Promtail didn't parse logs

Here is what my promtail configuration looks like:

server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /tmp/positions.yaml

client:
  url: http://localhost:3100/loki/api/v1/push

scrape_configs:
 - job_name: system
   pipeline_stages:
   - match:
      selector: '{name="promtail"}'
      stages:
      - regex:
          expression: '(?P<ip>^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*(?P<datetime>[0-9]{2}\/[a-zA-Z]{3}\/[0-9]{1,4}:[0-9]{2}:[0-9]{2}:[0-9]{2}).*(?P<method>DELETE|PUT|POST|GET).*(?P<endpoint>usr/[a-z]*/[a-z]*|usr/[a-z]*|usr).*(?P<status> [0-9]{3}).*(?P<response_bytes> [0-9]{4} ).*(?P<user_agent>"(.*?)").*(?P<response_time> [0-9]{2,4})'
      - labels:
          ip:
          method:
          endpoint:
          status:
          response_bytes:
          user_agent:
          response_time:
      - timestamp:
          format: 27/Dec/2037:12:00:00
          source: datetime
   static_configs:
   - targets:
      - localhost
     labels:
      job: varlogs
      host: yourhost
      __path__: C:\Users\umutc\Desktop\denme.log

Here is what Logs in grafana looks like:

image1590×178 19.4 KB

As you see, none of the labels which promtail would put seems. what is the problem?

Please provide an example log in text form.

I’d try a couple of things:

1. Double check and make sure your regex actually works (i can’t confirm since i can’t see the entirety of your logs).
2. Try double escaping in your regex (for example (?P<datetime>[0-9]{2}\\/[a-zA-Z]{3}\\/[0-9]{1,4}:[0-9]{2}:[0-9]{2}:[0-9]{2})
3. Try single escape but use ` instead of double quotes to enclose the regex string.
4. Run promtail in debug mode with inspection flag and see what’s happening.