Loki Promtail custom logs and Regex named Group problem

erikh · August 4, 2021, 5:39am

Good morning everyone,

I have a problem with a regex statement when analyzing a log file.
The log file returns the following lines:

[2021-07-01 17:59:34 CEST] PPP (warning) : IPCP - Pack DNS 2 configuration request
[2021-07-01 17:59:34 CEST] PPP (verbose) : IPCP - send request.
[2021-07-01 17:59:34 CEST] PPP (verbose) : IPCP - receive configuration request.
[2021-07-01 17:59:34 CEST] PPP (verbose) : IPCP - Send configuration ack.
[2021-07-01 17:59:34 CEST] PPP (verbose) : IPCP - receive configuration ack.
[2021-07-01 17:59:34 CEST] PPP (verbose) : IP link up.
[2021-07-01 17:59:34 CEST] Communication (verbose) : Interface ppp0 is up
[2021-07-01 17:59:34 CEST] Communication (verbose) : Interface ppp0 is up
[2021-07-01 17:59:34 CEST] TCPIP (verbose) : Default route is ppp0
[2021-07-01 17:59:36 CEST] PPP (verbose) : Client link up.
[2021-07-01 17:59:36 CEST] TCPIP (verbose) : send DNS query to preferred server (10.74.210.210)
[2021-07-01 17:59:36 CEST] TCPIP (verbose) : DNS query success
[2021-07-01 17:59:38 CEST] VPN (verbose) : openvpn : >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
[2021-07-01 17:59:40 CEST] VPN (verbose) : openvpn : SUCCESS: real-time state notification set to ON
[2021-07-01 17:59:40 CEST] VPN (verbose) : openvpn : >STATE:1627833580,AUTH,,,,,,
[2021-07-01 17:59:53 CEST] VPN (verbose) : openvpn : >STATE:1627833593,GET_CONFIG,,,,,,
[2021-07-01 17:59:53 CEST] Communication (verbose) : Interface tun0 is down
[2021-07-01 17:59:53 CEST] Communication (verbose) : Interface tun0 is up
[2021-07-01 17:59:56 CEST] VPN (verbose) : openvpn : >STATE:1627833593,ASSIGN_IP,,10.8.0.10,,,,
[2021-07-01 17:59:56 CEST] VPN (verbose) : openvpn : >STATE:1627833593,ADD_ROUTES,,,,,,
[2021-07-01 17:59:56 CEST] VPN (verbose) : openvpn : >STATE:1627833596,CONNECTED,SUCCESS,10.8.0.10,46.165.191.51,1200,,

The regex statement I’m using is:
^(?P[\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}\sCEST]) (?P\w*\s\w*|\w*) ((?P\w*)) : (?P.) [:|-] (?P.)

This statement captures lines like this quite well:

[2021-07-01 17:59:40 CEST] VPN (verbose) : openvpn : SUCCESS: real-time state notification set to ON

or

[2021-07-01 17:59:34 CEST] PPP (warning) : IPCP - Pack DNS 2 configuration request

But lines like this are totally neglected:

[2021-07-01 17:59:34 CEST] Communication (verbose) : Interface ppp0 is up

The problem is, that the “Instance”-Group is not necessary for this line.
Is there any way to do this with regex or is there another, better technic to do this?

Thanks a lot!

Erik

system · August 4, 2022, 5:39am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Promtail - regex pipeline vs. pattern parser in Loki Grafana Loki	5	3871	June 27, 2024
Issue with regex pattern in scrape config for Grafana Loki and Promtail configuration deployed on K8S Grafana Loki loki , regex	5	231	June 27, 2024
Parsing logs with promtail and loki Grafana Loki loki , configuration , promtail	16	14041	September 21, 2024
Promtail regex not match with ANSI color Grafana Loki	2	463	September 5, 2024
Why after set promtail pipline stage regex ,then the entry log will be duplicated? Grafana Loki	1	298	August 5, 2023

Loki Promtail custom logs and Regex named Group problem

Related topics