I am using Loki.source.azure_event_hubs to get loglines from an event hub in Azure, and it is working ( I have my logline in Loki ). Each message inside the event-hub has this format - for example :
{
"timeStamp": "2024-12-12T00:10:49+00:00",
"time": "2024-12-12T00:10:49+00:00",
"resourceId": "/SUBSCRIPTIONS/",
"listenerName": "yyy-uuu-tytyytyytyt-ooo",
"ruleName": "rule-web-tytyytyytyt-com",
"backendPoolName": "bp-web-prd",
"backendSettingName": "bs-web-prd",
"operationName": "ddd",
"category": "fff",
"properties": {
"instanceId": "appgw_2444", "clientIP":"102.71.000.23", "clientPort":88876, "httpMethod":"GET", "originalRequestUriWithArgs":"\/v1\/RDCH\/LRDT\/simulation", "requestUri":"\/v1\/RDCH\/LRDT\/simulation", "requestQuery":"purchaseAmount=1.00", "userAgent":"tytyytyytyt\/10.34.0", "contentType":"", "error_info":"RINFO", "httpStatus":200, "httpVersion":"HTTP\/1.1", "receivedBytes":2598, "sentBytes":711, "connectionSerialNumber":111111, "noOfConnectionRequests":52, "clientResponseTime":0, "timeTaken":0.008, "EvaluationTime":"0.000", "WAFMode":"jjjj", "WAFPolicyID":"\-prd-frc-01", "transactionId":"7777", "sslEnabled":"on", "sslCipher":"EC-GCM-SHA384", "sslProtocol":"TLSv1.2", "sslClientVerify":"NONE", "sslClientCertificateFingerprint":"", "sslClientCertificateIssuerName":"", "serverRouted":"1", "serverStatus":"200", "serverResponseLatency":"0.008", "upstreamSourcePort":"444", "originalHost":"api.tytyytyytyt.com", "host":"api.tytyytyytyt.com"
}
}
I need to fetch two fields named “ruleName” + “httpStatus” present on the logline and add it as labels; I am using :
loki.relabel “logs_appgw” {
forward_to = [loki.write.grafana_loki.receiver]
rule {
source_labels = [“ruleName”]
target_label = “new_ruleName”
action = “replace”
regex = “(.*)”
replacement = “$1”
}
rule {
source_labels = [“httpStatus”]
target_label = “new_httpStatus”
action = “replace”
regex = “(.*)”
replacement = “$1”
}
}
But no success.
Any suggestions? thx in advance.