Docs » Configure application receivers » Configure application receivers for databases » Logparser

Logparser 🔗

Description 🔗

The Splunk Distribution of OpenTelemetry Collector provides this integration as the telegraf/logparser monitor via the Smart Agent Receiver. This monitor is based on the Telegraf logparser plugin. This monitor tails log files. All metrics emitted from this monitor have the plugin dimension set to telegraf-logparser.

Installation 🔗

This monitor is available in the SignalFx Smart Agent Receiver, which is part of the Splunk Distribution of OpenTelemetry Collector.

To install this integration:

  1. Deploy the Splunk Distribution of OpenTelemetry Collector to your host or container platform.

  2. Configure the monitor, as described in the next section.

Configuration 🔗

This Splunk Distribution of OpenTelemetry Collector allows embedding a Smart Agent monitor configuration in an associated Smart Agent Receiver instance.

Note: Providing a Logparser monitor entry in your Smart Agent or Collector configuration is required for its use. Use the appropriate form for your agent type.

Smart Agent 🔗

To activate this monitor in the Smart Agent, add the following to your agent configuration:

monitors:  # All monitor config goes under this key
 - type: telegraf/logparser
   ...  # Additional config

Here is a sample YAML configuration:

 - type: telegraf/logparser
   files:
    - '$file'
   watchMethod: poll       # Specify the file watch method ("inotify" or "poll").
   fromBeginning: true     # Specify to read from the beginning.
   measurementName: test-measurement # This is the metric name prefix.
   patterns:
    - "%{COMMON_LOG_FORMAT}" # Specifies the Apache Common Log Format (CLF).
   timezone: UTC

See Smart Agent example configuration for an autogenerated example of a YAML configuration file, with default values where applicable.

Splunk Distribution of OpenTelemetry Collector 🔗

To activate this monitor in the Splunk Distribution of OpenTelemetry Collector, add the following to your agent configuration:

receivers:
  smartagent/logparser:
    type: telegraf/logparser
    ...  # Additional config

See configuration examples for specific use cases that show how the collector can integrate and complement existing environments.

Note: Include monitors with event-sending functionality as members of a logs pipeline that utilizes an exporter that makes the event submission requests. Use a Resource Detection processor to ensure that host identity and other useful information is made available as event dimensions.

Configuration settings 🔗

The following table shows the configuration options for this monitor:

Option Required Type Description
files yes list of strings Paths to files to be tailed
watchMethod no string Method for watching changes to files ("ionotify" or "poll") (default: poll)
fromBeginning no bool Whether to start tailing from the beginning of the file (default: false)
measurementName no string Name of the measurement
patterns no list of strings A list of patterns to match.
namedPatterns no list of strings A list of named grok patterns to match.
customPatterns no string Custom grok patterns. (grok only)
customPatternFiles no list of strings List of paths to custom grok pattern files.
timezone no string Specifies the timezone. The default is UTC time. Other options are Local for the local time on the machine, UTC, and Canada/Eastern (unix style timezones).

Metrics 🔗

The Smart Agent and Splunk Distribution of OpenTelemetry Collector do not do any built-in filtering of metrics coming out of this monitor.