I’m trying to extract labels from log lines using regex. I wish stage.regex had an option to drop lines which don’t match, but since it doesn’t, I’m trying to do this with a stage.match block. Not sure why this isn’t working.
loki.process "filter_dante_controller" {
stage.regex {
expression = `^.* (?P<epoch_time>\d+) +(?P<level>\w+) +(?P<message>.*)$`
}
stage.match {
selector = `{epoch_time!~".*"}`
action = "drop"
}
stage.timestamp {
source = "epoch_time"
format = "UnixMs"
}
stage.output {
source = "message"
}
forward_to = [loki.write.grafanacloud.receiver]
}
Couple of things:
.* will literally match everything, including empty string.- You don’t have to drop the logs if you don’t want to. You can set timestamp only of epoch_time is not empty, and for the rest of logs it’ll just get sent to Loki with timestamp as ingestion time.
If you want to drop, try this:
loki.process "filter_dante_controller" {
forward_to = [loki.write.grafanacloud.receiver]
stage.regex {
expression = `^.* (?P<epoch_time>\d+) +(?P<level>\w+) +(?P<message>.*)$`
}
stage.drop {
source = "epoch_time"
expression = `.+`
action = "drop"
}
stage.timestamp {
source = "epoch_time"
format = "UnixMs"
}
stage.output {
source = "message"
}
}
Thanks for your suggestion. Changing * to + fixed my issue.
Your code actually doesn’t work because action is not valid in the stage.drop. But I did it like this:
stage.match {
selector = `{epoch_time!~".+"}`
action = "drop"
}
