Since I posted this a few days ago and got tagged for potential spam I have since gotten quite a bit further and resolved this particular issue. Specifically I needed the regex group definition I could then import into the labels block. If anyone else comes by with similar struggles here is my current config file for these logs.
// /////////////
// LOGS
// /////////////
// Define which log files to collect for remote_host_logs
local.file_match "remote_host_logs" {
path_targets = [{
__address__ = "localhost",
__path__ = "/var/log/external_logs/*.log",
instance = constants.hostname,
job = "omada_controller_logs",
}]
}
// Collect logs from files for remote_host_logs
loki.source.file "remote_host_logs" {
targets = local.file_match.remote_host_logs.targets
forward_to = [loki.process.remote_host_logs_relabels.receiver]
}
// Processing pipeline for remote host logs
loki.process "remote_host_logs_relabels" {
// Extract all leading fields and the full message ---
stage.regex {
expression = "^(?P<log_timestamp_full>\\S+)[[:space:]]+(?P<hostname>\\S+)[[:space:]]+\\s*(?P<internal_event_timestamp>\\S+[[:space:]]+\\S+)\\s*[[:space:]]+(?P<controller_source>.*?)[[:space:]]+-[[:space:]]+-[[:space:]]+-[[:space:]]+(?P<message>.*)"
}
// Assign all captured and extracted fields as labels ---
stage.labels {
values = {
log_timestamp_full = "log_timestamp_full",
hostname = "hostname",
internal_event_timestamp = "internal_event_timestamp",
controller_source = "controller_source",
message = "message",
operation = "operation",
details = "details",
}
}
// Forward the processed logs to the Loki write component
forward_to = [loki.write.to_loki.receiver]
}