How to reference regex named-capture-group in an alert description?

dotheevo · March 5, 2023, 1:20pm

using loki for minecraft server logs
got alert that sends notice when a player joins
everything works nicely, but I want the name of that player
digging around I see this help about using regex named capture groups
I created a query with regex capture group named player, that I tested against the logs

Is there a way to use that named group in alert summary, description?

The way we can use values in other expressions of the alert expression, like {{ $values.B }} in my case gives me number of counted “player joined” occurrences.

here is my full query

count_over_time({compose_service="minecraft"} |= `joined the game` | regexp `.*:\s(?P<player>.*)\sjoined the game$` [5m])

dotheevo · March 7, 2023, 12:41am

ok, solved this.

Promtail was the answer. Not using alerting, but setting promtail to regex logs it pushes and add a label if something fits. Was surprise that just some cut down version of a code from stackoverflow worked straight away.

Heres promtail-config.yml with the pipeline_stages and regex and label assignment

clients:
  - url: http://loki:3100/loki/api/v1/push

scrape_configs:
  - job_name: minecraft
    static_configs:
      - targets:
          - localhost
        labels:
          job: minecraft_logs
          __path__: /var/log/minecraft/*.log
    pipeline_stages:
    - regex:
        expression: '.*:\s(?P<player>.*)\sjoined the game$'
    - labels:
        player:

and in alert summary

{{ $labels.player }} joined the game