Hello! I have log data that is a mix of JSON and unstructured data. I’d like to use regex to extract fields from this data.
For example, I’m using the following:
|~ \"method\":\"(?P<method>\w+)\"
Example log record:
INFO – : {“method”:“GET”,“path”:“/v1/api,“format”:”/ ",“status”:200}
Loki matches the row, but is not extracting the field.
I’m guessing I’m doing something simple wrong, but after quite a bit of trial and error and some G searches I still don’t have the answer.
Any help appreciated!
How about this?
{SELECTOR} | regexp "^([^:]*):(?P<JSON>.*)" | line_format "{{ .JSON }}" | json
Or see LogQL Analyzer | Grafana Loki documentation .
Thanks Tony for the reply. If I run the regex in isolation I am selecting the right content, but shouldn’t line_format “{{.JSON}}” output the matched regex group? It’s returning an empty string for some reason and this is causing the " | json " step to fail.
Yes, the JSON in the "{{ .JSON }}" part should match with the regex group name from the previous stage.
Try the log analyzer, and perhaps share a link so I can see why it’s not working for you.
system
April 26, 2024, 3:49pm
5
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
