /tmp/loki/rules
+  replication_factor: 1
+  ring:
+    instance_addr: 127.0.0.1
+    kvstore:
+      store: inmemory
\ No newline at end of file
diff --git a/6-1-loki-alerts/promtail.yml b/6-1-loki-alerts/promtail.yml
new file mode 100644
index 0000000..b237340
--- /dev/null
+++ b/6-1-loki-alerts/promtail.yml
@@ -0,0 +1,11 @@
+clients:
+  - url: http://loki:3100/loki/api/v1/push
+
+scrape_configs:
+  - job_name: flog
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: flogs
+          __path__: /tmp/log/*.log
\ No newline at end of file
diff --git a/6-1-loki-alerts/provisioning/datasources/loki.yml b/6-1-loki-alerts/provisioning/datasources/loki.yml
new file mode 100644
index 0000000..fd2fc24
--- /dev/null
+++ b/6-1-loki-alerts/provisioning/datasources/loki.yml
@@ -0,0 +1,8 @@
+apiVersion: 1
+
+datasources:
+  - name: Loki
+    type: loki
+    url: http://loki:3100
+    isDefault: true
+    editable: true
diff --git a/6-1-loki-alerts/rules.yml b/6-1-loki-alerts/rules.yml
new file mode 100644
index 0000000..c1272ed
--- /dev/null
+++ b/6-1-loki-alerts/rules.yml
@@ -0,0 +1,10 @@
+groups:
+  - name: credentials_leak
+    rules:
+      - alert: http-credentials-leaked
+        annotations:
+          message: "{{ $labels.job }} is leaking http basic auth credentials."
+        expr: 'sum by (job) (count_over_time({job="myservice"} |~ "http(s?)://(\\w+):(\\w+)@" [5m]) > 0)'
+        for: 10s
+        labels:
+          severity: critical
\ No newline at end of file