logging { level = "debug" format = "logfmt" } // ========================= // M�TRICAS WINDOWS -> PROMETHEUS // ========================= prometheus.exporter.windows "local" { enabled_collectors = [ "cpu", "memory", "logical_disk", "os", "net", "system", "process", "service", "logon", "update", ] } prometheus.scrape "windows_exporter" { targets = prometheus.exporter.windows.local.targets forward_to = [prometheus.remote_write.local_prometheus.receiver] job_name = "integrations/windows" scrape_interval = "30s" scrape_timeout = "25s" } prometheus.remote_write "local_prometheus" { endpoint { url = "https://prometheus.insidemicro.com/api/v1/write" } } // ========================= // LOGS WINDOWS -> LOKI // ========================= loki.write "local_loki" { endpoint { url = "https://loki.insidemicro.com/loki/api/v1/push" } } // ------------------------- // EVENT LOG: SYSTEM // ------------------------- loki.source.windowsevent "system" { eventlog_name = "System" locale = 0 poll_interval = "5s" use_incoming_timestamp = true bookmark_path = "C:/ProgramData/Alloy/bookmarks/system.xml" labels = { job = "windows-eventlog", computer = "constants.hostname", channel = "System", } forward_to = [loki.process.system.receiver] } loki.process "system" { forward_to = [loki.write.local_loki.receiver] stage.json { expressions = { message = "", computer = "", channel = "", event_id = "", level = "", source = "", } } stage.labels { values = { computer = "computer", channel = "channel", event_id = "event_id", level = "level", source = "source", } } } // ------------------------- // EVENT LOG: SECURITY // ------------------------- loki.source.windowsevent "security" { eventlog_name = "Security" locale = 0 poll_interval = "5s" use_incoming_timestamp = true bookmark_path = "C:/ProgramData/Alloy/bookmarks/security.xml" labels = { job = "windows-eventlog", computer = "constants.hostname", channel = "Security", } forward_to = [loki.process.security.receiver] } loki.process "security" { forward_to = [loki.write.local_loki.receiver] stage.json { expressions = { message = "", computer = "", channel = "", event_id = "", level = "", source = "", } } stage.labels { values = { computer = "computer", channel = "channel", event_id = "event_id", level = "level", source = "source", } } } loki.source.windowsevent "boot_perf" { eventlog_name = "Microsoft-Windows-Diagnostics-Performance/Operational" xpath_query = "*" use_incoming_timestamp = true poll_interval = "5s" bookmark_path = "C:/ProgramData/Alloy/bookmarks/boot_perf.xml" labels = { job = "windows_boot", computer = "constants.hostname", channel = "Microsoft-Windows-Diagnostics-Performance/Operational", } forward_to = [loki.process.boot_perf.receiver] } loki.process "boot_perf" { forward_to = [loki.write.local_loki.receiver] stage.json { expressions = { message = "", computer = "", channel = "", event_id = "", level = "", source = "", } } stage.labels { values = { computer = "computer", channel = "channel", event_id = "event_id", level = "level", source = "source", } } } // ------------------------- // EVENT LOG: WINDOWS UPDATE // NUEVO // ------------------------- loki.source.windowsevent "windows_update" { eventlog_name = "Microsoft-Windows-WindowsUpdateClient/Operational" xpath_query = "*" locale = 0 poll_interval = "5s" use_incoming_timestamp = true bookmark_path = "C:/ProgramData/Alloy/bookmarks/windows_update.xml" labels = { job = "windows-eventlog", computer = "constants.hostname", channel = "Microsoft-Windows-WindowsUpdateClient/Operational", } forward_to = [loki.process.windows_update.receiver] } loki.process "windows_update" { forward_to = [loki.write.local_loki.receiver] stage.json { expressions = { message = "", computer = "", channel = "", event_id = "", level = "", source = "", } } stage.labels { values = { computer = "computer", channel = "channel", event_id = "event_id", level = "level", source = "source", } } }