Date:

Share:

Unmasking unstructured logs with FusionReactor Cloud Logging LogQL pattern parser

Related Articles

Journal data represents untapped or mismanaged resources for many organizations. Even if they can harness valuable insights from structured diaries through their diary management system, uncovering unstructured diaries is the most significant challenge.

However, with the FusionReactor Cloud registry feature, writing LogQL queries to access and analyze unstructured log formats has simply become easier. Unstructured log data analysis can be done much faster than a regular surgeon. Let’s reveal more!

Diary Analysis Challenges

When log volumes are large, parsing helps convert them into simple data fields for queries using LogQL. Analyzing queries in Regex can be challenging and time consuming, unlike queries from JSON and Logfmt, which are quite easy to use and fast.

With LogQL, performing a full-text search for unstructured logs analysis becomes simpler. The FusionReactor registry comes with LogQL parsers that manage JSON, regex, and Logfmt.

For example, when extracting labels and values ​​from NGINX logs, finding the status and status request requests can be challenging. Consider the regular expression query highlighted in this example:

sum by (method, status) (rate(stream=''stdout", container=""nginx |
regexp '' ^ (\S+) (?P<user_identifier>\S+) (?P<user>\S+) \[(.*)\]
"(?P<method>\S+) (?P<path>\S+) HTTP/(?P<http_version>\d+\.\d+) ''
(?P<status>\d+) (?P<bytes_sent>\d+|-) '' [1m] ) )

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Articles