How to Capture Time and Reponse Time from access logs and convert into alert

abhishekkannawar · November 4, 2024, 8:23am

Hello Grafana Experts,

I have below log line which I have ingested in Grafana loki and now I want to extract the timestamp and ResponseTime from this log line.

Log Query : {domain=“dev1”, env=“dev”, job=“access-logs”} |~ SNCalculateQuoteSalesTaxServiceV2 | regexp (?P<timeStamp>(?P<date>\S+\s[0-9]+:[0-9]+):[0-9]+)\s(?P<responseTime>\S+)\s(?P<httpMethod>\S+)\s(?P<ecid>\S+)\s\S+\s(?P<uri>\S+)\s(?P<httpResponse>\S+)\s\S+

My goal is to create Time series using timestamp and responseTime and create an alert if responseTime is greater than 1secs.

It would be appreciate if can help me on this

tonyswumac · November 4, 2024, 6:25pm

You don’t need timestamp, your ruler should naturally be processing your queries for the past however minutes specified.

Try this (not tested)

max(
  max_over_time(
    {domain="dev1", env="dev", job="access-logs"}
      |~ SNCalculateQuoteSalesTaxServiceV2
      | regexp `(?P<timeStamp>(?P<date>\S+\s[0-9]+:[0-9]+):[0-9]+)\s(?P<responseTime>\S+)\s(?P<httpMethod>\S+)\s(?P<ecid>\S+)\s\S+\s(?P<uri>\S+)\s(?P<httpResponse>\S+)\s\S+`
      | unwrap responseTime
      | __error__=""
    [5m]
  )
)

Topic		Replies	Views
Grafana Loki timestamp Grafana Loki	1	344	January 2, 2024
Configure promtail to extract timestamp from log line Prometheus promtail	1	984	July 5, 2023
Create Dashboards from log file entry key value pairs Grafana Loki	1	727	November 17, 2022
Timestamp not recognized in old logs / regex Grafana Loki loki , regex , timestamp	3	1383	April 25, 2024
Timestamp hh:mm:ss Grafana Loki	16	2867	September 21, 2022

How to Capture Time and Reponse Time from access logs and convert into alert

Related topics