Setup grok parsing for apache and nginx

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-25 01:26:14 +01:00 · 2023-07-28 20:06:11 +02:00 · 2023-07-28 20:06:11 +02:00 · fd2ce42d15
parent 0fef19e47e
commit fd2ce42d15
2 changed files with 21 additions and 0 deletions
--- a/nixos/systems/blowhole/monitoring.nix
+++ b/nixos/systems/blowhole/monitoring.nix
@ -298,8 +298,25 @@ in

      inputs.docker_log = {
        tags.bucket = "logs";
+        source_tag = true;
      };

+      processors.parser = [
+        {
+          parse_fields = [ "message" ];
+          merge = "override";
+          data_format = "grok";
+
+          grok_patterns = ["%{COMBINED_LOG_FORMAT}"];
+
+          tagpass = {
+            "grok_type" = [ "nginx" "apache" ];
+            "_field" = singleton "message";
+          };
+          namepass = [ "docker_log" ];
+        }
+      ];
+
      outputs.influxdb_v2 = [
        {
          urls = singleton "http://${secret.network.ips.blowhole.ip or ""}:8086";
--- a/terranix/containers/ingress-blowhole/job.hcl
+++ b/terranix/containers/ingress-blowhole/job.hcl
@ -208,6 +208,10 @@ job "ingress" {
        nix_flake_sha = var.flake_sha
        nix_flake_store_path = var.store_path
        entrypoint = [ "init" ]
+
+        labels {
+          grok_type = "nginx"
+        }
      }

      resources {