mtail规则
mtail.toml
[[instances]]
progs = "/data/test/logs" ##指定日志过滤规则目录 以xxx.mtail结尾的配置文件
logs = ["/data/test/logs/test1.logs", "/data/test/logs/test2.logs"] #指定mtail要读取的日志
#override_timezone = "Asia/Shanghai" #指定时区
emit_metric_timestamp = "true" #metrics是否带时间戳,注意,这里是"true"
日志内容
2023-04-08 10:30:25.123 [ERROR] [User Management Module] [User Registration] User name cannot be empty
2023-04-08 10:30:25.123 [ERROR] [User Management Module] [User Registration] Failed to authenticate user due to invalid credentials.
2023-04-08 10:30:25.123 [ERROR] [User Management Module] [User Registration] Unable to send email. Please check your email server configuration
2023-04-09 11:30:25.123 [ERROR] [User Management Module] [User Registration] testUser name cannot be empty
2023-04-09 12:30:25.123 [ERROR] [User Management Module] [User Registration] User name cannot be empty
mtail具体规则
counter ceshi by module, severity, msg
/^/ +
/\d+-\d+-\d+ \d+:\d+:\d+.\d+ / +
/\[ERROR\] / +
/\[(?P<module>.+)\] / +
/\[(?P<severity>.+)\] / +
/(?P<msg>.+)/ +
/$/ {
ceshi[$module][$severity][$msg]++
}
categraf重启后日志
2023/04/12 15:19:16 agent.go:39: I! agent starting
2023/04/12 15:19:16 metrics_agent.go:155: E! input: local.arp_packet not supported
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.conntrack started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.cpu started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.disk started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.diskio started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.greenplum started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.ipvs started
2023/04/12 15:19:16 metrics_agent.go:155: E! input: local.jolokia_agent_kafka not supported
2023/04/12 15:19:16 metrics_agent.go:155: E! input: local.jolokia_agent_misc not supported
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.kernel started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.kernel_vmstat started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.linux_sysctl_fs started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.mem started
2023/04/12 15:19:16 runtime.go:84: unmarking test.mtailbak
2023/04/12 15:19:16 runtime.go:84: unmarking test1.logs
2023/04/12 15:19:16 runtime.go:188: Loaded program test1.mtail
2023/04/12 15:19:16 runtime.go:84: unmarking test1.mtail
2023/04/12 15:19:16 runtime.go:84: unmarking test2.logs
2023/04/12 15:19:16 runtime.go:84: unmarking test3.logs
2023/04/12 15:19:16 tail.go:288: Tailing /data/test/logs/test2.logs
2023/04/12 15:19:16 tail.go:288: Tailing /data/test/logs/test1.logs
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.mtail started
2023/04/12 15:19:16 store.go:189: Starting metric store expiry loop every 1h0m0s
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.net started
2023/04/12 15:19:16 metrics_agent.go:209: I! input: local.netstat started
时序指标: