This config is verified to push one of the two log lines below to Loki, and dropping all others.
Dry Run
cat livelogsample.log | /usr/bin/promtail --stdin --config.file=“/etc/promtail/config.yml” --dry-run
config.yml
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
- job_name: Live
static_configs:
- targets:
- localhosts
labels:
job: Live
__path__: /var/log/log/*/*.*
pipeline_stages:
- match:
# Drop lines that do NOT have "reason for BYE"
# "|~" would drop log lines that included "reason for BYE"
selector: '{job="Live"} !~ "reason for BYE"'
action: drop
drop_counter_reason: not_rfb_line
- match:
selector: '{job="Live"}'
stages:
- labels:
timesamp:
- timestamp:
source: timestamp
format: "Jan 02 15:04:05"
Log Lines
Example: Of the two log lines below, only this log line will end up in Loki.
Jun 27 22:19:09 notice: reason for BYE from 12345 / 0987634 - Network change to MOBILE
Jun 27 22:19:09 notice: reason for BYE from 12345 / 0987634 - Network change to MOBILE
Jul 1 00:56:06 notice: Success9876543 71 PresencePoster.cpp@129 ThreadRunning: Successfully posted in 51ms
Note
- Need to verify timestamp, don’t know/think this is getting into Loki as expected.
- I’ll use pattern parser/filter expression in Loki to query, not any more modifications in promtail.
- This post helped me sort this out: timestamp stage not working as expected · Issue #5928 · grafana/loki · GitHub
