Menu
Open source
loki.source.windowsevent
loki.source.windowsevent
reads events from Windows Event Logs and forwards them to other loki.*
components.
Multiple loki.source.windowsevent
components can be specified by giving them different labels.
Usage
alloy
loki.source.windowsevent "LABEL" {
eventlog_name = EVENTLOG_NAME
forward_to = RECEIVER_LIST
}
Arguments
The component starts a new reader and fans out
log entries to the list of receivers passed in forward_to
.
loki.source.windowsevent
supports the following arguments:
Name | Type | Description | Default | Required |
---|---|---|---|---|
locale | number | Locale ID for event rendering. 0 default is Windows Locale. | 0 | no |
eventlog_name | string | Event log to read from. | See below. | |
xpath_query | string | Event log to read from. | "*" | See below. |
bookmark_path | string | Keeps position in event log. | "DATA_PATH/bookmark.xml" | no |
poll_interval | duration | How often to poll the event log. | "3s" | no |
exclude_event_data | bool | Exclude event data. | false | no |
exclude_user_data | bool | Exclude user data. | false | no |
exclude_event_message | bool | Exclude the human-friendly event message. | false | no |
use_incoming_timestamp | bool | When false, assigns the current timestamp to the log when it was processed. | false | no |
forward_to | list(LogsReceiver) | List of receivers to send log entries to. | yes | |
labels | map(string) | The labels to associate with incoming logs. | no |
Note
eventlog_name
is required ifxpath_query
does not specify the event log. You can definexpath_query
in short or xml form. When using the XML form you can specifyevent_log
in thexpath_query
. If using short form, you must defineeventlog_name
.
Note
legacy_bookmark_path
is used to convert the Grafana Agent Static to a Alloy bookmark, ifbookmark_path
does not exist.
Component health
loki.source.windowsevent
is only reported as unhealthy if given an invalid configuration.
Example
This example collects log entries from the Event Log specified in eventlog_name
and
forwards them to a loki.write
component so they are written to Loki.
alloy
loki.source.windowsevent "application" {
eventlog_name = "Application"
forward_to = [loki.write.endpoint.receiver]
}
loki.write "endpoint" {
endpoint {
url ="loki:3100/api/v1/push"
}
}
Compatible components
loki.source.windowsevent
can accept arguments from the following components:
- Components that export Loki
LogsReceiver
Note
Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.
Was this page helpful?
Related resources from Grafana Labs
Additional helpful documentation, links, and articles:
Video
Building advanced Grafana dashboards
In this webinar, we’ll demo how to build and format Grafana dashboards.
Video
Intro to Alerting with Grafana
Master alerting with Grafana: Navigate the complexities, reduce false positives, and boost reliability for your systems.
Video
Intro to Kubernetes monitoring in Grafana Cloud
In this webinar you’ll learn how Grafana offers developers and SREs a simple and quick-to-value solution for monitoring their Kubernetes infrastructure.