The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Hello. We have a grafana instance which gets sent rsyslog messages from a variant of servers (first to rsyslog, then to telegraf which inserts them into an influxdb. some of them log appnames like someapp (.log or run-parts(.log
I use a dashboard to show different logs from servers. I had to workarout grafana breaking the dashboard by setting the regex in Variables/^.*(?<!\(|influxd-systemd-start.sh)$/ meaning to only include lines not ending with ( or influxd-systemd-start.sh. this means that these are excluded from the dashboard which is not a good solution (except for influxdb-systemd-start.sh of course).
When I don't exclude these, I get some views not working at all, stating
Status: 500. Message: InfluxDB returned error: error parsing query: error parsing regexp: missing closing ): in all cases.
I include a screenshot of one of the queries involved aswell.
What did you expect to happen?
appnames shouldn't be passed unsanatized in a query (if this is the case)
Did this work before?
no
How do we reproduce it?
hard to say as I am not a grafana expert. I'm not even completely sure the issue lies with the way grafana sends querys to influxdb. I'd try to produce logs with util-linuxlogger and inserting them into influxdb, then build a dashboard with them, for example by using https://grafana.com/grafana/dashboards/15644-syslog/
Is the bug inside a dashboard panel?
It is, however it seems to me like the strings are not sanitized before building the query
Environment (with versions)?
Grafana: Version 10.3.1
OS: Kernel 6.1.0-17-amd64 Debian 12
Browser: Any
What happened?
Hello. We have a grafana instance which gets sent rsyslog messages from a variant of servers (first to rsyslog, then to telegraf which inserts them into an
influxdb
. some of them log appnames likesomeapp (.log
orrun-parts(.log
I use a dashboard to show different logs from servers. I had to workarout grafana breaking the dashboard by setting the regex inVariables
/^.*(?<!\(|influxd-systemd-start.sh)$/
meaning to only include lines not ending with(
orinfluxd-systemd-start.sh
. this means that these are excluded from the dashboard which is not a good solution (except for influxdb-systemd-start.sh of course).When I don't exclude these, I get some views not working at all, stating
Status: 500. Message: InfluxDB returned error: error parsing query: error parsing regexp: missing closing ):
in all cases.I include a screenshot of one of the queries involved aswell.![2024-04-03-grafana-dashboard-regex](https://github.com/grafana/grafana/assets/46875386/32f5bffa-ea64-46b7-bb1e-adf9947a0f46)
What did you expect to happen?
appnames shouldn't be passed unsanatized in a query (if this is the case)
Did this work before?
no
How do we reproduce it?
hard to say as I am not a grafana expert. I'm not even completely sure the issue lies with the way grafana sends querys to influxdb. I'd try to produce logs with
util-linux
logger
and inserting them intoinfluxdb
, then build a dashboard with them, for example by using https://grafana.com/grafana/dashboards/15644-syslog/Is the bug inside a dashboard panel?
It is, however it seems to me like the strings are not sanitized before building the query
Environment (with versions)?
Grafana: Version 10.3.1 OS: Kernel 6.1.0-17-amd64 Debian 12 Browser: Any
Grafana platform?
Other
Datasource(s)?
influxdb