Hi, I am new to Grafana Alloy and have a design and best practices question.
We want to collect logs from various systems, such as Windows Event Logs and Linux journald logs.
In my test lab, I have configured a central Alloy instance that receives logs from Alloy agents installed on Windows and Linux systems. Later, we also plan to process logs from network devices (classic syslog).
The central Alloy instance should label, process, filter, and send the logs to different backends. One backend is Loki, and the other is Splunk.
I have attached a screenshot of my current test pipeline. I want to add some labels specific to Windows logs and Linux logs so that I can filter them later. (Left path is for linux and right path for windows)
However, I am wondering what happens to log lines that pass through both paths. For example, if I make a configuration mistake, will they be duplicated in loki.write.as_logsink_all
?
Would it be better to create multiple loki.source.api
endpoints with fixed label sets? Or should labels be added on the client side whenever possible?
Thanks!