Menu
Open source
loki.source.windowsevent
loki.source.windowsevent reads events from Windows Event Logs and forwards them to other loki.* components.
Multiple loki.source.windowsevent components can be specified by giving them different labels.
Usage
loki.source.windowsevent "LABEL" {
eventlog_name = EVENTLOG_NAME
forward_to = RECEIVER_LIST
}Arguments
The component starts a new reader and fans out
log entries to the list of receivers passed in forward_to.
loki.source.windowsevent supports the following arguments:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
locale | number | Locale ID for event rendering. 0 default is Windows Locale. | 0 | no |
eventlog_name | string | Event log to read from. | See below. | |
xpath_query | string | Event log to read from. | "*" | See below. |
bookmark_path | string | Keeps position in event log. | "DATA_PATH/bookmark.xml" | no |
poll_interval | duration | How often to poll the event log. | "3s" | no |
exclude_event_data | bool | Exclude event data. | false | no |
exclude_user_data | bool | Exclude user data. | false | no |
exclude_event_message | bool | Exclude the human-friendly event message. | false | no |
use_incoming_timestamp | bool | When false, assigns the current timestamp to the log when it was processed. | false | no |
forward_to | list(LogsReceiver) | List of receivers to send log entries to. | yes | |
labels | map(string) | The labels to associate with incoming logs. | no |
Note
eventlog_nameis required ifxpath_querydoes not specify the event log. You can definexpath_queryin short or xml form. When using the XML form you can specifyevent_login thexpath_query. If using short form, you must defineeventlog_name.
Note
legacy_bookmark_pathis used to convert the Grafana Agent Static to a Alloy bookmark, ifbookmark_pathdoes not exist.
Component health
loki.source.windowsevent is only reported as unhealthy if given an invalid configuration.
Example
This example collects log entries from the Event Log specified in eventlog_name and
forwards them to a loki.write component so they are written to Loki.
loki.source.windowsevent "application" {
eventlog_name = "Application"
forward_to = [loki.write.endpoint.receiver]
}
loki.write "endpoint" {
endpoint {
url ="loki:3100/api/v1/push"
}
}Compatible components
loki.source.windowsevent can accept arguments from the following components:
- Components that export Loki
LogsReceiver
Note
Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.
Was this page helpful?
Related resources from Grafana Labs
GrafanaCON 2024 Keynote Recap
Catch up on GrafanaCON 2024 highlights! Explore Grafana 11 features, LGTM Stack innovations, and community achievements in this recap webinar.
Getting started with the Grafana LGTM Stack
In this webinar, we’ll demo how to get started using the LGTM Stack: Loki for logs, Grafana for visualization, Tempo for traces, and Mimir for metrics.
Getting started with Grafana dashboard design
In this webinar, you'll learn how to design stylish and easily accessible Grafana dashboards that tell a story.