Hi
I am currently testing Loki/Promtail in respect of collecting (mainly) windows server logs. I have the following promtail config:
server:
http_listen_port: 9080
positions:
filename: C:\promtail\positions.yaml
clients:
scrape_configs:
- job_name: windows
windows_events:
use_incoming_timestamp: false
bookmark_path: “./bookmark.xml”
eventlog_name: “System”
xpath_query: ‘*’
labels:
job: windows
relabel_configs:- source_labels: [‘computer’]
target_label: ‘host’
- source_labels: [‘computer’]
This is working and streams the System Event Log across to Loki
What I am wanting to do is stream only Warning or Critical Events to the logging service whether it be by Level or by Event ID. Does anyone know whether this can be done and if so how to accomplish this
Any help appreciated
Cheers
Marc