Azure logs - Grafana Alloy

How it works

Complexity: Flexible | Infrastructure: VM, ACI, or AKS | Latency: Configurable

Trade-offs

Pros	Cons
Pull from Event Hub (Kafka)	Deploy and manage Alloy
Full processing pipeline	Infrastructure to maintain
Managed identity auth	Event Hub setup required
Combined metrics + logs

When to use

Complex processing needs
Event Hub log sources
Combined metrics + logs collection

Documentation

View the full documentation. Learning path coming soon!

Azure Alloy logs

For Azure logs with more flexibility, Alloy is again your answer.

And here’s something nice: if you already deployed Alloy for metrics collection, you can use that same deployment for logs. One agent, multiple jobs.

Here’s how it works: Azure Monitor streams log data to an Event Hubs namespace with a Kafka endpoint. Alloy pulls logs from that Event Hub using the Kafka protocol and forwards them to Loki.

Alloy’s processing pipeline lets you parse, filter, relabel, and enrich logs before they hit Loki. That’s way more sophisticated than what Azure Functions can do.

If you need complex log processing, if you’re collecting from multiple Azure sources, or if you want one unified collector for both metrics and logs, Alloy is the way to go.

Azure logs - Grafana Alloy

How it works

Trade-offs

When to use

Documentation

Script

In this module