February 5, 2025
using openobserve
openobserve is a obervability server (backend for metrics, traces and logs) for free.
how it works
send windows event logs, metrics and other observability data to an opentelemetry backend using a opentelemetry collector.
prepare your backend
-
start the server with an admin account
-
add more users (unfortunately not service accounts)
networks:
loki:
volumes:
o2-data:
labels:
org.manathome.description: "openobserve data storage"
services:
openobserve:
image: public.ecr.aws/zinclabs/openobserve:latest
container_name: openobserve
restart: unless-stopped
environment:
ZO_ROOT_USER_EMAIL: "man.from.home@gmail.com"
ZO_ROOT_USER_PASSWORD: "(use your own)"
ports:
- "5080:5080"
volumes:
- o2-data:/data
networks:
- loki
openobserve-init:
image: curlimages/curl:latest
container_name: openobserve-init
entrypoint: >
/bin/sh -c "
echo 'Waiting for openobserve...';
until curl -s http://openobserve:5080/healthz; do
echo 'Waiting for OpenObserve to be ready...';
sleep 2;
done;
echo 'Create Account...';
curl -X POST http://openobserve:5080/api/default/users \
-H 'Content-Type: application/json' \
-H 'authorization: Basic (encoded from above)' \
-d '{\"email\":\"o2-log-account@gmail.com\",\"role\":\"admin\",\"password\":\"(another-pw-choose-yourself)\"}';
echo '..';
echo 'account setup completed.'"
restart: "no"
depends_on:
- openobserve
networks:
- loki
caveats
I could not create service accounts (needed for agents authentication) on startup or via api. So I could not ramp up a fresh environment via IaC as intended.