1. What is the Grafana Alloy UI for?
Grafana Alloy integrates a local HTTP server that exposes a rich user interface (UI). This interface is an indispensable tool for any administrator or developer working on observability pipelines.
Main features
Alloy's web interface meets several critical needs:
- Graph Visualization (DAG): Alloy transforms your declarative code (River) into a Directed Acyclic Graph (DAG). The UI lets you visually see how components are interconnected.
- Component Debugging: You can inspect the state of each component in real-time, view its inputs (Arguments), its outputs (Exports), and internal debugging data.
- Health Monitoring: The UI immediately displays which components are in error (Unhealthy) along with the associated error message.
- Clustering Management: If clustering mode is enabled, a dedicated page allows seeing the status of the various peers in the cluster.
2. How to enable and expose the UI?
By default, Grafana Alloy starts its HTTP server on port 12345, but only on the local loopback interface (localhost).
Default local access
If you are connected via SSH to the machine or running Alloy locally, the UI is immediately accessible at: http://127.0.0.1:12345.
Exposing the UI on the network
To access the UI from another machine (e.g., from your web browser to a remote server), you need to modify the HTTP server's listening address upon launching Alloy.
// Launch via command line
alloy run --server.http.listen-addr=0.0.0.0:12345 config.riverIf you use Alloy via systemd (Linux), modify the environment file (usually /etc/default/alloy) to add this parameter to the startup arguments:
ALLOY_ARGS="run --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.river"3. Understanding the displayed information
The interface is divided into several key tabs that help you navigate your configuration.
The "Graph" tab
It displays the topology of your pipeline. Each component is a node, and the arrows represent the data flow (dependencies). A green node indicates the component is healthy, a red node signals an error. This is ideal for checking if an export component (like loki.write) is properly linked to your source (like loki.source.file).
The "Components" tab
This is where true debugging happens. By clicking on a component, you will see:
- Arguments: What the component received (evaluated configuration).
- Exports: What the component makes available to others (very useful to verify what a
discoverycomponent actually found). - Debug Info: Contextual information specific to the component (e.g., targets currently being scraped by
prometheus.scrape).
4. Access to "/metrics" and profiling
Alloy's HTTP server does more than just display a graphical interface. It also exposes vital endpoints for self-monitoring.
The /metrics endpoint
Accessible via http://<ip>:12345/metrics, this endpoint exposes all health, performance, and state metrics of the Alloy process itself, in Prometheus format. Although viewable in a browser, it is designed to be scraped by a prometheus.scrape component to feed your Grafana dashboards.
Profiling via /debug/pprof
For complex performance issues (memory leaks, abnormal CPU usage), Alloy exposes standard Go profiling endpoints (pprof) under /debug/pprof/. This data can be collected and sent to Grafana Pyroscope using the pyroscope.scrape component for continuous runtime code analysis.
5. Security and Best Practices
Exposing the UI and metrics comes with security responsibilities.
Never expose the UI publicly
Grafana Alloy's interface does not natively include an authentication system (login/password). If you expose port 12345 to the Internet (0.0.0.0), anyone can view your internal architecture, configurations, and potentially secrets evaluated in component arguments.
RECOMMENDATION: If remote access is necessary, place Grafana Alloy behind a reverse proxy (like Traefik or Nginx) or a secure tunnel (like Cloudflare Tunnels or Tailscale) with strong authentication (Basic Auth, OAuth).