1

I have been trying to ingest data into influx from a log file. The structure is as follows

2020-12-20 09:03:33.867 [http-nio-8080-exec-1] [] INFO  FCPROCESS_WEB_DIGEST - (process.IndexController.index,/api/index,Y,0ms),

I have used this pattern

[[inputs.logparser]]
   files = ["/etc/telegraf/example/fcprocess1.log"]
   from_beginning = true
   [inputs.logparser.grok]
      measurement = "fcprocess1"
      patterns = [ "%{COMBINED_LOG_FORMAT}", "%{TIMESTAMP_ISO8601:date:tag} \\[%{NOTSPACE:thread:tag}\\] \\[\\] %{NOTSPACE:level:tag}  %{NOTSPACE:filename:tag} \\- \\(%{NOTSPACE:handler:tag}\\.%{NOTSPACE:controller}\\.%{NOTSPACE:path}\\,%{NOTSPACE:msg:tag}\\,%{NOTSPACE:flag:tag}\\,%{NOTSPACE:cost:tag}\\),"]
   [inputs.logparser.tags]
       value = "1"

Can I get help regarding formulating the pattern ? thank you

jaco0646
  • 15,303
  • 7
  • 59
  • 83
kongda
  • 11
  • 1

1 Answers1

0

Please fine the grok pattern below that matches your log:

%{TIMESTAMP_ISO8601:timestamp} \[%{DATA:thread}\] \[\] %{LOGLEVEL:loglevel} %{DATA:filename} \- \(%{WORD:handler}\.%{WORD:controller}\.%{WORD:tag}\,%{DATA:path}\,%{WORD:flag}\,%{INT:cost}ms\)\,

You can use any grok debugger to check the grok pattern is matching your log or not. Here I have used https://grokdebug.herokuapp.com/ to check the same.

Output screenshot:

enter image description here enter image description here enter image description here enter image description here

Sourav
  • 3,025
  • 2
  • 13
  • 29