This message was deleted SigNoz Community #support

Join Slack

This message was deleted.

# support

Slackbot

10/06/2023, 4:13 PM

This message was deleted.

Srikanth Chekuri

10/06/2023, 10:06 PM

You can put a condition to avoid this error,

if 'key' in attributes

or something like that

Noor Ali

10/07/2023, 1:31 AM

Srikanth one more question this is my operator filelog: include: [ /tmp/startServer.log ] start_at: beginning operators: - type: regex_parser regex: (\D+)(\S+)([0-9]).([0-9])+(\S+)(\D)+(\W+)(\S{8})(\D+\D+)([A-Z]).([0-9]\w+:\D+) timestamp: layout: '%Y-%m-%d,%H:%M:%S %z' parse_from: attributes.timestamp_field - type: remove field: attributes.timestamp when restart the collector I get the following error 2023/10/07 012857 application run finished with error: failed to build pipelines: failed to create "filelog" receiver for data type "logs": no named capture groups in regex pattern. This regex parser tested ok in regex101 is this parser allowed in signoz

Noor Ali

10/09/2023, 4:24 PM

what is best regex pattern is allowed by signoz to run without giving the following error Error: failed to build pipelines: failed to create "filelog" receiver for data type "logs": no named capture groups in regex pattern 2023/10/09 162351 application run finished with error: failed to build pipelines: failed to create "filelog" receiver for data type "logs": no named capture groups in regex pattern

Srikanth Chekuri

10/10/2023, 12:11 AM

@nitya-signoz might be able to help

Noor Ali

10/10/2023, 3:03 AM

Hello Nitya I am currently using this - type: regex_parser regex: (\S+\d+\D+)(\S+\d+\d+)([0-9]\D+\W+\S+)+([a-z]+\W+\S+\D+) timestamp: parse_from: attributes.timestamp_field layout: '%Y-%m-%d,%H:%M:%S %z' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor Ali

10/10/2023, 3:04 AM

I am getting this error filelog" receiver for data type "logs": no named capture groups in regex pattern

Noor Ali

10/10/2023, 3:04 AM

Per Signoz all parse are test in regex101

nitya-signoz

10/10/2023, 5:31 AM

Since you are extracting

timestamp_field

and

body

form the regex those named group should be present in your regex

(\S+\d+\D+)(\S+\d+\d+)([0-9]\D+\W+\S+)+([a-z]+\W+\S+\D+)

https://github.com/StefanSchroeder/Golang-Regex-Tutorial/blob/master/01-chapter2.markdown#named-matches

Noor Ali

10/10/2023, 4:26 PM

Just wondering getting closer I made few changes I got this error 2023/10/10 162041 application run finished with error: failed to build pipelines: failed to create "filelog" receiver for data type "logs": compiling regex: error parsing regexp: invalid or unsupported Perl syntax:

(?<

nitya-signoz

10/12/2023, 5:07 AM

Can you choose golang as the language in regex101 and test your regex out ?

Noor Ali

10/12/2023, 12:00 PM

I currently have it setup this way filelog: include: [ /tmp/startServer.log ] start_at: beginning operators: - type: regex_parser regex: (\S+\d+\D+)(\S+\d+\d+)([0-9]\D+\W+\S+)+([a-z]+\W+\S+\D+)(?P<body>.*)|(?<timestamp>\S+)| parseTimestamp(field=timestamp) timestamp: parse_from: attributes.timestamp_field layout: '%Y-%m-%d,%H:%M:%S %z' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp tcplog/docker: listen_address: "0.0.0.0:2255" operators: - type: regex_parser regex: '^\[(?P<time>\d+\/\d+\/\d+ \d{2}\d+\d{2}:\d{3} UTC)\](?P<body>.*)' timestamp: parse_from: attributes.timestamp layout: '%Y-%m-%dT%H:%M:%S.%LZ' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor Ali

10/12/2023, 12:05 PM

Hello Nitya please review my word doc let me what else I need to do make it work for us thanks

I just did.docx

Noor Ali

10/12/2023, 4:35 PM

I need to know why it is not working for me if I am able to make this work I will be moving forward to deploy it next. Thanks

nitya-signoz

10/12/2023, 4:37 PM

can you share your config ? the regex in doc and the config doesn’t match. Also provide some sample log lines for testing it out.

