From fd2ce42d1577a5fe9d68cc75327d75e2e2ae2908 Mon Sep 17 00:00:00 2001
From: Magic_RB <magic_rb@redalder.org>
Date: Fri, 28 Jul 2023 20:06:11 +0200
Subject: [PATCH] Setup grok parsing for apache and nginx

Signed-off-by: Magic_RB <magic_rb@redalder.org>
---
 nixos/systems/blowhole/monitoring.nix        | 17 +++++++++++++++++
 terranix/containers/ingress-blowhole/job.hcl |  4 ++++
 2 files changed, 21 insertions(+)

diff --git a/nixos/systems/blowhole/monitoring.nix b/nixos/systems/blowhole/monitoring.nix
index 27f5189..0054916 100644
--- a/nixos/systems/blowhole/monitoring.nix
+++ b/nixos/systems/blowhole/monitoring.nix
@@ -298,8 +298,25 @@ in
 
       inputs.docker_log = {
         tags.bucket = "logs";
+        source_tag = true;
       };
 
+      processors.parser = [
+        {
+          parse_fields = [ "message" ];
+          merge = "override";
+          data_format = "grok";
+
+          grok_patterns = ["%{COMBINED_LOG_FORMAT}"];
+
+          tagpass = {
+            "grok_type" = [ "nginx" "apache" ];
+            "_field" = singleton "message";
+          };
+          namepass = [ "docker_log" ];
+        }
+      ];
+
       outputs.influxdb_v2 = [
         {
           urls = singleton "http://${secret.network.ips.blowhole.ip or ""}:8086";
diff --git a/terranix/containers/ingress-blowhole/job.hcl b/terranix/containers/ingress-blowhole/job.hcl
index 5dc41f2..6e3739d 100644
--- a/terranix/containers/ingress-blowhole/job.hcl
+++ b/terranix/containers/ingress-blowhole/job.hcl
@@ -208,6 +208,10 @@ job "ingress" {
         nix_flake_sha = var.flake_sha
         nix_flake_store_path = var.store_path
         entrypoint = [ "init" ]
+
+        labels {
+          grok_type = "nginx"
+        }
       }
 
       resources {