-
Notifications
You must be signed in to change notification settings - Fork 18
/
json.river
74 lines (62 loc) · 2.51 KB
/
json.river
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
/*
Module: log-format-json
Description: Log Processing for Generic JSON
*/
argument "forward_to" {
// comment = "Must be a list(LogsReceiver) where collected logs should be forwarded to"
optional = false
}
export "process" {
value = loki.process.log_format_json
}
loki.process "log_format_json" {
forward_to = argument.forward_to.value
// check logs.agent.grafana.com/log-format annotation, if the log_type is empty the line hasn't been processed, if it contains json and the line matches the format, then process the line as json
stage.match {
pipeline_name = "pipeline for annotation || logs.agent.grafana.com/log-format: json"
selector = "{log_type=\"\", logs_agent_grafana_com_log_format=~\"(?i).*((generic-?)?json).*\"} |~ \"^\\\\s*\\\\{.+\\\\}\\\\s*$\""
// set the log_type
stage.static_labels{
values = {
log_type = "json",
}
}
// extract the level
stage.json {
expressions = {
level = "level || lvl || loglevel || LogLevel || log_level || logLevel || log_lvl || logLvl || levelname || levelName || LevelName",
}
}
// set the extracted level as a label
stage.labels {
values = {
level = "",
}
}
// check logs.agent.grafana.com/scrub-timestamp annotation, if true remove the timestamp from the log line
// this can reduce the overall # of bytes sent and stored in Loki
// remove timestamp from the log line, depending on the entry it can be "start_time" or "time"
stage.match {
selector = "{logs_agent_grafana_com_scrub_timestamp=\"true\"}"
pipeline_name = "pipeline for annotation || logs.agent.grafana.com/scrub-timestamp: true"
// remove timestamp from the log line
// unescaped regex: (?i)("(timestamp|ts|logdate|time)"\s*:\s*"[^"]+",?)
stage.replace {
expression = "(?i)(\"(timestamp|ts|logdate|time)\"\\s*:\\s*\"[^\"]+\",?)"
replace = ""
}
}
// check logs.agent.grafana.com/scrub-level annotation, if true remove the level from the log line (it is still a label)
// this can reduce the overall # of bytes sent and stored in Loki
stage.match {
selector = "{logs_agent_grafana_com_scrub_level=~\"(?i)true\"}"
pipeline_name = "pipeline for annotation || logs.agent.grafana.com/scrub-level: true"
// remove level from the log line
stage.replace {
// unescaped regex: (?i)"(log)?(level|lvl)"\s*:\s*"[^"]+",?
expression = "(?i)(\"(log)?(level|lvl)\"\\s*:\\s*\"[^\"]+\",?)"
replace = ""
}
}
}
}