Menu
Documentationbreadcrumb arrow breadcrumb arrow Grafana Alloybreadcrumb arrow Configurebreadcrumb arrow Windows

Configure Grafana Alloy on Windows

To configure Alloy on Windows, perform the following steps:

  1. Edit the default configuration file at %PROGRAMFILES%\GrafanaLabs\Alloy\config.alloy.

  2. Restart the Alloy service:

    1. Open the Windows Services manager:

      1. Right click on the Start Menu and select Run.

      2. Type services.msc and click OK.

    2. Right click on the service called Alloy.

    3. Click on All Tasks > Restart.

Change command-line arguments

By default, the Alloy service will launch and pass the following arguments to the Alloy binary:

  • run
  • %PROGRAMFILES%\GrafanaLabs\Alloy\config.alloy
  • --storage.path=%PROGRAMDATA%\GrafanaLabs\Alloy\data

To change the set of command-line arguments passed to the Alloy binary, perform the following steps:

  1. Open the Registry Editor:

    1. Right click on the Start Menu and select Run.

    2. Type regedit and click OK.

  2. Navigate to the key at the path HKEY_LOCAL_MACHINE\SOFTWARE\GrafanaLabs\Alloy.

  3. Double-click on the value called Arguments*.

  4. In the dialog box, enter the arguments to pass to the Alloy binary. Make sure that each argument is on its own line.

  5. Restart the Alloy service:

    1. Open the Windows Services manager:

      1. Right click on the Start Menu and select Run.

      2. Type services.msc and click OK.

    2. Right click on the service called Alloy.

    3. Click on All Tasks > Restart.

Change environment variable values

The Go runtime provides several ways to modify the execution of a binary using environment variables.

To change the environment variables used by Alloy, perform the following steps.

  1. Open the Registry Editor:

    1. Right click on the Start Menu and select Run.

    2. Type regedit and click OK.

  2. Navigate to the key at the path HKEY_LOCAL_MACHINE\SOFTWARE\GrafanaLabs\Alloy.

  3. Double-click on the multi-string value called Environment*.

  4. In the dialog box, enter the environment variable values to pass to the Alloy binary. Make sure that each variable is on its own line.

  5. Restart the Alloy service:

    1. Open the Windows Services manager (services.msc):

      1. Right click on the Start Menu and select Run.

      2. Type services.msc and click OK.

    2. Right click on the service called Alloy.

    3. Click on All Tasks > Restart.

Expose the UI to other machines

By default, Alloy listens on the local network for its HTTP server. This prevents other machines on the network from being able to access the UI for debugging.

To expose the UI to other machines, complete the following steps:

  1. Follow Change command-line arguments to edit command line flags passed to Alloy.

  2. Add the following command line argument:

    shell 
    --server.http.listen-addr=LISTEN_ADDR:12345

    Replace the following:

    • <LISTEN_ADDR>: An IP address which other machines on the network have access to. For example, the IP address of the machine Alloy is running on.

      To listen on all interfaces, replace <LISTEN_ADDR> with 0.0.0.0.

Configure Windows permissions

To effectively monitor Windows telemetry with Alloy, the user account you use to run Alloy requires specific access permissions. These permissions ensure Alloy can collect the necessary data, manage its local storage, and communicate with other services. The exact permissions depend on your system’s security configuration and the specific telemetry you need to collect.

Windows security groups

To collect common Windows telemetry, for example event logs and performance counters, the user account you use to run Alloy should be a member of the following Windows security groups. These groups provide the minimum required read access.

  • Event Log Readers
    This group allows members to read data from local event logs, including Application, System, Security, and other custom logs. This is essential for any Alloy configuration that collects Windows Event Log data.
  • Performance Monitor Users
    This group allows non-administrator users to access performance counter data. This group is important for Alloy components that collect Windows performance metrics, for example CPU, memory, disk I/O, and network usage.
  • Performance Log Users
    This group is used to schedule logging of performance counter data and manage performance alerts. Performance Log Users is necessary for advanced or historical data collection scenarios, particularly those that involve the Windows Data Collector Sets.

File system and network permissions

Beyond the standard Windows groups, Alloy requires some specific permissions for its operational functions:

  • Storage directory permissions
    Alloy needs read, write, and modify permissions to manage files and directories within its data storage location. The default location for the data storage is %PROGRAMDATA%\GrafanaLabs\Alloy\data.
  • Application log file read permissions
    If you configure Alloy to read application log files directly from disk, the user account you use to run Alloy must have read access to those log files and their containing directories. You may need to modify the Access Control Lists for these resources or add the Alloy service account to a custom group that has these permissions.
  • Network access for telemetry destinations
    Alloy needs network connectivity and, if applicable, proxy configuration, to communicate with its configured telemetry endpoints. This includes source endpoints for scraping metrics from Prometheus exporters and pulling logs from remote APIs and destination endpoints for writing metrics to Prometheus or Grafana Cloud, and sending logs to Loki. Make sure your firewall rules allow outbound connections from the Alloy host to these destinations on the necessary ports.
  • Registry access
    The user account you use to run Alloy may need access to the Windows Registry to configure things like environment variables.
  • UI port listening permission
    If you want to enable the Alloy UI, the user account you use to run Alloy must have permission to listen on the configured UI port. The default port is 12345.
  • Run as a service permission
    By default, Alloy is installed and run as a Windows Service. The user account you use to run Alloy must have the Log on as a service user right.
  • Temporary directory management
    Depending on how you configure components and data processing, Alloy might require permissions to create, read, and write temporary files in the system’s designated temporary directories.
  • Process and service enumeration
    If you are using the process or service collectors within the integrated Windows Exporter, the user account you use to run Alloy must have permissions to enumerate all running processes and services on the system.