Good afternoon, I am collecting nginx logs through Promtail. There is a message string in the log. I need to parse it through regular expression and add it to the label for query, but an error message “error sending batch, will retry” status=429 tenant= error=“server returned HTTP status 429 Too Many Requests (429): Maximum active stream limit exceeded when trying to create stream” appears. The configuration is as follows: server:
log_level: debug
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /opt/promtail/positions.yaml
clients:
scrape_configs:
- job_name: yxyw_nginx
pipeline_stages: - json:
expressions:
source: source - drop:
source: “source”
expression: “.error.”
-json:
expressions:
time: ‘“@timestamp”’
message: message - regex:
- source: “message”
- expression: “^(?P<remote_addr>[^|])\|(?P<remote_user>[^|])\|(?P<log_time>[^|])\|[^|]\|(?P<http_host>[^|])\|(?P[^|])\|.*”
- labels:
- time:
- remote_addr:
- status:
The log sample is as follows:
{ “@timestamp”: “2024-12-02T06:11:24+08:00”, “host”: “zjhz-yxyw-ponweb2”, “severity”: 6, “facility”: 23, “syslog-tag”: “yxpt_147_access_ngxlog:”, “source”: “yxpt_147_access_ngxlog”, “message”: " 188.106.172.167|-|2024-12-02 06:11:24|"GET /nginx_status HTTP/1.1"|10.212.223.147:80|502|502|497|"-"|"Go-http-client/1.1"|-|-|188.103.117.186:9006|0.005|-|0.005" }