1. Accueil
  2. Articles

Grafana Alloy: Syntax and Configuration (Alloy Language)

Publié le : 10/05/2026 à 10:00

Master Grafana Alloy's declarative syntax (River language), learn to manipulate configuration blocks, variables, and discover how to manage secrets securely.

1. Configuration blocks

Attributes, blocks, and expressions in River language.

Understanding the syntax

Alloy configuration is written in a file (usually config.river) using a declarative syntax heavily inspired by Terraform. A component is defined by a name and an identifier. Inside the block, you define attributes (e.g., url = "http://...") and potentially sub-blocks. Components export values that can be referenced by other components, thus creating the pipeline.

2. Variables and Functions

Using logic to make configurations dynamic.

Making the configuration dynamic

The River language allows you to use expressions to make your configuration dynamic. You can call built-in functions (like env("VAR_NAME") to read environment variables, or string manipulation functions) and define local configuration blocks (local.file) to reuse values, avoiding repetition and easing maintenance.

3. Secrets Management

Integrating environment variables and vault files.

Securing access

It is crucial not to store clear-text passwords or tokens in your configuration files. Alloy offers several methods to manage secrets: using the env() function, reading from secured files on disk, or integrating with third-party secret management solutions via specific components. Values marked as secrets are never displayed in clear text in logs or the UI.


Best Practice: Use the local.file component to read dynamically mounted secrets (like Kubernetes or Vault secrets) so that Alloy reacts automatically if the secret file changes without restarting the process.
Common Mistake: Hardcoding API tokens in the configuration file. This exposes the secret in your Git repository and in clear text in Alloy's UI (on port 12345).
local.file "mimir_api_key" {
  filename  = "/etc/alloy/secrets/mimir_token.txt"
  is_secret = true
}

prometheus.remote_write "cloud" {
  endpoint {
    url = "https://mimir-url/api/v1/push"
    basic_auth {
      username = "admin"
      password = local.file.mimir_api_key.content
    }
  }
}

4. Alloy Observability

Monitoring the health of its own pipelines via the native UI interface.

The local user interface

Alloy integrates an HTTP server (on port 12345 by default) that exposes a very useful graphical interface. This UI allows you to visualize the graph (DAG) of your components, check their status (Healthy/Unhealthy), and inspect evaluated arguments and exports for each component in real time. It is an indispensable tool for debugging your configurations.

Lien copié dans le presse-papiers !