I would like to change date of log, which is sent to LOKI by promtail. Example of log lines, promtail and docker-compose is below.
Result
- experimentally I added timestamp as label, and it was in LOKI
- the captured group added added in section timestamp doesn’t work
Can you please help in this config? How to correct promtail file to have correct date in log?
2024-01-06 22:05:00 104.159.65.72 “GET /services HTTP/1.1” 106 12642
2024-01-06 22:06:00 104.159.65.73 “GET /services HTTP/1.1” 206 13642
2024-01-06 22:07:00 104.159.65.74 “GET /services HTTP/1.1” 306 14642
2024-01-06 22:07:00 104.159.65.75 “GET /services HTTP/1.1” 406 15642
promtail config like below:
server:
http_listen_port: 9080
grpc_listen_port: 0
log_level: “info”positions:
filename: /tmp/positions.yamlclients:
- url: http://loki:3100/loki/api/v1/push
tenant_id: dockerscrape_configs:
- job_name: moc-logs
static_configs:
- targets:
- localhost
labels:
env: dev
job: moc-logs
path: /var/log/moc-logs.txt
pipeline_stages:- regex:
expression: ‘^(?P<timestamp\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?P<ip\d+.\d+.\d+.\d+) “(?P<method[A-Z]+) (?P<path[^”]+)" (?P<status\d+) (?P<size\d+)’- timestamp:
source: timestamp
location: Europe/Warsaw
format: ‘2024-01-06 22:05:00’- labels:
timestamp:
------ docker compose
version: “3”
volumes:
grafana:
prometheus:
loki:networks:
loki:services:
loki:
image: grafana/loki:2.8.3
ports:
- “3100:3100”
volumes:
- ./config/loki2.yaml:/etc/loki/local-config.yaml
- ./test_data:/lokicommand: -config.file=/etc/loki/local-config.yaml
-config.expand-env=true
networks: - lokipromtail:
image: grafana/promtail:2.8.3
volumes:
- ./test_logs/:/var/log/
- ./config/promtail.yaml:/etc/promtail/promtail.yaml
command: -config.file=/etc/promtail/promtail.yaml
networks:
- loki