Merge pull request #60 from jfrog/PTRENG-5967

Fix access log regex to match input
jfrog · Apr 10, 2024 · 83f92ca · 83f92ca
2 parents adc495f + 6ab90ee
commit 83f92ca
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All changes to the log analytics integration will be documented in this file.
 
+## [1.0.4] - April 09, 2024
+
+* Fix access log regex pattern to match log structure
+
 ## [1.0.3] - April 05, 2024
 
 * Adding multi-arch support (amd64, arm64) for the sidecar docker image to allow also deployment in ARM environments

diff --git a/README.md b/README.md
@@ -25,13 +25,13 @@ The JFrog Log Analytics and Metrics solution using Prometheus consists of three
 
    Jfrog Platform: 10.17.3
 
-   Artifactory : 7.77.8
+   Artifactory: 7.77.8
 
-   Xray : 3.92.7
+   Xray: 3.92.7
 
-   Prometheus 2.51.0
+   Prometheus: 2.51.0
 
-   Grafana:10.4.0
+   Grafana: 10.4.0
 
    Loki: 2.9.6
 
@@ -116,7 +116,7 @@ helm upgrade --install "loki" --values helm/loki-values.yaml grafana/loki -n $IN
 * "loki" will be the service name, the url to access loki as a datasource can be visualised as http://<service_name>.<namespace>:<port>
       ex: http://loki.$INST_NAMESPACE:3100 will be the "loki_url" value
 
-* version 2.9.3 is the most recent loki version at the time of writing the document
+* version 2.9.6 is the most recent loki version at the time of writing the document
       if there is a need to deploy this exact version, change the version value in "--set loki.image.tag=my_desired_version" to your desired version.
 
 ```

diff --git a/fluent_metrics.conf.rt b/fluent_metrics.conf.rt
@@ -414,6 +414,10 @@
     time_format %Y-%m-%dT%H:%M:%SZ
   </parse>
 </source>
+# example access logs:
+# 2024-04-09T22:47:56.186Z [4147ce79c667c62c ] [ACCEPTED LOGIN]   for client : jfmc@01fdq6vwvc110f0bsyy5cc1xxr / 127.0.0.1 [token]
+# 2024-04-09T22:48:09.057Z [23805d42fe9d707e] [ACCEPTED DOWNLOAD]   for client : jfmc@01fdq6vwvc110f0bsyy5cc1xxr / 127.0.0.1 [apiKey]
+# 2024-04-09T22:48:35.240Z [581d24eaf7913e4b] [DENIED LOGIN]   for client : NA / 198.145.32.100
 <source>
   @type tail
   @id artifactory_access_tail
@@ -422,7 +426,7 @@
   tag jfrog.rt.artifactory.access
   <parse>
     @type regexp
-    expression /^(?<timestamp>[^ ]*) \[(?<trace_id>[^\]]*)\] \[(?<action_response>[^\]]*)\] (?<repo_path>.*) for client : (?<username>.+)/(?<ip>.+)\.$/m
+    expression /^(?<timestamp>[^\s]*) \[(?<trace_id>[^\s\]]*)\s*\] \[(?<action_response>[^\]\r\n]*)\] (?<repo_path>[^\s]*)? *for client : *(?<username>[^\s]*) *\/ *(?<ip>[^\s]*)? ?(\[(?<token>[^\s]*)\])?$/m
     time_key timestamp
     time_format %Y-%m-%dT%H:%M:%S.%LZ
   </parse>

diff --git a/grafana/ArtifactoryLogAnalyticsAndSystemMetrics.json b/grafana/ArtifactoryLogAnalyticsAndSystemMetrics.json
@@ -2173,7 +2173,7 @@
             "uid": "${DS_LOKI}"
           },
           "editorMode": "code",
-          "expr": "topk(10, sum by (username) (count_over_time({agent=\"fluentd\",service=\"artifactory\"} | json | log_source = \"jfrog.rt.artifactory.access\", username != \"NA \", username !~ \"token.*\", username != \"_system_ \" [$__range])))",
+          "expr": "topk(10, sum by (username) (count_over_time({agent=\"fluentd\",service=\"artifactory\"} | json | log_source = \"jfrog.rt.artifactory.access\", username != \"NA \", username !~ \"token.*\", username != \"_system_\" [$__range])))",
           "legendFormat": "{{username}}",
           "queryType": "range",
           "refId": "A"