Does Grafana alloy need seperate deployments to read logs from windows and linux nodes

chnikhitha99 · March 18, 2025, 3:43pm

I have an AKS cluster setup with 4 nodes (3 linux and one windows node). I deployed Alloy on linux nodes but it’s also reading logs from windows nodes. For this deployment i have daemonsets deployed on each of the linux nodes.

alloy:
  configMap:
    # -- Create a new ConfigMap for the config file.
    create: true
    # -- Content to assign to the new ConfigMap.  This is passed into `tpl` allowing for templating from values.
    content: |-
      logging {
        level  = "info"
        format = "logfmt"
      }

      discovery.kubernetes "kubernetes_pods" {
        role = "pod"
      }

      discovery.relabel "kubernetes_pods" {
        targets = discovery.kubernetes.kubernetes_pods.targets

        rule {
          source_labels = ["__meta_kubernetes_pod_controller_name"]
          regex         = "([0-9a-z-.]+?)(-[0-9a-f]{8,10})?"
          target_label  = "__tmp_controller_name"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name", "__meta_kubernetes_pod_label_app", "__tmp_controller_name", "__meta_kubernetes_pod_name"]
          regex         = "^;*([^;]+)(;.*)?$"
          target_label  = "app"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_instance", "__meta_kubernetes_pod_label_instance"]
          regex         = "^;*([^;]+)(;.*)?$"
          target_label  = "instance"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_component", "__meta_kubernetes_pod_label_component"]
          regex         = "^;*([^;]+)(;.*)?$"
          target_label  = "component"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_node_name"]
          target_label  = "node_name"
        }

        rule {
          source_labels = ["__meta_kubernetes_namespace"]
          target_label  = "namespace"
        }

        rule {
          source_labels = ["namespace", "app"]
          separator     = "/"
          target_label  = "job"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_name"]
          target_label  = "pod"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_container_name"]
          target_label  = "container"
        }

        rule {
          source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
          separator     = "/"
          target_label  = "__path__"
          replacement   = "/var/log/pods/*$1/*.log"
        }

      }

      local.file_match "kubernetes_pods" {
        path_targets = discovery.relabel.kubernetes_pods.output
      }

      loki.source.kubernetes "kubernetes_pods" {
        targets    = discovery.relabel.kubernetes_pods.output
        forward_to = [loki.process.process.receiver]
      }

      loki.process "process" {
        forward_to = [loki.write.loki.receiver]
      }

      loki.write "loki" {
        endpoint {
          url = "http://loki.loki.svc.cluster.local:3100/loki/api/v1/push"
        }
      }

This is my alloy configuration from helm values.yaml file.

I’m confused how are the windows pod logs accessible to alloy deployment on linux.

Topic		Replies	Views
Design, best practise for collecting data from different sources Grafana Alloy	2	62	January 31, 2025
Grafana Agent Operator not sending logs Grafana Alloy	0	712	February 2, 2023
Alloy clustering doubts Grafana Alloy	3	544	August 29, 2024
Grafana Alloy Podlogs location Grafana Alloy loki	0	67	September 10, 2024
Multi-tenant Daemonset Deployment Grafana Alloy	5	256	August 12, 2024

Does Grafana alloy need seperate deployments to read logs from windows and linux nodes

Related topics