Hi,
I’m trying to parse logs from postgres. I configured newrelic infra and lags are properly pushed to newrelic but log parsing rules seems not working at all. I created parsing rule, set proper parsing regex (it is working in grok debugger):
%{DATESTAMP:timestamp} %{TZ} \[%{DATA:user_id}\](?:\s%{WORD}@%{WORD})? %{WORD:level}:%{GREEDYDATA:message}
which is working in “Parsed log messages” preview (all attributes are parsed and visible in preview):
Parsing results
Message
2020-11-24 09:51:51.660 UTC [3472558] LOG: listening on IPv4 address "127.0.0.1", port 5432
Parsing results
{
"level": "LOG",
"message": " listening on IPv4 address \"127.0.0.1\", port 5432",
"DATE_EU": "20-11-24",
"user_id": "3472558",
"timestamp": "20-11-24 09:51:51.660"
}
But newly received logs are not parsed (attributes are not visible in log table).
Also noticed that predefined logtype=nginx-error is not working when upstream is used in nginx.
message: 2020/11/24 08:38:36 [error] 3532#3532: *53025 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 00.00.00.000, server: some.example.net, request: "GET /.git HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock", host: "some.example.net", referrer: "https://www.some.example.net/product"
is not parsed but when i remove upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock",
part from log then parsing is working correctly.
Should I do some additional steps to make it work?