Promtail didn't parse logs

Here is what my promtail configuration looks like:

server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /tmp/positions.yaml

client:
  url: http://localhost:3100/loki/api/v1/push

scrape_configs:
 - job_name: system
   pipeline_stages:
   - match:
      selector: '{name="promtail"}'
      stages:
      - regex:
          expression: '(?P<ip>^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*(?P<datetime>[0-9]{2}\/[a-zA-Z]{3}\/[0-9]{1,4}:[0-9]{2}:[0-9]{2}:[0-9]{2}).*(?P<method>DELETE|PUT|POST|GET).*(?P<endpoint>usr/[a-z]*/[a-z]*|usr/[a-z]*|usr).*(?P<status> [0-9]{3}).*(?P<response_bytes> [0-9]{4} ).*(?P<user_agent>"(.*?)").*(?P<response_time> [0-9]{2,4})'
      - labels:
          ip:
          method:
          endpoint:
          status:
          response_bytes:
          user_agent:
          response_time:
      - timestamp:
          format: 27/Dec/2037:12:00:00
          source: datetime
   static_configs:
   - targets:
      - localhost
     labels:
      job: varlogs
      host: yourhost
      __path__: C:\Users\umutc\Desktop\denme.log

Here is what Logs in grafana looks like:

image1590×178 19.4 KB

As you see, none of the labels which promtail would put seems. what is the problem?

Please provide an example log in text form.

I’d try a couple of things:

1. Double check and make sure your regex actually works (i can’t confirm since i can’t see the entirety of your logs).
2. Try double escaping in your regex (for example (?P<datetime>[0-9]{2}\\/[a-zA-Z]{3}\\/[0-9]{1,4}:[0-9]{2}:[0-9]{2}:[0-9]{2})
3. Try single escape but use ` instead of double quotes to enclose the regex string.
4. Run promtail in debug mode with inspection flag and see what’s happening.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.