Issue with Grafana agent-config.yml for Windows VM

Grafana Loki
1

Hello,
I have read most of the documentation that is available for installing Grafana for Windows. My teams are using a Windows VM/VMSS infrastructure in Azure without Kubernetes. I have installed the Grafana agent and attempted to modify the agent-config.yml based upon forum messages and Grafana site documentation, and I am unable to send any logs to Loki. We did a curl command to check for connectivity, and that passed. I’m hoping to get more detailed help with the agent-config.yml. Below is the only .yml file that will allow me to start the Grafana Agent service, but it does not populate the positions directory or logs file, and nothing is sent to Loki.
agent-config.yml:

server:
  log_level: debug

prometheus:
  wal_directory: "C:\\ProgramData\\grafana-agent-wal"
  global:
    scrape_interval: 15s
    remote_write:
      - url: https://prometheus-prod-13...
        basic_auth:
          password: <password>
          username: <username>
  configs:
    - name: integrations
  integrations:
    windows_exporter:
      enabled: true
loki:
  positions_directory: "C:\\Users\\azureuser\\Logs"
  configs:
    - name: windows
      clients:
        - url: https://grafana-loki...
          tenant_id: 
          basic_auth:
            username: <username>
            password: <password>
        - job_name: windows
          windows_events:
            bookmark_path: "C:\\Users\\azureuser\\bookmark\\bookmark.xml"
            use_incoming_timestamp: true
            eventlog_name: "Application"
            xpath_query: '*'
            labels:
              job: windows
2

Facing similar issue in windows VM, try to get the Grafana Agent logs from Event Viewer.

3

@sandeepshajan21 I am working on logs now. I will post if I find a workable yml.

Metrics can be gotten using the following in the agent-config.yml:

integrations:
  prometheus_remote_write:
  - basic_auth:
      password: <password>
      username: <username>
    url: https://prometheus-prod URL
  windows_exporter:
    enabled: true
logs:
  configs:
  - clients:
    - basic_auth:
        password: <password>
        username: <username>
      url: https://loki URL
    name: integrations
    positions:
      filename: /tmp/positions.yaml
    scrape_configs:
    - job_name: integrations/windows-exporter-application
      pipeline_stages:
      - json:
          expressions:
            source: source
      - labels:
          source: 
      relabel_configs:
      - source_labels:
        - computer
        target_label: agent_hostname
      windows_events:
        bookmark_path: C:\Users\azureuser\AppData\Roaming\bookmark-application.xml
        eventlog_name: Application
        labels:
          job: integrations/windows_exporter
        use_incoming_timestamp: true
        xpath_query: '*'
    - job_name: integrations/windows-exporter-system
      pipeline_stages:
      - json:
          expressions:
            source: source
      - labels:
          source: 
      relabel_configs:
      - source_labels:
        - computer
        target_label: agent_hostname
      windows_events:
        bookmark_path: C:\Users\azureuser\AppData\Roaming\bookmark-system.xml
        eventlog_name: System
        labels:
          job: integrations/windows_exporter
        use_incoming_timestamp: true
        xpath_query: '*'
    target_config:
      sync_period: 10s
metrics:
  configs:
  - name: integrations
    remote_write:
    - basic_auth:
        password: <password>
        username: <username>
      url: https://prometheus-prod URL
  global:
    scrape_interval: 15s
  wal_directory: /tmp/grafana-agent-wal

There is a very good dashboard for metrics which requires the windows_exporter.msi here:
Windows Exporter Dashboard | Grafana Labs

1 Like
4

@sandeepshajan21
This is the basic Grafana agent-config for Grafana agent integration for Windows event logs if you also use the windows_exporter:

integrations:
  agent:
    enabled: true
    relabel_configs:
      - action: replace
        source_labels:
        - agent_hostname
        target_label: instance
  prometheus_remote_write:
  - basic_auth:
      password: <your_prom_pass>
      username: <your_prom_user>
    url: <your_prom_url>
logs:
  configs:
  - clients:
    - basic_auth:
        password: <your_loki_pass>
        username: <your_loki_user>
      url: <your_loki_url>
    name: integrations
    positions:
      filename: /tmp/positions.yaml
    scrape_configs:
    - job_name: integrations/agent
      windows_events:
        use_incoming_timestamp: true
        bookmark_path: "./bookmark-application.xml"
        eventlog_name: "Application"
        xpath_query: "*[System[Provider[@Name='Grafana Agent']]]"
        labels:
          job: integrations/agent
      relabel_configs:
        - source_labels: ['computer']
          target_label: 'instance'
        - replacement: grafana-agent.service
          target_label: unit
      pipeline_stages:
      - json:
          expressions:
            message: message
      - regex:
          expression: "(level=(?P<log_level>[\\s]*debug|warn|info|error))"
      - labels:
          level: log_level
      - output:
          source: message
metrics:
  configs:
  - name: agent
    host_filter: false
    scrape_configs:
    - job_name: metrics
      metrics_path: '/metrics'
      static_configs:
      - targets: ['localhost:9115']
    remote_write:
    - basic_auth:
        password: <your_prom_pass>
        username: <your_prom_user>
      url: <your_prom_url>
  - name: integrations
    remote_write:
    - basic_auth:
        password: <your_prom_pass>
        username: <your_prom_user>
      url: <your_prom_url>
    scrape_configs:
  global:
    scrape_interval: 60s
  wal_directory: /tmp/grafana-agent-wal
1 Like
5

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.