I am trying to use telegraf tail plugin to read log files and expose that on a port and prometheus to read from there.
However when I execute the conf file I do not see any of the log data rather see a generic output as attached in image1.Below is the conf file I am using.
Please help me understand where am I missing.
P.S:grok debugger and the TOML syntax are verified in the online tools.
[[inputs.tail]]
## file(s) to tail:
files = ["/home/test.log"]
from_beginning = true
#name of the "Metric" (which I want to see in prometheus)
name_override = "test"
grok_patterns = ["%{CUSTOM_LOG}"]
grok_custom_patterns = '''
CUSTOM_LOG %{DATE:date} %{TIME:time} %{WORD:level} \[org.%{DATA.org}\] %{GREEDYDATA:message}
'''
data_format = "grok"
[[outputs.prometheus_client]]
## Address to listen on.
listen = ":9001"
metric_version = 2
## Path to publish the metrics on.
path = "/metrics"
#[outputs.prometheus_client.tagpass]
Thank you for the response.
I tried your suggestion.However the debug.out is empty file.
I also tried the custom pattern with %{GREEDYDATA} alone hoping log file to be read irrespective of the pattern.
That didn’t work either.
The grok pattern works with
grok_custom_patterns = ‘’’
CUSTOM_LOG %{TIMESTAMP_ISO8601:logdate}
‘’’
Testing with debug.out passes the data.(debug.out contains the parsed log)
But when I use the prometheus output there are no metrics on port.
[[outputs.prometheus_client]]
2021-07-19 16:45:02,556 INFO [org.apache.activemq.artemis.core.server.plugin.impl] AMQ841000: created connection: RemotingConnectionImpl
2021-07-19 16:45:02,557 INFO [org.apache.activemq.artemis.core.server.plugin.impl] AMQ841001: destroyed connection: RemotingConnectionImpl
2021-07-19 16:45:02,557 WARN [org.apache.activemq.artemis.core.client] AMQ212037: Connection failure to /11.11.111.11:9999 has been detected: readAddress(..) failed: Connection reset by peer [code=GENERIC_EXCEPTION]
The goal is to pick the WARNING logs and send them to prometheus as a metric.
[[inputs.tail]]
files = ["prometheus.input"]
from_beginning = true
name_override = "prometheus"
grok_patterns = ['%{TIMESTAMP_ISO8601:timestamp:ts-"2006-01-02 15:04:05.000"} %{LOGLEVEL:level} \[%{DATA:url:string}\] AMQ%{NUMBER:amq:int}: %{GREEDYDATA:message}']
grok_timezone = "UTC" # or "Local"
data_format = "grok"
tagexclude = ["path"] # we dont need the file path as tag?
[[processors.converter]] # convert log level to tag
[processors.converter.fields]
tag = ["level"]
[[outputs.prometheus_client]]
# visit http://localhost:9001/metrics
listen = ":9001"
metric_version = 2
path = "/metrics"
[outputs.prometheus_client.tagpass] # only pass points with certain tag values
level = ["WARN", "ERROR", "CRITICAL"] # adjust the logging keywords if necessary
[[outputs.file]] # file output only for debugging
files = ["prometheus.out"]
influx_sort_fields = true
Besides, i am not a monitoring expert, but I think Prometheus may not be the best tool here, as it is designed more for metrics and less for logging messages.
Thank you for the code @Franky1 .
I executed this and the output on http://localhost:9001/metrics is stating amq as untyped.(Attached output image)
I also tried changing the tag from “level” to “amq” and passing the tag for " amq " like below,
[outputs.prometheus_client.tagpass] # only pass points with certain tag values
amq = ["212037"] type or paste code here
However this amq filter does not give any output in http://localhost:9001/metrics and reading all the log lines to prometheus.out.
Is there a way where I can use amq as a filter and send it to prometheus.
I did try “amq” as float than int & that also seems not working.
Note:telegraf version is 1.14.0.
