Hello there,
I’m trying to use the Log Viewer from Chronograph to view my custom app logs.
I’m aware that the datas sent to InfluxDb needs to be in syslog format to be shown in the UI.
The logs are written in a specific parsable format by our Laravel app, and look like this :
syslog,appname=Laravel,facility=local,host=myserver,hostname=myserver.domain.tld,severity=ERROR,facility_code=1,message=" - Log automatically generated by artisan command - RND/5438",procid=8164,severity_code=0,timestamp=1552407620.135900010,version=1
syslog,appname=Laravel,facility=local,host=myserver,hostname=myserver.domain.tld,severity=WARNING,facility_code=1,message=" - Log automatically generated by artisan command - RND/7010",procid=8164,severity_code=0,timestamp=1552407620.135900020,version=1
syslog,appname=Laravel,facility=local,host=myserver,hostname=myserver.domain.tld,severity=NOTICE,facility_code=1,message=" - Log automatically generated by artisan command - RND/3720",procid=8164,severity_code=0,timestamp=1552407620.135900030,version=1
syslog,appname=Laravel,facility=local,host=myserver,hostname=myserver.domain.tld,severity=INFO,facility_code=1,message=" - Log automatically generated by artisan command - RND/7325",procid=8164,severity_code=0,timestamp=1552407620.135900040,version=1
syslog,appname=Laravel,facility=local,host=myserver,hostname=myserver.domain.tld,severity=DEBUG,facility_code=1,message=" - Log automatically generated by artisan command - RND/6260",procid=8164,severity_code=0,timestamp=1552407620.135900050,version=1
These logs are parsed by Telegraf, thanks to this configuration :
[[inputs.logparser]]
files = [ "/path/to/my/log/file.log" ]
from_beginning = false
[inputs.logparser.grok]
patterns = [ '%{CHANNEL},appname=%{APPNAME},facility=%{FACILITY},host=%{HOST},hostname=%{HOST_NAME},severity=%{SEVERITY},facility_code=%{FACILITY_CODE},message="%{MESSAGE}",procid=%{PROCID},severity_code=%{SEVERITY_CODE},timestamp=%{TSTAMP},version=%{VERSION}' ]
measurement = "syslog"
custom_patterns = '''
APPNAME %{DATA:appname}
CHANNEL %{DATA:channel}
FACILITY %{DATA:facility}
FACILITY_CODE %{NUMBER:facility_code}
HOST %{DATA:host}
HOST_NAME %{DATA:hostname}
MESSAGE %{DATA:message}
PROCID %{DATA:procid}
SEVERITY %{DATA:severity}
SEVERITY_CODE %{NUMBER:severity_code}
TSTAMP %{DATA:timestamp:ts-epoch}
VERSION %{NUMBER:version}
'''
timezone = "Europe/Paris"
When I load some new lines into my log file, I see them processed in the telegraf logs and no errors showing.
When I check datas sent to InfluxDb, into “telegraf.syslog” measurement set I see this :
> select time,appname,channel,facility,message,procid,severity,severity_code,timestamp,version from syslog
name: syslog
time appname channel facility message procid severity severity_code timestamp version
---- ------- ------- -------- ------- ------ -------- ------------- --------- -------
1552409073203600000 Laravel syslog local - Log automatically generated by artisan command - RND/9846 9512 EMERGENCY 0 1
1552409073203600001 Laravel syslog local - Log automatically generated by artisan command - RND/2824 9512 ALERT 0 1
1552409073203600002 Laravel syslog local - Log automatically generated by artisan command - RND/5117 9512 CRITICAL 0 1
1552409073203600003 Laravel syslog local - Log automatically generated by artisan command - RND/6222 9512 ERROR 0 1
1552409073203600004 Laravel syslog local - Log automatically generated by artisan command - RND/1447 9512 WARNING 0 1
1552409073203600005 Laravel syslog local - Log automatically generated by artisan command - RND/192 9512 NOTICE 0 1
1552409073203600006 Laravel syslog local - Log automatically generated by artisan command - RND/8061 9512 INFO 0 1
1552409073203600007 Laravel syslog local - Log automatically generated by artisan command - RND/7288 9512 DEBUG 0 1
The timestamp column is empty.
I can see those lines in Chronograf’s Log Viewer with “Timestamp” set to “1970-01-01 01:00:00”.
Can you tell me what I am doing wrong ? Struggling with this since this morning, I’ve tried many formats implemented (timestamp) but none worked.
Original inspiration : Writing Logs Directly to InfluxDB - DZone
Documentation used for Grok : docs.influxdata.com-ARCHIVE/grok.md at master · influxdata/docs.influxdata.com-ARCHIVE · GitHub
Thanks in advance for your help