Hello,
I’ve been trying to setup an ingress-nginx logs parser using docker_log input to gather the logs. I can insert logs into influxdb but now i want to use the processor.parser to parse the nginx-ingress logs, but i can’t. I’ve this configuration but it doens’t seem to be working as its not parsing the logs to the fields.
Can someone let me know if i’m doing something wrong.
[[inputs.docker_log]]
container_name_include = [
“k8s_nginx-ingress-*”
]
endpoint = “unix:///var/run/docker.sock”
timeout = “5s”
[[inputs.system]]
[[inputs.mem]]
[[inputs.swap]]
[[processors.parser]]
data_format = “grok”
grok_patterns = [
“%{IPORHOST:client_ip} - [%{IPORHOST:x_forwarded_for}] - %{DATA:client_identity} [%{HTTPDATE:timestamp}] “(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|-)” %{NUMBER:response} (?:%{NUMBER:bytes_sent;long}|
-) (?:”(?:%{URI:referrer}|-)") %{QS:user_agent} %{NUMBER:request_length;long} %{NUMBER:response_time;double} %{DATA:upstream_proxy} %{NUMBER:upstream_bytes_sent;long} %{NUMBER:upstream_response_time} %{NUMBER:upstream_response}"
]
merge = “override”
namepass = [
“docker_log”
]
parse_fields = [
“message”
]
