How do I prevent duplicate data from being sent?

hack3rcon · February 26, 2025, 2:31pm

Hello,
I have a PowerShell script that stores Windows Event Logs in the processed_logs.json file. This script runs as a service and creates the processed_logs.json file each time. The Alloy configuration is as follows:

loki.source.file "processed_logs" {
    targets = [
        { __path__ = "C:\\scripts\\processed_logs.json" },
    ]
    forward_to = [loki.write.default.receiver]
}

loki.write "default" {
    endpoint {
        url = "http://192.168.1.2:3100/loki/api/v1/push"
    }
    external_labels = {
        job = "windows-security",
        logsource = "windows-eventlog",
    }
}

Because each time the file is created by the script, Alloy sends the whole file again, so duplicate reports are sent to the server. What solution do you suggest to solve this problem?

Thank you.

yosiasz · February 26, 2025, 2:41pm

any reason you do not want to use loki.source.windowsevent

hack3rcon · February 27, 2025, 11:17am

Hello,
Thank you so much for your reply.

1- Because of this. I was unable to write a Loki query that would compare the handle ID for different IDs and extract the required information if the handle ID was the same.

2- If instead of creating the file each time, I just append new data to the end of the file, then will Grafana Alloy only send new data?

Topic		Replies	Views
Grafana Loki, Alloy and Windows Event Log Grafana Loki	0	50	February 9, 2025
Alloy locks the file and prevents it from being modified by other programs! Grafana Alloy	16	36	March 4, 2025
Transform JSON Windows Event Logs with Alloy Grafana Alloy loki , transformations , json , logs , alloy	7	809	August 16, 2024
Grafana Alloy for sending Windows Event Logs Ask AI	12	143	February 11, 2025
Which Event ID is sent? Grafana Alloy	0	10	February 11, 2025

How do I prevent duplicate data from being sent?

Related topics