Hi, I am new to loki/Promtail, followed instructions to setup and run them, after googling for hours I was able to write 1st promtal config file with 3 job, 2 of them pointing to eventlog in windows, 1 for grafana log. Here is the config file
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: ./positions.yaml
clients:
- url: http://localhost:3100/loki/api/v1/push
scrape_configs:
- job_name: windows-application
static_configs:
- targets:
- localhost
windows_events:
eventlog_name: "Application"
labels:
logsource: windows-eventlog
use_incoming_timestamp: true
bookmark_path: "/tmp/bookmark-application.xml"
exclude_event_data: false
exclude_user_data: true
locale: 1033
- job_name: windows-system
static_configs:
- targets:
- localhost
windows_events:
eventlog_name: "System"
labels:
logsource: windows-eventlog
use_incoming_timestamp: true
bookmark_path: "/tmp/bookmark-system.xml"
exclude_event_data: false
exclude_user_data: true
locale: 1033
- job_name: grafana
static_configs:
- targets:
- localhost
labels:
job: grafana
__path__: E:\Grafana\grafana-9.3.2\data\log\*.log
I run promtail which seems succesful
In Grafana, I go to Explore, choose “Job”, I don’t see the 2 windows jobs, I only see grafana job
So what is going wrong here?
Thanks for your help
You created a label for each windows job named “logsource”. You should add another label to each windows job named job and give it a value like Windows-System for that job and windows-application for that job
Dear @headlessnetsman I did add the label job as follows
but still not seeing those labels in Grafana, I refreshed so many times, loggedout then logged in no way same thing
salam1
May 28, 2024, 11:03am
4
Hi @headlessnetsman , any feedback please?
This should work:
- job_name: windows-system
windows_events:
locale: 1033
use_incoming_timestamp: true
exclude_event_data: false
exclude_event_message: false
exclude_user_data: false
bookmark_path: ./bookmark_sys.xml
eventlog_name: "System"
xpath_query: '*'
labels:
logsource: windows-eventlog
job: windows-system
So many thanks, so it is working for windows-system job but not the windows-application job in spite of the fact they have the exact same config
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /positions.yaml
clients:
- url: http://localhost:3100/loki/api/v1/push
scrape_configs:
- job_name: windows-application
windows_events:
locale: 1033
use_incoming_timestamp: true
exclude_event_data: false
exclude_user_data: false
bookmark_path: "/tmp/bookmark-application.xml"
eventlog_name: "Application"
xpath_query: '*'
labels:
logsource: windows-eventlog
job: windows-application
- job_name: windows-system
windows_events:
locale: 1033
use_incoming_timestamp: true
exclude_event_data: false
exclude_user_data: false
bookmark_path: /bookmark_sys.xml
eventlog_name: "System"
xpath_query: '*'
labels:
logsource: windows-eventlog
job: windows-system
- job_name: grafana
static_configs:
- targets:
- localhost
labels:
job: grafana
__path__: E:\Grafana\grafana-9.3.2\data\log\*.log
