9

I am running ZooKeeper on a google compute instance and trying to setup google-cloud-ops-agent to properly parse the logs. I am most of the way there, but am having trouble getting it to recognize the severity field.

The docs state that severity is a special field that will get extracted from the jsonPayload, but I am not seeing that happening.

My /etc/google-cloud-ops-agent/config.yaml

logging:
  receivers:
    zookeeper:
      type: files
      include_paths:
      - /zookeeper/logs/zookeeper.log
  processors:
    zookeeper:
      type: parse_regex
      field: message
      regex: '^(?<time>.{23}) \[(?<zknode>[^\]]+)] - (?<severity>\S+)\s+ \[(?<class>[^\]]+)] - (?<msg>.*)$'
      time_key: time
      time_format: "%Y-%m-%d %H:%M:%S,%L"
  service:
    pipelines:
      zookeeper:
        receivers: [zookeeper]
        processors: [zookeeper]

evidence the parse_regex is working properly (but notice severity still exists in jsonPayload)

sample Cloud Logging Output

Danny G
  • 581
  • 4
  • 16
  • Any clues on the Zookeeper logs? What ops agent version are you also using? – Alex G Aug 12 '21 at 22:09
  • No, I never got it to work. I can't find the specific version I was using, I was following the instructions at https://cloud.google.com/monitoring/agent/ops-agent/installation; it was not the 'legacy' or 'preview' versions (at time of this writing). Unfortunately this project got defunded, so I had to move on. I appreciate the suggestions – Danny G Oct 09 '21 at 15:39
  • I've ran into the same problem. I've got a support ticket open and I'll update with what I find. – Mike Cantrell Oct 29 '21 at 14:53
  • 1
    A public ticket has been created for this issue, See [case](https://issuetracker.google.com/issues/202309453) for more details. https://issuetracker.google.com/issues/202309453 – Alex G Nov 10 '21 at 06:56

0 Answers0