Timestamp not recognized in old logs / regex

Hello

I am starting with Loki and grafana
I have to recover the logs of several old applications and I have a problem to make grafana recognize the timestamps in the log files

after searching for several solutions, even here, i came to this config file for promtail

scrape_configs:
- job_name: webservice
  static_configs:
  - targets:
      - localhost
    labels:
      job: webservice-System
      env : dev
      __path__: C:\log\logname*
  pipeline_stages:
    - regex:
        expression: '^(?P<time>\d{4}.{15}).+$'
    - timestamp:
        source: time
        format: 2006-01-02 15:04:05,999

Here is an extract of my logs
They all start the same way

2023-04-22 11:57:24,396 [] SystemLogger DEBUG - Type Methode : POST | Name Methode : Authentification

I can’t get grafana to recognize 2023-04-22 11:57:24,396 as timestamp
and all my logs have a wrong timestamp in grafana, at the one of the ingestion

Could you help me please ?

Your regex doesn’t actually capture the entire timestamp. It stops just before ,396. I’d just try to use white space separator instead, or add 4 more digits and make it .{19} instead.

I modified the regex to include the last 3 numbers as suggested
I see in the promtails logs that loki refuses an entry because it is too old or too new
(I added the timezone and it’s good for this part)

msg=“final error sending batch” status=400 tenant= error="server returned HTTP status 400 Bad Request (400): entry with timestamp 2023-04-25 11:47:29.145 +0000 UTC ignored, reason: ‘entry too far behind, oldest acceptable timestamp is: 2023-04-26T07:57:06Z’

So it does recognize the timestamps !
However Grafana, does not recognize it, and stays with the one of the ingestion time

Is there something to change in my loki’s config or grafana ?

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.