Created
January 30, 2020 07:19
-
-
Save clayman083/4df41d1ee9fc3dd0598c90830a9c4740 to your computer and use it in GitHub Desktop.
Promtail config for syslog and extract labels from nginx logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
server: | |
http_listen_port: 9080 | |
grpc_listen_port: 0 | |
positions: | |
filename: /tmp/positions.yaml | |
client: | |
url: http://192.168.50.10:3100/api/prom/push | |
scrape_configs: | |
- job_name: syslog | |
syslog: | |
listen_address: 0.0.0.0:1514 | |
idle_timeout: 60s | |
label_structured_data: yes | |
labels: | |
job: syslog | |
tier: develop | |
relabel_configs: | |
- source_labels: ['__syslog_message_hostname'] | |
target_label: 'hostname' | |
- source_labels: ['__syslog_message_app_name'] | |
target_label: 'appname' | |
pipeline_stages: | |
- match: | |
selector: '{appname="nginx"}' | |
stages: | |
- json: | |
expressions: | |
message: message | |
timestamp: '"@timestamp"' | |
req: | |
res: | |
- json: | |
expressions: | |
request_method: method | |
request_host: host | |
source: req | |
- json: | |
expressions: | |
status_code: statusCode | |
source: res | |
- labels: | |
request_host: '' | |
request_method: '' | |
status_code: '' |
Hello and thanks for this amazing example, I don't know if you reply to any comment here but I'd like to say I used your method, and unfortunately, it didn't work. I'm gonna leave my config file and log example here in case if you were interested in giving me any help.
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://localhost:3100/loki/api/v1/push
scrape_configs:
- job_name: syslog
syslog:
listen_address: 0.0.0.0:514
idle_timeout: 60s
label_structured_data: no
labels:
job: "syslog"
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'host'
- source_labels: ['__syslog_connection_hostname']
target_label: 'pod_hostname'
- source_labels: ['__syslog_connection_ip_address']
target_label: 'container_ip'
- source_labels: ['__syslog_message_severity']
target_label: 'severity'
- source_labels: ['__syslog_message_facility']
target_label: 'facility'
- source_labels: ['__syslog_message_app_name']
target_label: 'appname'
- source_labels: ['__syslog_message_proc_id']
target_label: 'procid'
- source_labels: ['__syslog_message_msg_id']
target_label: 'msgid'
pipeline_stages:
- match:
selector: '{appname="deployer"}'
stages:
- json:
expressions:
user_id: user_id
event: event
instance_id: instance_id
component: component
- labels:
user_id:
event:
instance_id:
component:
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nginx logging config