I’m trying to relabel the component name in configuration based on a log keyword search using regex. However, the logs in Grafana Loki are still showing the default component label name instead of the expected “Firewall”.
scrape_configs:
- job_name: syslog
syslog:
listen_address: 0.0.0.0:1514
idle_timeout: 1h
label_structured_data: false
use_incoming_timestamp: true
labels:
component: “syslog-collector”
pipeline_stages:- regex:
expression: 'msg (?P\d+): <187>(?P\d+): (?P\S+) (\w{3} \d{2} \d{2}:\d{2}:\d{2}): (?P.*)'relabel_configs: - source_labels: [__syslog_message_hostname]
target_label: instance - source_labels: [component]
target_label: component
regex: ‘ASA’
replacement: ‘Firewall’
- regex:
We need to relabel depends on each matching each entry in message field.
if the message contains “ASA”, component label should be “Firewall”