Syslog - Parsing Message

Si-Richards · August 13, 2020, 12:55pm

Using Rsyslog and TICK to ingest Payara Server Logs. The format is ODL : Oracle Diagnostic Log Format ( Log Working Group in Oracle)

Example

[2 019-01-18T13:10:02.420+0100] [Payara 5.184] [INFO] [NCLS-LOGGING-00009] [javax.enterprise.logging] [tid: _ThreadID=31 _ThreadName=RunLevelControllerThread-1547813402253] [timeMillis: 1547813402420] [levelValue: 800] [[ Running Payara Version: Payara Server 5.184.1 #badassfish (build 90)]]

I am looking to count up WARNING or ERROR message and wondered how best to achieve this?
Via a template and Regex or some other way?

Nirvana would be to have a dashboard widget with errors and warnings counter from x time period.

Anaisdg · August 21, 2020, 8:05pm

Hello. @Si-Richards,
I’m not sure how to do this with the TICK stack, but if you’re open to using 2.0, then I can recommend these blogs:

Basically you could create a task that counts the number of WARNING or ERROR messages.

Thanks!

Si-Richards · September 7, 2020, 11:07am

Hi Anais,

I’ve used your suggestion and its working well.
So much so that i am now using the same setup to ingest Fail2ban logs so that IPs can be centrally checked as the Telegraf input doesnt list them (unless i missed something obvious).

So everything is good !!

system · September 7, 2020, 12:08pm

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Telegraf tail - Alerting on log level Telegraf tail , logging	2	663	May 23, 2022
Influx 2.7 Checks fail Checks & Notifications checks	1	402	May 20, 2023
Telegraf Configuration File in Linux server for oracle log file Telegraf influxdb , telegraf	0	1357	November 7, 2019
Log parsing and alerting in kapacitor influxdb , kapacitor	2	849	July 16, 2020
Alerts "check" for aggregated data (count) InfluxDB 2	1	517	December 5, 2021

Syslog - Parsing Message

Related topics