diff --git a/cookbooks/loki/templates/etc/promtail/loki.yaml b/cookbooks/loki/templates/etc/promtail/loki.yaml index a684f40..6b9492b 100644 --- a/cookbooks/loki/templates/etc/promtail/loki.yaml +++ b/cookbooks/loki/templates/etc/promtail/loki.yaml @@ -21,8 +21,10 @@ scrape_configs: - match: selector: '{job="loki"}' stages: - - regex: + - drop: + expression: 'entry out of order' + - regex: expression: '^[^ ]+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+ [^ ]+ loki[^ ]+ .*level=(?P[^ ]+) ts=(?P[^ ]+) (?P.+)$' - timestamp: diff --git a/cookbooks/nginx/templates/etc/promtail/nginx.yaml b/cookbooks/nginx/templates/etc/promtail/nginx.yaml index 5e14af3..0287fce 100644 --- a/cookbooks/nginx/templates/etc/promtail/nginx.yaml +++ b/cookbooks/nginx/templates/etc/promtail/nginx.yaml @@ -35,7 +35,7 @@ scrape_configs: - template: source: level - template: '{{ regexReplaceAllLiteral "(2|3)[0-9]+" .Value "info" }}' + template: '{{ regexReplaceAllLiteral "(1|2|3)[0-9]+" .Value "info" }}' - template: source: level diff --git a/cookbooks/promtail/templates/etc/promtail/base.yaml b/cookbooks/promtail/templates/etc/promtail/base.yaml index 79f6a17..d9fd628 100644 --- a/cookbooks/promtail/templates/etc/promtail/base.yaml +++ b/cookbooks/promtail/templates/etc/promtail/base.yaml @@ -32,7 +32,7 @@ scrape_configs: selector: '{job="sudo"} |~ "/bin/sh"' stages: - drop: - expression: (CRON|sshd|session|securetty) + expression: (CRON|sshd|session|securetty|systemd-logind) - regex: expression: '^(?P\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^ ]+ sudo: +(?P[^ ]+) : TTY=(?P[^ ]+) ; PWD=(?P[^ ]+) ; USER=(?P[^ ]+) ; COMMAND=(?P.+)$' @@ -59,7 +59,7 @@ scrape_configs: selector: '{job="sudo"} !~ "/bin/sh"' stages: - drop: - expression: (CRON|sshd|session|securetty) + expression: (CRON|sshd|session|securetty|systemd-logind) - regex: expression: '^(?P\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^ ]+ sudo: +(?P[^ ]+) : TTY=(?P[^ ]+) ; PWD=(?P[^ ]+) ; USER=(?P[^ ]+) ; COMMAND=(?P.+)$' @@ -210,6 +210,10 @@ scrape_configs: - match: selector: '{job="promtail"}' stages: + + - drop: + expression: 'entry out of order' + - regex: expression: '^[^ ]+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+ [^ ]+ promtail[^ ]+ .*ts=(?P[^ ]+) (?P.+)$' @@ -258,7 +262,7 @@ scrape_configs: pipeline_stages: - match: - selector: '{job="init"} |~ "(apt|Message of the Day|Temporary Directories)"' + selector: '{job="init"} |~ "(apt|Message of the Day|motd-news|Temporary Directories|man-db|fwupd|Firmware update daemon|systemd-tmpfiles-clean.service|Rotate log files|logrotate.service)"' stages: - template: source: level @@ -268,7 +272,7 @@ scrape_configs: level: - match: - selector: '{job="init"} !~ "(apt|Message of the Day|Temporary Directories)"' + selector: '{job="init"} !~ "(apt|Message of the Day|motd-news|Temporary Directories|man-db|fwupd|Firmware update daemon|systemd-tmpfiles-clean.service|Rotate log files|logrotate.service)"' stages: - template: source: level