Slide 7 of 10

Azure logs - Grafana Alloy

How it works

Azure logs Alloy architecture: Alloy queries Log Analytics and Blob Storage, pushes to Grafana Cloud Loki

Complexity: Flexible | Infrastructure: VM, ACI, or AKS | Latency: Configurable

Trade-offs

ProsCons
Query Log Analytics directlyDeploy and manage Alloy
Read from Storage Account blobsInfrastructure to maintain
Full processing pipelineKQL learning curve
Managed identity auth

When to use

  • Complex processing needs
  • Blob-stored logs
  • Combined metrics + logs collection

Documentation

View the full documentation. Learning path coming soon!

Azure Alloy logs

Script

For Azure logs with more flexibility, Alloy is again your answer.

And here’s something nice: if you already deployed Alloy for metrics collection, you can use that same deployment for logs. One agent, multiple jobs.

Alloy can query Azure Log Analytics Workspace directly using KQL, that’s Kusto Query Language, Azure’s log query syntax. So if you have logs already flowing to Log Analytics, Alloy can pull them from there.

Alloy can also read from Azure Blob Storage for logs that get archived there.

And Alloy’s processing pipeline lets you parse, filter, relabel, and enrich logs before they hit Loki. That’s way more sophisticated than what Azure Functions can do.

If you need complex log processing, if you’re collecting from multiple Azure sources, or if you want one unified collector for both metrics and logs, Alloy is the way to go.