Promtail - Windows Event Logs

1,083 views

Skip to first unread message

Justin Stark

unread,

Mar 18, 2021, 2:12:10 PM3/18/21

to lokiproject

Does the new Promtail Windows Event scraper allow for pipelines? I would like to rename/remove some event fields, but I have not be successful in my attempts.

Cyril Tovena

unread,

Mar 19, 2021, 4:19:51 AM3/19/21

to Justin Stark, lokiproject

yes here is an example:

scrape_configs:
- job_name: windows
  pipeline_stages:
  - regex:
      expr: "./*"
  - json:
      timestamp:
        source: time
        format: RFC3339
      labels:
        stream:
          source: json_key_name.json_sub_key_name
      output:
        source: log
  windows_events:
    use_incoming_timestamp: false
    bookmark_path: "./bookmark.xml"
    eventlog_name: "Application"
    xpath_query: '*'
    labels:
      job: windows
  relabel_configs:
    - source_labels: ['computer']
      target_label: 'host'

On Thu, Mar 18, 2021 at 7:12 PM Justin Stark <Justin...@stark-eng.com> wrote:

Does the new Promtail Windows Event scraper allow for pipelines? I would like to rename/remove some event fields, but I have not be successful in my attempts.

--
You received this message because you are subscribed to the Google Groups "lokiproject" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lokiproject...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lokiproject/c8e8a50a-ecc6-4466-a4d5-2917b38ddcd2n%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages