Docs » Available host and application monitors » Configure application receivers for databases » Logparser

Logparser ๐Ÿ”—

Description ๐Ÿ”—

The Splunk Distribution of OpenTelemetry Collector provides this integration as the telegraf/logparser monitor type by using the SignalFx Smart Agent Receiver. This monitor type is based on the Telegraf logparser plugin. This monitor type tails log files. All metrics emitted from this monitor type have the plugin dimension set to telegraf-logparser.

Benefits ๐Ÿ”—

After you configure the integration, you can access these features:

Installation ๐Ÿ”—

Follow these steps to deploy this integration:

  1. Deploy the Splunk Distribution of OpenTelemetry Collector to your host or container platform:

  2. Configure the monitor, as described in the Configuration section.

  3. Restart the Splunk Distribution of OpenTelemetry Collector.

Configuration ๐Ÿ”—

This monitor type is available in the Smart Agent Receiver, which is part of the Splunk Distribution of OpenTelemetry Collector. You can use existing Smart Agent monitors as OpenTelemetry Collector metric receivers with the Smart Agent Receiver.

This monitor type requires a properly configured environment on your system in which youโ€™ve installed a functional Smart Agent release bundle. The Collector provides this bundle in the installation paths for x86_64/amd64.

To activate this monitor type in the Collector, add the following lines to your configuration (YAML) file:

receivers:
  smartagent/logparser:
    type: telegraf/logparser
    ...  # Additional config

To complete the integration, include this monitor type as a member of a logs pipeline. Use the SignalFx exporter to make event submission requests. Use the Resource Detection processor to ensure that host identity and other useful information is made available as event dimensions. For example:

service:
  pipelines:
    logs:
      receivers:
        - smartagent/logparser
      processors:
        - resourcedetection
      exporters:
        - signalfx

The following example shows a sample YAML configuration:

receivers:
  smartagent/logparser:
    type: telegraf/logparser
    files:
     - '$file'
    watchMethod: poll
    # Specifies the file watch method ("inotify" or "poll").
    fromBeginning: true     
    # Specifies to read from the beginning.
    measurementName: test-measurement 
    # This is the metric name prefix.
    patterns:
     - "%{COMMON_LOG_FORMAT}" 
    # Specifies the Apache Common Log Format (CLF).
    timezone: UTC

Configuration options ๐Ÿ”—

The following table shows the configuration options for this monitor type:

Option

Required

Type

Description

files

yes

list of strings

Paths to files to be tailed

watchMethod

no

string

Method for watching changes to files (โ€œionotifyโ€ or โ€œpollโ€). The default value is poll.

fromBeginning

no

bool

Whether to start tailing from the beginning of the file. The default value is false.

measurementName

no

string

Name of the measurement

patterns

no

list of strings

A list of patterns to match.

namedPatterns

no

list of strings

A list of named grok patterns to match.

customPatterns

no

string

Custom grok patterns. (grok only)

customPatternFiles

no

list of strings

List of paths to custom grok pattern files.

timezone

no

string

Specifies the timezone. The default is UTC time. Other options are Local for the local time on the machine, UTC, and Canada/Eastern (unix style timezones).

Metrics ๐Ÿ”—

The Splunk Distribution of OpenTelemetry Collector does not do any built-in filtering of metrics coming out of this monitor type.

Get help ๐Ÿ”—

If you are not able to see your data in Splunk Observability Cloud, try these tips:

To learn about even more support options, see Splunk Customer Success.