Raw UDP packet parse

Hi! I am new to Telegraf. I have a machine sending UDP packets and am therefore looking at the inputs.socket_listener plugin.
I need a way to parse the packet, which is basically just a bunch of bytes which represents the values of the tags from the machine. One value, depending on type, could be one bit or up to four bytes. I have a the list of tags so I need a way to pick out byte by byte and build up the tag in a format which telegraf understands, possibly a flux query?

The stdout from telegraf when recieving a packet looks like this:
2023-08-10T07:35:37Z E! [inputs.socket_listener] Error in plugin: unable to parse incoming packet: metric parse error: expected tag at 1:5: “\x01,\x00\x00\t9?\x80\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\a\x01E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00E\x13\x80\x00\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8\t8”

Does that packet include a value you want to store as well?

I think what I would try to do is store the entire byte packet as a string using the value parser, then use starlark to do the logic and processing you need.

The packet contains many values. Often around 1000 The first few bytes tell something about which machine this comes from and some status values. The next bytes are often booleans, bit by bit and then floating values and integers. I have list of the order of all these values and I want to pick them out and append the tagname in some way and pass this on to the next process in telegraf.

I looked a little on the Binary parser plugin. Can this be used? If not I will try starlark

You might try it, but honestly based on the number of values and parsing you need to do I would suggest instead writing your own little bit of software to parse it however you want and then if you still want to use telegraf and have telegraf use thee exec or execd input plugins to revive data from it.

I will maybe try to write my own parser.

However I have tested with the binary format, and it somehow works… Problem is that the endianness does not… If I put it in I get the message:
plugin inputs.socket_listener: line 11314: configuration specified the fields [“endianness”], but they weren’t used

Here is my config:
[[inputs.socket_listener]]
service_address = “udp://:50300”
data_format = “binary”
#endianness = “be”

[[inputs.socket_listener.binary]]
metric_name = “test”
#endianness = “be”
entries = [
#{ bits = 32, omit = true },
{ name = “scemaID”, type=“int16”},
]

And this is the output:
test,host=PC-5CG2205RZH scemaID=11265i 1691681243387861400
test,host=PC-5CG2205RZH scemaID=11265i 1691681244388120500
test,host=PC-5CG2205RZH scemaID=11265i 1691681245386257800
test,host=PC-5CG2205RZH scemaID=11265i 1691681246380400000

The schemaID should be 300

Looks like it is expecting endianess

@srebhan we both spelled it wrong

I changed to endianess, and it worked. I managed to parse a limited packet using the binary parser. The test-code here: (https://github.com/influxdata/telegraf/tree/master/plugins/parsers/binary/testcases/multiple_messages) helped me a lot. I still might need to make something custom since I want to add a tag with a description to each value inside a measurement.