Hello,
The Alloy configuration file looks like this:
loki.source.file "processed_logs" {
targets = [
{ __path__ = "C:\\scripts\\processed_logs.json" },
]
forward_to = [loki.write.default.receiver]
}
loki.write "default" {
endpoint {
url = "http://192.168.1.2:3100/loki/api/v1/push"
}
external_labels = {
job = "windows-security",
logsource = "windows-eventlog",
}
}
The contents of the processed_logs.json file are as follows:
[
{
"Date and Time": "Sat Feb 22 22:21:30 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:30 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions\\31163835_412945915.xml",
"Action Code": "44174418"
},
{
"Date and Time": "Sat Feb 22 22:21:30 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions",
"Action Code": "4417"
},
{
"Date and Time": "Sat Feb 22 22:21:29 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions\\31163835_412945915.xml",
"Action Code": "44174418"
},
{
"Date and Time": "Sat Feb 22 22:21:29 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions",
"Action Code": "4417"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "4417"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps\\$$_system32_21f9a9c4a2f8b514.cdf-ms",
"Action Code": "1537"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "4417"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps\\$$.cdf-ms",
"Action Code": "1537"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps",
"Action Code": "4417"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps\\_0000000000000000.cdf-ms",
"Action Code": "1537"
},
{
"Date and Time": "Sat Feb 22 22:21:27 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps\\$$_system32_21f9a9c4a2f8b514.cdf-ms",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:27 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps\\$$.cdf-ms",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:27 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\WinSxS\\FileMaps\\_0000000000000000.cdf-ms",
"Action Code": "1538"
},
{
"Date and Time": "Sat Feb 22 22:21:17 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions\\31163835_412945915.xml",
"Action Code": "44174418"
},
{
"Date and Time": "Sat Feb 22 22:14:19 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Sat Feb 22 22:03:16 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\Hello",
"Action Code": "1537"
},
{
"Date and Time": "Sat Feb 22 22:03:13 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Fri Feb 21 23:21:49 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Fri Feb 21 23:07:55 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 03:03:27 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\Hello-2",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 03:03:21 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 03:03:16 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New Text Document.txt",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 02:38:35 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 02:28:04 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 00:40:38 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\Hello",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 00:40:27 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 00:39:29 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\Jason",
"Action Code": "1537"
},
{
"Date and Time": "Tue Feb 18 00:39:12 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "1537"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions\\31163835_412945915.xml",
"Action Code": "Deleted"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions\\31163835_412945915.xml",
"Action Code": "Deleted"
},
{
"Date and Time": "Sat Feb 22 22:21:28 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "DESKTOP-1PNH21K$",
"File or Folder": "C:\\Windows\\servicing\\Sessions\\31163835_412945915.xml",
"Action Code": "Deleted"
},
{
"Date and Time": "Sat Feb 22 22:14:19 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Sat Feb 22 22:03:16 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Fri Feb 21 23:21:49 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Fri Feb 21 23:07:55 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Tue Feb 18 03:03:27 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Tue Feb 18 02:38:35 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Tue Feb 18 02:28:04 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Tue Feb 18 00:40:38 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
},
{
"Date and Time": "Tue Feb 18 00:39:29 2025",
"Hostname": "DESKTOP-1PNH21K",
"Username": "Grafana",
"File or Folder": "C:\\Users\\Grafana\\Desktop\\Test\\New folder",
"Action Code": "Deleted"
}
]
What is the problem with the configuration file? I did:
{job="windows-security"} | json
Output is:
Thank you.