Hi teams,
I want to create a visualization that will count each log level and show it in a graph.
Here is my query: sum by(severity,level) (count_over_time({source=“sys-varlogs”,zone=“Staging”, vm_name=“lum1-cicd-1-a”} | json | logfmt | drop error , error_details [$__range]))
For the logs that have “severity” and “level” fields. My query is work.
But with the logs that don’t have “severity” and “level” fields. It just only has values of log-level such as “INFO”, “WARN”, “DEBUG”, “DDEBUG”, my query is not work.
I have many log sources, they have different formats, and can not use 1 query for all of them. Is there any way to add a condition to define which source, use which query?
You should separate your log streams by labels. For example, if you have multiple log files being scraped from a VM and they all have different format, perhaps adding a filename label would be a good idea so you can parse different logs using different logic.
Hi @tonyswumac
I have Jenkins log format like this:
2024-03-04 10:27:59.115+0000 [id=38118] INFO hudson.model.AsyncPeriodicWork#lambda$doRun$1: Started DockerContainerWatchdog Asynchronous Periodic Work
I’m trying to use pattern to separate log-level from the log,
The query like this: sum by(severity,level) (count_over_time({source=“jenkins”,zone=“Staging”, vm_name=“lum1-cicd-1-a”} | pattern <date> <time> <level> <_> <message> <_> | drop error , error_details [$__range]))
But I can not separate this string:
“[id=38118] INFO hudson.model.AsyncPeriodicWork#lambda$doRun$1:”
