alloy-config/config.alloy

loki.write "grafana_cloud_loki" {
  endpoint {
    url = "https://loki.tainton.uk/loki/api/v1/push"
  }
}

loki.process "logs_integrations_windows_exporter" {
  forward_to = [loki.write.grafana_cloud_loki.receiver]

  stage.json {
    expressions = {
      level  = "levelText",
      source = "source",
    }
  }

  stage.labels {
    values = {
      level  = "",
      source = "",
    }
  }
  
  stage.static_labels {
    values = {
      service_name = "WindowsLogs",
    }
  }
}

loki.relabel "logs_integrations_windows_exporter" {
  forward_to = [loki.process.logs_integrations_windows_exporter.receiver]

  rule {
    source_labels = ["computer"]
    target_label  = "host"
  }
}

loki.source.windowsevent "logs_integrations_windows_exporter_application" {
  locale                 = 1033
  eventlog_name          = "Application"
  bookmark_path          = "./bookmarks-app.xml"
  poll_interval          = "0s"
  use_incoming_timestamp = true
  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
  labels                 = {
    instance = constants.hostname,
    job      = "integrations/windows_exporter",
  }
}

loki.source.windowsevent "logs_integrations_windows_exporter_system" {
  locale                 = 1033
  eventlog_name          = "System"
  bookmark_path          = "./bookmarks-sys.xml"
  poll_interval          = "0s"
  use_incoming_timestamp = true
  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
  labels                 = {
    instance = constants.hostname,
    job      = "integrations/windows_exporter",
  }
}

loki.source.windowsevent "logs_integrations_windows_exporter_defender" {
  locale                 = 1033
  eventlog_name          = "Microsoft-Windows-Windows Defender/Operational"
  bookmark_path          = "./bookmarks-defender.xml"
  poll_interval          = "0s"
  use_incoming_timestamp = true
  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
  labels                 = {
    instance = constants.hostname,
    job      = "integrations/windows_exporter",
  }
}

loki.source.windowsevent "logs_integrations_windows_exporter_wifi" {
  locale                 = 1033
  eventlog_name          = "Microsoft-Windows-WLAN-AutoConfig/Operational"
  bookmark_path          = "./bookmarks-wifi.xml"
  poll_interval          = "0s"
  use_incoming_timestamp = true
  forward_to             = [loki.relabel.logs_integrations_windows_exporter.receiver]
  labels                 = {
    instance = constants.hostname,
    job      = "integrations/windows_exporter",
  }
}