Docs » Available host and application monitors » Configure application receivers for databases » Logparser

Logparser πŸ”—

Description πŸ”—

The Splunk Distribution of OpenTelemetry Collector provides this integration as the telegraf/logparser monitor type by using the SignalFx Smart Agent Receiver. This monitor type is based on the Telegraf logparser plugin. This monitor type tails log files. All metrics emitted from this monitor type have the plugin dimension set to telegraf-logparser.

Benefits πŸ”—

After you configure the integration, you can access these features:

  • View metrics. You can create your own custom dashboards, and most monitors provide built-in dashboards as well. For information about dashboards, see View dashboards in Observability Cloud.

  • View a data-driven visualization of the physical servers, virtual machines, AWS instances, and other resources in your environment that are visible to Infrastructure Monitoring. For information about navigators, see Splunk Infrastructure Monitoring navigators.

  • Access the Metric Finder and search for metrics sent by the monitor. For information, see Use the Metric Finder.

Installation πŸ”—

Follow these steps to deploy this integration:

  1. Deploy the Splunk Distribution of OpenTelemetry Collector to your host or container platform:

  2. Configure the monitor, as described in the Configuration section.

  3. Restart the Splunk Distribution of OpenTelemetry Collector.

Configuration πŸ”—

This monitor type is available in the Smart Agent Receiver, which is part of the Splunk Distribution of OpenTelemetry Collector. You can use existing Smart Agent monitors as OpenTelemetry Collector metric receivers with the Smart Agent Receiver.

This monitor type requires a properly configured environment on your system in which you’ve installed a functional Smart Agent release bundle. The Collector provides this bundle in the installation paths for x86_64/amd64.

To activate this monitor type in the Collector, add the following lines to your configuration (YAML) file:

receivers:
  smartagent/logparser:
    type: telegraf/logparser
    ...  # Additional config

To complete the integration, include this monitor type as a member of a logs pipeline. Use the SignalFx exporter to make event submission requests. Use the Resource Detection processor to ensure that host identity and other useful information is made available as event dimensions. For example:

service:
  pipelines:
    logs:
      receivers:
        - smartagent/logparser
      processors:
        - resourcedetection
      exporters:
        - signalfx

The following example shows a sample YAML configuration:

receivers:
  smartagent/logparser:
    type: telegraf/logparser
    files:
     - '$file'
    watchMethod: poll
    # Specifies the file watch method ("inotify" or "poll").
    fromBeginning: true     
    # Specifies to read from the beginning.
    measurementName: test-measurement 
    # This is the metric name prefix.
    patterns:
     - "%{COMMON_LOG_FORMAT}" 
    # Specifies the Apache Common Log Format (CLF).
    timezone: UTC

Configuration options πŸ”—

The following table shows the configuration options for this monitor type:

Option

Required

Type

Description

files

yes

list of strings

Paths to files to be tailed

watchMethod

no

string

Method for watching changes to files (β€œionotify” or β€œpoll”). The default value is poll.

fromBeginning

no

bool

Whether to start tailing from the beginning of the file. The default value is false.

measurementName

no

string

Name of the measurement

patterns

no

list of strings

A list of patterns to match.

namedPatterns

no

list of strings

A list of named grok patterns to match.

customPatterns

no

string

Custom grok patterns. (grok only)

customPatternFiles

no

list of strings

List of paths to custom grok pattern files.

timezone

no

string

Specifies the timezone. The default is UTC time. Other options are Local for the local time on the machine, UTC, and Canada/Eastern (unix style timezones).

Metrics πŸ”—

The Splunk Distribution of OpenTelemetry Collector does not do any built-in filtering of metrics coming out of this monitor type.

Get help πŸ”—

If you are not able to see your data in Splunk Observability Cloud, try these tips:

To learn about even more support options, see Splunk Customer Success.