Here is my configuration for promtail config file
This is my regex expression:
"^(?P<ip_address>\\S+) (\\S+) (\\S+) \\[(?P<date>.*)\\] \"(?P<method>\\S+) (?P<url>\\S+) HTTP/(?P<http_version>\\d+\\.\\d+)\" (?P<status>\\d+) (?P<response_time>\\d+|-)"
Here is a log that i am ingesting:
66.249.93.198 - - [03/Jun/2020:09:15:19 +0800] "GET /en/mobile-app.html HTTP/1.1" 301 260
I have parsed everything but the timestamp doesn’t seem to work as shown by the Time field
I really don’t know what I am doing wrong. I am grateful for any help
I found that Grafana Loki has a huge delay on displaying logs with custom timestamp if the custom timestamp is older than 2 hours from “now”.
So just wait like 3 hours then check again in the UI. If it didn’t work you can restart Loki and wait another 3 hours.
I am running Grafana Enterprise, Loki & Promtail in Ubuntu 18 Virtual Machine.
You can do dry run as below to verify the promtail config is parsing the labels & timestamp properly. Make sure you are in same dir as promtail-linux-amd64 when running that, and promtail is set to scrape /sample.log.
cat /sample.log | ./promtail-linux-amd64 -config.file=promtail-local-config.yaml --stdin --dry-run
