Hello,
I’m looking for a way tail a log file (Linux + Win) and catch a string pattern or a regex,
then send a notification on it.
I have found some data about input.tail plugin but I’m still not sure how to make it work.
Thank you
Nati
Hello,
I’m looking for a way tail a log file (Linux + Win) and catch a string pattern or a regex,
then send a notification on it.
I have found some data about input.tail plugin but I’m still not sure how to make it work.
Thank you
Nati
Hello @natim,
Here are some resources/steps that might be helpful to you:
telegraf -sample-config -input-filter file -output-filter influxdb > file.conf
## Data format to consume.
data_format = "<your format>"
You can select from the following formats:
4. Finish altering your conifg as needed.
5. Debugging: Use the --test
flag gather metrics once and print them. Like telegraf --config $pwd/file.conf --test
. Also include in the agent part of your config debug=true
.
Thank you @Anaisdg!
Where can I configure a specific string I want to catch in the log.
Let’s say I want to alert every time there is a row with a string like: “ERROR: ” in /var/log/messages.
Can I do it in influxDB? Telegraf? Do I need to go through a script to grep this string?
Thank you!
Nati
Hello @natim,
I believe you can do this with multiline:
[inputs.tail.multiline]
pattern = “^%{ERROR}”
#[inputs.tail.multiline]
## The pattern should be a regexp which matches what you believe to be an indicator that the field is part of an event consisting of multiple lines of log data.
#pattern = “^\s”
## The field’s value must be previous or next and indicates the relation to the
## multi-line event.
#match_which_line = “previous”
## The invert_match can be true or false (defaults to false).
## If true, a message not matching the pattern will constitute a match of the multiline filter and the what will be applied. (vice-versa is also true)
#invert_match = false
#After the specified timeout, this plugin sends the multiline event even if no new pattern is found to start a new event. The default is 5s.
#timeout = 5s
I’m also assuming you’ll probably want to use grok to parse the logs?