Noor Ali

10/12/2023, 4:38 PM

eceivers: filelog: include: [ /tmp/startServer.log ] start_at: beginning operators: - type: regex_parser regex: layout: '%Y-%m-%d,%H:%M:%S.%z' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp tcplog/docker: listen_address: "0.0.0.0:2255" operators: - type: regex_parser regex: '^\[(?P<time>\d+\/\d+\/\d+ \d{2}\d+\d{2}:\d{3} UTC)\](?P<body>.*)' timestamp: parse_from: attributes.timestamp layout: '%Y-%m-%dT%H:%M:%S.%LZ' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor Ali

10/12/2023, 4:39 PM

This is what we or I am trying to parse 4/28/21 122354:157 UTC] 00000001 ManagerAdmin I TRAS0017I: The startup trace state is *=info. [4/28/21 122354:302 UTC] 00000001 AdminTool A ADMU0128I: Starting tool with the Custom01 profile [4/28/21 122354:305 UTC] 00000001 AdminTool A ADMU3100I: Reading configuration for server: igawas02 [4/28/21 122354:321 UTC] 00000001 ImplFactory W WSVR0072W: Ignoring undeclared override of interface, com.ibm.websphere.cluster.topography.DescriptionManager, with implementation, com.ibm.ws.cluster.propagation.bulletinboard.BBDescriptionManager [4/28/21 122354:574 UTC] 00000001 ModelMgr I WSVR0801I: Initializing all server configuration models

Noor Ali

10/12/2023, 4:41 PM

I have been trying to use(?P<timestamp>, <?(message>), (?P,<body>) and even <?P<Date>) but has been showing up with error

Noor Ali

10/12/2023, 4:42 PM

my last error now is this 2023/10/12 135349 application run finished with error: failed to get config: cannot resolve the configuration: cannot retrieve the configuration: yaml: line 8: mapping values are not allowed in this context

Noor Ali

10/12/2023, 4:42 PM

I need to know what I am doing in correct so I can educate my team member in the future thank you so much for helping me on this

nitya-signoz

10/12/2023, 4:47 PM

• The regex pattern is not present and it should be enclosed in quotes • The regex is not correct it doesn’t work (golang as language)

Noor Ali

10/12/2023, 4:57 PM

do you mean like this

Noor Ali

10/12/2023, 5:08 PM

I have this now it is matching now in regex

Noor Ali

10/12/2023, 5:11 PM

cape character 2023/10/12 171057 application run finished with error: failed to get config: cannot resolve the configuration: cannot retrieve the configuration: yaml: line 7: found unknown escape character

Noor Ali

10/12/2023, 5:13 PM

Please do tell me where is the issue in my config now receivers: filelog: include: [ /tmp/startServer.log ] start_at: beginning operators: - type: regex_parser regex: "(\S+\d+\D+)(S\+\d+\d+)[0-9]\D+\W+\S+([a-z]+\W+\S+\D+)(?P<bod>.*)>.*|(?P<timestamp>\S+)|parseTimestamp(field=timestamp)" layout: '%Y-%m-%d,%H:%M:%S.%z' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp tcplog/docker: listen_address: "0.0.0.0:2255" operators: - type: regex_parser regex: '^\[(?P<time>\d+\/\d+\/\d+ \d{2}\d+\d{2}:\d{3} UTC)\](?P<body>.*)' timestamp: parse_from: attributes.timestamp layout: '%Y-%m-%dT%H:%M:%S.%LZ' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor Ali

10/12/2023, 5:15 PM

2023/10/12 171502 application run finished with error: failed to get config: cannot resolve the configuration: cannot retrieve the configuration: yaml: line 5: did not find expected key with this config operators: - type: regex_parser regex: '(\S+\d+\D+)(S\+\d+\d+)[0-9]\D+\W+\S+([a-z]+\W+\S+\D+)(?P<bod>.*)>.*|(?P<timestamp>\S+)|parseTimestamp(field=timestamp)' layout: '%Y-%m-%d,%H:%M:%S.%z' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor Ali

10/12/2023, 5:19 PM

Does it have to do with my pass 30 day testing with my log in id just wondering that is all

28 Views

Open in Slack

Previous Next