Skip to content

Commit e50b0c1

Browse files
adrianlztglinton
adrianlzt
authored and
glinton
committed
Document how to parse telegraf logs (#4285)
1 parent 027016a commit e50b0c1

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

plugins/inputs/logparser/README.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,48 @@ A multi-line literal string allows us to encode the pattern:
220220
custom_patterns = 'UNICODE_ESCAPE (?:\\u[0-9A-F]{4})+'
221221
```
222222

223+
#### Parsing Telegraf log file
224+
We can use logparser to convert the log lines generated by Telegraf in metrics.
225+
226+
To do this we need to configure Telegraf to write logs to a file.
227+
This could be done using the ``agent.logfile`` parameter or configuring syslog.
228+
```toml
229+
[agent]
230+
logfile = "/var/log/telegraf/telegraf.log"
231+
```
232+
233+
Logparser configuration:
234+
```toml
235+
[[inputs.logparser]]
236+
files = ["/var/log/telegraf/telegraf.log"]
237+
238+
[inputs.logparser.grok]
239+
measurement = "telegraf_log"
240+
patterns = ['^%{TIMESTAMP_ISO8601:timestamp:ts-rfc3339} %{TELEGRAF_LOG_LEVEL:level:tag}! %{GREEDYDATA:msg}']
241+
custom_patterns = '''
242+
TELEGRAF_LOG_LEVEL (?:[DIWE]+)
243+
'''
244+
```
245+
246+
Example log lines:
247+
```
248+
2018-06-14T06:41:35Z I! Starting Telegraf v1.6.4
249+
2018-06-14T06:41:35Z I! Agent Config: Interval:3s, Quiet:false, Hostname:"archer", Flush Interval:3s
250+
2018-02-20T22:39:20Z E! Error in plugin [inputs.docker]: took longer to collect than collection interval (10s)
251+
2018-06-01T10:34:05Z W! Skipping a scheduled flush because there is already a flush ongoing.
252+
2018-06-14T07:33:33Z D! Output [file] buffer fullness: 0 / 10000 metrics.
253+
```
254+
255+
Generated metrics:
256+
```
257+
telegraf_log,host=somehostname,level=I msg="Starting Telegraf v1.6.4" 1528958495000000000
258+
telegraf_log,host=somehostname,level=I msg="Agent Config: Interval:3s, Quiet:false, Hostname:\"somehostname\", Flush Interval:3s" 1528958495001000000
259+
telegraf_log,host=somehostname,level=E msg="Error in plugin [inputs.docker]: took longer to collect than collection interval (10s)" 1519166360000000000
260+
telegraf_log,host=somehostname,level=W msg="Skipping a scheduled flush because there is already a flush ongoing." 1527849245000000000
261+
telegraf_log,host=somehostname,level=D msg="Output [file] buffer fullness: 0 / 10000 metrics." 1528961613000000000
262+
```
263+
264+
223265
### Tips for creating patterns
224266

225267
Writing complex patterns can be difficult, here is some advice for writing a

0 commit comments

Comments
 (0)