Hi,
I am trying to only keep logs with line “ABC” and merge it with the next logs in line. But it is not seems to work. I have only the first line
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
- job_name: system
pipeline_stages:
- match:
selector: '{job="varlogs"} |= "ABC"'
stages:
- multiline:
firstline: '.*ABC.*'
max_wait_time: 1s
max_lines: 3
- regex:
expression: '^(?P<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}): .*'
- timestamp:
format: '2006-01-02T15:04:05'
source: time
- match:
selector: '{job="varlogs"} != "ABC"'
action: drop
static_configs:
- targets:
- localhost
labels:
job: varlogs
__path__: /var/log/*.log