Hello everyone,I’m using Grafana - Loki - Promtail to gather and view the Syslog messages and I’m trying to parse a specific part of these logs that are in the JSON format, but it’s not working. I’m not sure if this is even possible in the first place, to be honest so, any help is appreciated.
Config file:
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://localhost:3100/loki/api/v1/push
scrape_configs:
- job_name: syslog
syslog:
listen_address: 0.0.0.0:514
idle_timeout: 60s
label_structured_data: no
labels:
job: "syslog"
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'host'
- source_labels: ['__syslog_connection_hostname']
target_label: 'pod_hostname'
- source_labels: ['__syslog_connection_ip_address']
target_label: 'container_ip'
- source_labels: ['__syslog_message_severity']
target_label: 'severity'
- source_labels: ['__syslog_message_facility']
target_label: 'facility'
- source_labels: ['__syslog_message_app_name']
target_label: 'appname'
- source_labels: ['__syslog_message_proc_id']
target_label: 'procid'
- source_labels: ['__syslog_message_msg_id']
target_label: 'msgid'
pipeline_stages:
- match:
selector: '{appname="deployer"}'
stages:
- json:
expressions:
user_id: user_id
event: event
instance_id: instance_id
component: component
- labels:
user_id:
event:
instance_id:
component:
Sample log:
