From d8733939dab69faf6b995894baa3b6c714681bd1 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Sat, 4 Jan 2025 10:28:35 +0100
Subject: [PATCH] Add config.alloy

---
 config.alloy | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 config.alloy

diff --git a/config.alloy b/config.alloy
new file mode 100644
index 0000000..19528fd
--- /dev/null
+++ b/config.alloy
@@ -0,0 +1,90 @@
+loki.write "grafana_cloud_loki" {
+  endpoint {
+    url = "https://loki.tainton.uk/loki/api/v1/push"
+  }
+}
+
+loki.process "logs_integrations_windows_exporter" {
+  forward_to = [loki.write.grafana_cloud_loki.receiver]
+
+  stage.json {
+    expressions = {
+      level  = "levelText",
+      source = "source",
+    }
+  }
+
+  stage.labels {
+    values = {
+      level  = "",
+      source = "",
+    }
+  }
+  
+  stage.static_labels {
+    values {
+      service_name = "WindowsLogs",
+    }
+  }
+}
+
+loki.relabel "logs_integrations_windows_exporter" {
+  forward_to = [loki.process.logs_integrations_windows_exporter.receiver]
+
+  rule {
+    source_labels = ["computer"]
+    target_label  = "host"
+  }
+}
+
+loki.source.windowsevent "logs_integrations_windows_exporter_application" {
+  locale                 = 1033
+  eventlog_name          = "Application"
+  bookmark_path          = "./bookmarks-app.xml"
+  poll_interval          = "0s"
+  use_incoming_timestamp = true
+  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
+  labels                 = {
+    instance = constants.hostname,
+    job      = "integrations/windows_exporter",
+  }
+}
+
+loki.source.windowsevent "logs_integrations_windows_exporter_system" {
+  locale                 = 1033
+  eventlog_name          = "System"
+  bookmark_path          = "./bookmarks-sys.xml"
+  poll_interval          = "0s"
+  use_incoming_timestamp = true
+  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
+  labels                 = {
+    instance = constants.hostname,
+    job      = "integrations/windows_exporter",
+  }
+}
+
+loki.source.windowsevent "logs_integrations_windows_exporter_defender" {
+  locale                 = 1033
+  eventlog_name          = "Microsoft-Windows-Windows Defender/Operational"
+  bookmark_path          = "./bookmarks-defender.xml"
+  poll_interval          = "0s"
+  use_incoming_timestamp = true
+  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
+  labels                 = {
+    instance = constants.hostname,
+    job      = "integrations/windows_exporter",
+  }
+}
+
+loki.source.windowsevent "logs_integrations_windows_exporter_wifi" {
+  locale                 = 1033
+  eventlog_name          = "Microsoft-Windows-WLAN-AutoConfig/Operational"
+  bookmark_path          = "./bookmarks-wifi.xml"
+  poll_interval          = "0s"
+  use_incoming_timestamp = true
+  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
+  labels                 = {
+    instance = constants.hostname,
+    job      = "integrations/windows_exporter",
+  }
+}
\ No newline at end of file