Problem with the input.tail plugin

Hello,

To explain, I need to get the logs of several routers and add them in influxDB for display on Grafana.

Here is my configuration file for one router:

[agent]
interval = "60s"

[[inputs.ping]]
  urls = ["fqdn of my routeur"]
  count = 5
  tag_keys = ["host"]

    [inputs.ping.tags]
	routeurname = "airwan-lab"

[[inputs.snmp]]
  agents = ["same fqdn"]
  version = 2
  timeout = "20s"
  retries = 5

  community = "public"

  [[inputs.snmp.field]]
    oid = "SNMPv2-MIB::sysDescr.0"
    name = "serial"

  [[inputs.snmp.field]]
    oid = "IP-MIB::ipAdEntAddr"
    name = "ipAddress"

  [[inputs.snmp.field]]
    oid = "HOST-RESOURCES-MIB::hrSystemUptime.0"
    name = "macAddress"

  [[inputs.snmp.field]]
    oid = "HOST-RESOURCES-MIB::hrSystemUptime.0"
    name = "uptime"

  logfile = "/var/log/telegraf/telegraf.log"

  [inputs.snmp.tags]
    routeurname = "airwan-lab"

 [[inputs.tail]]
   files = ["/var/log/rsyslog/ACKSYS.log"]
   data_format = "grok"
   grok_patterns = ["%{SYSLOGTIMESTAMP:syslog_timestamp} %{LOGLEVEL:log-level} %{WORD:facility} %{SYSLOGHOST:syslog_hostname} %{GREEDYDATA:syslog_message}"]
  grok_timezone = "Europe/Paris"
  [inputs.tail.tags]
    routeurname = "airwan-lab"

But unfortunately the logs don’t arrive in InfluxDB. I have almost the same file for another router and this one works fine.

Here is what I get when I test the config:

root@RUT955-9477:/etc/telegraf/telegraf.d# telegraf --config AIRWAN-21142025.conf --test
2022-10-20T22:47:56Z I! Starting Telegraf 1.24.2
2022-10-20T22:47:56Z I! Available plugins: 222 inputs, 9 aggregators, 26 processors, 20 parsers, 57 outputs
2022-10-20T22:47:56Z I! Loaded inputs: ping snmp tail
2022-10-20T22:47:56Z I! Loaded aggregators:
2022-10-20T22:47:56Z I! Loaded processors:
2022-10-20T22:47:56Z W! Outputs are not used in testing mode!
2022-10-20T22:47:56Z I! Tags enabled: host=RUT955-9477
> snmp,agent_host=monrouteuracksys.duckdns.org,host=RUT955-9477,routeurname=airwan-lab macAddress=11087963i,serial="AirWan/17_E2148.AC.1_4.16.11.1_UT3L",uptime=11087969i 1666306077000000000
> tail,host=RUT955-9477,path=/var/log/rsyslog/ACKSYS.log,routeurname=airwan-lab facility="daemon",log-level="warning",syslog_hostname="ACKSYS-21142025",syslog_message="dnsmasq[28071]: :  no servers found in /tmp/resolv.conf.auto, will retry",syslog_timestamp="Oct 21 00:47:57" 1666306077556695953
> tail,host=RUT955-9477,path=/var/log/rsyslog/ACKSYS.log,routeurname=airwan-lab facility="daemon",log-level="warning",syslog_hostname="ACKSYS-21142025",syslog_message="dnsmasq[28830]: :  no servers found in /tmp/resolv.conf.auto, will retry",syslog_timestamp="Oct 21 00:47:57" 1666306077869385642
> ping,host=RUT955-9477,routeurname=airwan-lab,url=monrouteuracksys.duckdns.org average_response_ms=45.072,maximum_response_ms=55.74,minimum_response_ms=39.436,packets_received=5i,packets_transmitted=5i,percent_packet_loss=0,result_code=0i,standard_deviation_ms=5.708,ttl=53i 1666306081000000000

Do you see a mistake?

Thanks to you!

Hi,

You are saying that the tail metrics, that print during a test are not showing up in InfluxDB? Do any of the other metrics show up?

Have you run with debug mode to see if your telegraf logs show it sending messages sucessfully?

Hello,

thank you very much, it was a problem with access to the log file …

Now I have a problem with the display of the logs retrieved by Telegraf from Grafana.

I have one line per field, is it possible to have a complete log per line?

Thanking you.

Rémy.

With MySQL as datasource I can get this result: