Hello I am testing this we are getting very close ...
# supportn
Noor Ali
10/05/2023, 8:09 PMHello I am testing this we are getting very close I had few demo and POC is done looks good but we are testing regex to parse are logs. 2023/10/05 200355 application run finished with error: failed to get config: cannot unmarshal the configuration: 1 error(s) decoding:
* error decoding 'receivers': error reading configuration for "filelog": 1 error(s) decoding:
* error decoding 'operators[0]': unmarshal to regex_parser: 1 error(s) decoding:
* error decoding 'timestamp': 1 error(s) decoding:
* error decoding 'parse_from': unrecognized prefix
Noor Ali
10/05/2023, 8:10 PMI currently using this setup receivers:
filelog:
include: [ /tmp/startServer.log ]
start_at: beginning
operators:
- type: regex_parser
regex: (?:).\d+\D+\d+\D+\d+\D+\d\S+\W+\+?\w+\w+\w+(?P<body>.*)
timestamp:
parse_from: attribute.time
layout: '%q-%d-%y-%H-%M-%S-%L-%Z-%S'
tcplog/docker:
listen_address: "0.0.0.0:2255"
operators:
- type: regex_parser
regex: '^\[(?P<time>\d+\/\d+\/\d+ \d{2}\d+\d{2}:\d{3} UTC)\](?P<body>.*)'
timestamp:
parse_from: attributes.timestamp
layout: '%Y-%m-%dT%H:%M:%S.%LZ'
- type: move
from: attributes["body"]
to: body
- type: remove
field: attributes.timestamp
Noor Ali
10/10/2023, 5:58 PMNow I am getting this error 2023/10/10 175659 application run finished with error: failed to build pipelines: failed to create "filelog" receiver for data type "logs": compiling regex: error parsing regexp: invalid or unsupported Perl syntax:
(?'Noor Ali
10/10/2023, 5:59 PMWhere is this getting from first operator or second operator current config on my local host receivers:
filelog:
include: [ /tmp/startServer.log ]
start_at: beginning
operators:
- type: regex_parser
regex: (\S+\d+\D+)(\S+\d+\d+)([a-zA-Z]\D+\W+\S+)+([a-z]+\W+\S+\D+)(?P<body>.*)(?'timestamp'\S+)|$
timestamp:
parse_from: attributes.timestamp_field
layout: '%Y-%m-%d,%H:%M:%S %z'
- type: move
from: attributes["body"]
to: body
- type: remove
field: attributes.timestamp
tcplog/docker:
listen_address: "0.0.0.0:2255"
operators:
- type: regex_parser
regex: '^\[(?P<time>\d+\/\d+\/\d+ \d{2}\d+\d{2}:\d{3} UTC)\](?P<body>.*)'
timestamp:
parse_from: attributes.timestamp
layout: '%Y-%m-%dT%H:%M:%S.%LZ'
- type: move
from: attributes["body"]
to: body
- type: remove
field: attributes.timestamp
Noor Ali
10/12/2023, 5:53 PMI am need to know why it is not working with this config now operators: line 5, 6,7,8 and 10 2023/10/12 174432 application run finished with error: failed to get config: cannot resolve the configuration: cannot retrieve the configuration: yaml: line 10: mapping values are not allowed in this context - type: regex_parser
regex: '(\S+\d+\D+)(S\+\d+\d+)[0-9]\D+\W+\S+([a-z]+\W+\S+\D+)(?P<bod>.*)>.*|(?P<timestamp>\S+)|.parseTimestamp(field=timestamp)'
timestamp:
parse_from: attributes.timestamp
layout: '%Y-%m-%dT%H:%M:%S.%LZ'
- type: move
from: attributes["body"]
to: body
- type: remove
field: attributes.timestamp
Noor Ali
10/12/2023, 8:01 PMI just used this tool to check my yaml config it looks good using this tool
Noor Ali
10/12/2023, 8:09 PMSince it was driving me crazy I used second tool to validate the whole yamal config file it shows to be clean.
2 Views