search

influxdata / telegraf

Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.
https://influxdata.com/telegraf
MIT License
14.9k stars 5.6k forks source link

Telegraf logparser plugin grok help needed #1649

Closed discoduck2x closed 8 years ago

discoduck2x commented 8 years ago

version 1.0.0-beta3 , windows 2012

Using tshark to gather comma separated data and parse with telegrafs logparser plugin,

fileline example 1471471812.246093000,8.8.8.8,9.9.9.9,1

..where 1471471812.246093000 is the epoch time , however i cant figure out how to construct a grok pattern that gets RID of the "." , the time-epochnano will work without the dot but how to exclude it?

working grockpattern if i manually remove the dots CUSTOM_LOG %{DATA:time:ts-epochnano},%{DATA:src:tag},%{DATA:dst:tag},%{NUMBER:value:float}

sparrc commented 8 years ago

@discoduck2x the problem is that your timestamps are neither unix nanosecond nor unix second timestamps. Unix timestamps are integers, and your application is outputting the timestamps as floats.

The only option would be to ignore the nanosecond digits with something like:

CUSTOM_LOG %{DATA:time:ts-epoch}.%{NUMBER},%{DATA:src:tag},%{DATA:dst:tag},%{NUMBER:value:float}

where %{NUMBER} will get discarded.