Question with telegraf analysis logs file

Hi Guys

question for telegraf with window. try analysis log file of one application and send data to influxdb. but met some question.

first I config telegraf and copy logs from source PC( Windows server 2012 R2 Datacenter) to test PC( Windows 10), run telegraf on test PC, can send metric data to influxdb. In influxdb, I can view raw data by ‘Query Builder’.

and then, I copy telegraf config file to source PC, and keep telegraf same version, clean history data in influxdb. I ran telegraf on source PC. I check data found field was created on influxdb, but when I check data by ‘Query Builder’, got ‘No Result’.
I don’t know what happen, and how to check these data, how to fix this issue. have no any idea, please help, thanks

image1346×674 95.2 KB

ok so this sounds like telegraf successfully can parse the metrics.

I check data found field was created on influxdb, but when I check data by ‘Query Builder’, got ‘No Result’.

To get an idea of what might have gone wrong you will need to look at the telegraf logs! It will either show some sort of error about reading or parsing the logs. Or it will say it sent metrics successfully.

just wounder, startup again on source pc, can view raw data. but hours later, can not view data again. check logs, found error
influxdb | ts=2023-07-07T06:26:02.063951Z lvl=warn msg="internal error not returned to client" log_id=0ifj0CJl000 handler=error_logger error="context canceled

This error is reported by influxdb as something timed out and resulted in a context cancelling. Without additionally context I am not sure what is going on.

Some things to consider:

• are you hosting influxdb on a small system?
• does the system have enough resources?

Hi jpowers,

debug on with telegraf, check telegraf log,found some things.
contents from telegraf log:

2023-07-07T18:03:01+08:00 D! [parsers.grok::tail] Grok no match found for: "[2023:07:07 18:02:58][DEBUG]出口通道号16,发送系统时间2023年07月07日"
2023-07-07T18:03:01+08:00 D! [parsers.grok::tail] Grok no match found for: "[2023:07:07 18:02:58][ERROR]通道号[2],IP[172.16.60.11]登陆成功后不能通讯"
2023-07-07T18:03:06+08:00 D! [outputs.influxdb_v2] Wrote batch of 4 metrics in 1.0002ms
2023-07-07T18:03:06+08:00 D! [outputs.influxdb_v2] Buffer fullness: 0 / 10000 metrics
2023-07-07T18:03:16+08:00 D! [outputs.influxdb_v2] Buffer fullness: 0 / 10000 metrics
2023-07-07T18:03:26+08:00 D! [outputs.influxdb_v2] Buffer fullness: 0 / 10000 metrics
2023-07-07T18:03:36+08:00 D! [outputs.influxdb_v2] Buffer fullness: 0 / 10000 metrics
2023-07-07T18:03:46+08:00 D! [outputs.influxdb_v2] Buffer fullness: 0 / 10000 metrics
2023-07-07T18:03:56+08:00 D! [outputs.influxdb_v2] Buffer fullness: 0 / 10000 metrics

content from handling log (source log)

[2023:07:07 18:02:58][DEBUG]出口通道号16,发送系统时间2023年07月07日
[2023:07:07 18:02:58][INFO]出场场上报请求信息{"ParkCode":"510105037","VehicleNo":"GJ9L91","EventTime":"2023-07-07 18:02:20","StartTime":"2023-07-07 12:59:39","PaymentMoney":14.0,"TotalMoney":14.0,"DeductionMoney":0.0,"IsAutoPay":false,"CouponName":"","CouponMoney":0.0,"OperateCount":1738,"Qn":"2307071802200000008","BookingCode":"","ConsumeType":1,"PayType":2,"ChannelNo":8,"ChannelName":"3号楼出口2","CarImageID":"2307071802200000008","ISETCPay":false,"ETCPaymentMoney":0.0}
[2023:07:07 18:02:58][ERROR]通道号[2],IP[172.16.60.11]登陆成功后不能通讯
[2023:07:07 18:02:58][ERROR]通道号[4],IP[172.16.60.13]登陆成功后不能通讯
[2023:07:07 18:02:58][ERROR]通道号[1],IP[172.16.60.10]一体机重连不能通讯
[2023:07:07 18:02:58][ERROR]通道号[13],IP[10.18.212.12]一体机重连不能通讯
[2023:07:07 18:02:58][ERROR]通道号[11],IP[10.18.212.10]一体机重连不能通讯
[2023:07:07 18:02:58][ERROR]通道号[3],IP[172.16.60.12]一体机重连不能通讯
[2023:07:07 18:03:00][ERROR]通道号[2],IP[172.16.60.11]登陆成功后不能通讯

question: from telegraf log, can saw last telegraf grok’s information [2023:07:07 18:02:58][ERROR]通道号[2],IP[172.16.60.11]登陆成功后不能通讯 at 18:03:06+08:00, and then telegraf did not grok new message from source log.
check source log, can saw new message still coming. why?