title: loki.source.windowsevent

loki.source.windowsevent

loki.source.windowsevent reads events from Windows Event Logs and forwards them to other loki.* components.

Multiple loki.source.windowsevent components can be specified by giving them different labels.

Usage

loki.source.windowsevent "LABEL" {
  eventlog_name = EVENTLOG_NAME
  forward_to    = RECEIVER_LIST
}

Arguments

The component starts a new reader and fans out log entries to the list of receivers passed in forward_to.

loki.source.windowsevent supports the following arguments:

NOTE: eventlog_name is required if xpath_query does not specify the event log. You can define xpath_query in short or xml form. When using the XML form you can specify event_log in the xpath_query. If using short form, you must define eventlog_name.

Component health

loki.source.windowsevent is only reported as unhealthy if given an invalid configuration.

Example

This example collects log entries from the Event Log specified in eventlog_name and forwards them to a loki.write component so they are written to Loki.

loki.source.windowsevent "application"  {
    eventlog_name = "Application"
    forward_to = [loki.write.endpoint.receiver]
}

loki.write "endpoint" {
    endpoint {
        url ="loki:3100/api/v1/push"
    }
}