Loki patterns and windows systemevents

fatcharly · January 24, 2022, 4:28pm

Hi,
I’m using grafana 8.3.3 on a CentOS 8 with a loki version 2.4.1 and a promtail version 2.4.1 on linux and fluent-bit on Windows-Server and it works quite nice. But when I try to query the windows system event from the loki with patterns, I’m running into a problem.When I try this query:
{job=“ServernameS62”} | pattern "<_>":<_>,"<_>":"<_>","<_>":"<_>","<eventid>":<eventiddata>,"<_>":<_>,"<eventtype>":"<eventtypedata>","<eventcategory>":<eventcategorydata>,"<_>" | eventiddata = “4624”

I’m not getting any data back, even when there is a 4624 systemevent. Do I use it the wrong way ?
Any suggestions are welcome
Kind regards

fatcharly

fatcharly · January 24, 2022, 5:36pm

Or is it possible to work with the detected fields grafana shows for the log ? In the Documentation is something mentioned about “_extracted” but I don’t know how to use it.

system · January 24, 2023, 5:37pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parse data from windows events log and extract lables from "event_data" Grafana Loki loki , promtail	3	185	June 20, 2024
Can Windows Event Logs be filtered by Event ID and/or Level (Information etc) by Promtail Grafana Loki	1	298	April 30, 2024
Promtail on Windows Server 2019 Grafana Loki	2	1072	January 24, 2023
Loki - Windows Event Logs Grafana Loki loki	1	4690	September 28, 2020
Cannot see Windows Event Log messages in Grafana Cloud Grafana Cloud loki , windows	0	944	March 1, 2022

Loki patterns and windows systemevents

Related topics