Noor

Thu, 05 Oct 2023 20:09:12 UTC

Hello I am testing this we are getting very close I had few demo and POC is done looks good but we are testing regex to parse are logs. 2023/10/05 20:03:55 application run finished with error: failed to get config: cannot unmarshal the configuration: 1 error(s) decoding: * error decoding 'receivers': error reading configuration for "filelog": 1 error(s) decoding: * error decoding 'operators[0]': unmarshal to regex_parser: 1 error(s) decoding: * error decoding 'timestamp': 1 error(s) decoding: * error decoding 'parse_from': unrecognized prefix

Noor

Thu, 05 Oct 2023 20:10:15 UTC

I currently using this setup receivers: filelog: include: [ /tmp/startServer.log ] start_at: beginning operators: - type: regex_parser regex: (?:).\d+\D+\d+\D+\d+\D+\d\S+\W+\+?\w+\w+\w+(?P<body>.*) timestamp: parse_from: attribute.time layout: '%q-%d-%y-%H-%M-%S-%L-%Z-%S' tcplog/docker: listen_address: "0.0.0.0:2255" operators: - type: regex_parser regex: '^\[(?P<time>\d+\/\d+\/\d+ \d{2}:\d+:\d{2}:\d{3} UTC)\](?P<body>.*)' timestamp: parse_from: attributes.timestamp layout: '%Y-%m-%dT%H:%M:%S.%LZ' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor

Tue, 10 Oct 2023 17:58:26 UTC

Now I am getting this error 2023/10/10 17:56:59 application run finished with error: failed to build pipelines: failed to create "filelog" receiver for data type "logs": compiling regex: error parsing regexp: invalid or unsupported Perl syntax: `(?'`

Noor

Tue, 10 Oct 2023 17:59:32 UTC

Where is this getting from first operator or second operator current config on my local host receivers: filelog: include: [ /tmp/startServer.log ] start_at: beginning operators: - type: regex_parser regex: (\S+\d+\D+)(\S+\d+\d+)([a-zA-Z]\D+\W+\S+)+([a-z]+\W+\S+\D+)(?P<body>.*)(?'timestamp'\S+)|$ timestamp: parse_from: attributes.timestamp_field layout: '%Y-%m-%d,%H:%M:%S %z' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp tcplog/docker: listen_address: "0.0.0.0:2255" operators: - type: regex_parser regex: '^\[(?P<time>\d+\/\d+\/\d+ \d{2}:\d+:\d{2}:\d{3} UTC)\](?P<body>.*)' timestamp: parse_from: attributes.timestamp layout: '%Y-%m-%dT%H:%M:%S.%LZ' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor

Thu, 12 Oct 2023 17:53:13 UTC

I am need to know why it is not working with this config now operators: line 5, 6,7,8 and 10 2023/10/12 17:44:32 application run finished with error: failed to get config: cannot resolve the configuration: cannot retrieve the configuration: yaml: line 10: mapping values are not allowed in this context - type: regex_parser regex: '(\S+\d+\D+)(S\+\d+\d+)[0-9]\D+\W+\S+([a-z]+\W+\S+\D+)(?P<bod>.*)>.*|(?P<timestamp>\S+)|.parseTimestamp(field=timestamp)' timestamp: parse_from: attributes.timestamp layout: '%Y-%m-%dT%H:%M:%S.%LZ' - type: move from: attributes["body"] to: body - type: remove field: attributes.timestamp

Noor

Thu, 12 Oct 2023 20:01:24 UTC

I just used this tool to check my yaml config it looks good using this tool

Noor

Thu, 12 Oct 2023 20:09:59 UTC

Since it was driving me crazy I used second tool to validate the whole yamal config file it shows to be clean.

Issue with regex_parser Configuration in yaml

Noor

Noor

Noor

Noor

Noor

Noor

Noor

SigNoz Community

Similar Threads