Telegraf parsing logstash-style “grok” patterns

Telegraf parsing logstash-style “grok” patterns

I have been trying to ingest data into influx from a log file. The structure is as follows
20171130-22:02:21.832 : something data work now
20171230-22:02:22.843 : something data2
20171231-22:02:23.232 : something data3

I have used this pattern
[inputs.logparser.grok]
#patterns = [‘%{ts-“20060102-15:04:05.999”:timestamp}%{GREEDYDATA:random_data}’]
patterns = [‘(?\d{8}-\d{2}:\d{2}:\d{2}\.\d+)\s*:\s*%{GREEDYDATA:random_data}’]

Can I get help regarding formulating the pattern ?

Solutions/Answers:

Solution 1:

You may use

(?<timestamp>\d{8}-\d{2}:\d{2}:\d{2}\.\d+)\s*:\s*%{GREEDYDATA:random_data}

Details

  • (?<timestamp>\d{8}-\d{2}:\d{2}:\d{2}\.\d+)timestamp field pattern:
    • \d{8} – 9 digits
    • - – a hyphen
    • \d{2}:\d{2}:\d{2} – 2 digits, :, 2 digits, : and 2 digits
    • \.\d+ – a dot and 1+ digits
  • \s*:\s*: enclosed with 0+ whitespace chars
  • %{GREEDYDATA:random_data} – a .*, anything up to the end of the line

References

Related:  Graphing CPU Usage % on Grafana using influxDB data from Telegraf