By Johnny Appleseed - 26 Nov 2023
Hi
What's the recommended way to format this?
2023-11-26T01:37:22.070084925-06:00 container destroy c68d069d7aeb401013d2f85f5cba03ce49048557747842e1d2d95553ab12043c (com.docker.stack.namespace=dcp-notifications, com.docker.swarm.node.id=gb1cto7gaq68fp4refnsr5hep, com.docker.swarm.service.id=sgzwrwxqv1j9cwas8rjw57qwh, com.docker.swarm.service.name=dcp-notifications_gotify, com.docker.swarm.task=, com.docker.swarm.task.id=0h30og9viwjcu0fgr9uadw44p, com.docker.swarm.task.name=dcp-notifications_gotify.1.0h30og9viwjcu0fgr9uadw44p, image=gotify/server:latest@sha256:436a75a37795fed03df4d183c007b9d7d84329d4e92067121ff77f08e78cdadf, name=dcp-notifications_gotify.1.0h30og9viwjcu0fgr9uadw44p)
2023-11-26T01:37:24.694138377-06:00 container exec_create: /bin/sh -c /usr/local/bin/healthcheck 24ddf71ea3163f85cd6c7f54137b658b18a386326fe70e8b22a22148fe4631a7 (com.docker.stack.namespace=dcp-downloaders, com.docker.swarm.node.id=gb1cto7gaq68fp4refnsr5hep, com.docker.swarm.service.id=pw8jqafdiv2ypo1d0xdr9jxnx, com.docker.swarm.service.name=dcp-downloaders_rutorrent, com.docker.swarm.task=, com.docker.swarm.task.id=je15qmqrfkdyg4lvdjzeocb3k, com.docker.swarm.task.name=dcp-downloaders_rutorrent.1.je15qmqrfkdyg4lvdjzeocb3k, execID=b7a7104ebd64f038eca8b50b65868357867d51263caa38b45029f8d6f52e59eb, image=ghcr.io/crazy-max/rtorrent-rutorrent:latest@sha256:4e0df24d4f168d705c9864dad04e99c1c55c9e987e7bf0b6b0c84efb686ef858, name=dcp-downloaders_rutorrent.1.je15qmqrfkdyg4lvdjzeocb3k, org.opencontainers.image.created=2023-11-18T18:12:25.503Z, org.opencontainers.image.description=rTorrent and ruTorrent, org.opencontainers.image.licenses=MIT, org.opencontainers.image.revision=56abffe6f59c52880359afe3589c101833fb2abb, org.opencontainers.image.source=https://github.com/crazy-max/docker-rtorrent-rutorrent, org.opencontainers.image.title=rTorrent and ruTorrent, org.opencontainers.image.url=https://github.com/crazy-max/docker-rtorrent-rutorrent, org.opencontainers.image.vendor=CrazyMax, org.opencontainers.image.version=4.2.9-0.9.8-0.13.8)
2023-11-26T01:37:24.694365487-06:00 container exec_start: /bin/sh -c /usr/local/bin/healthcheck 24ddf71ea3163f85cd6c7f54137b658b18a386326fe70e8b22a22148fe4631a7 (com.docker.stack.namespace=dcp-downloaders, com.docker.swarm.node.id=gb1cto7gaq68fp4refnsr5hep, com.docker.swarm.service.id=pw8jqafdiv2ypo1d0xdr9jxnx, com.docker.swarm.service.name=dcp-downloaders_rutorrent, com.docker.swarm.task=, com.docker.swarm.task.id=je15qmqrfkdyg4lvdjzeocb3k, com.docker.swarm.task.name=dcp-downloaders_rutorrent.1.je15qmqrfkdyg4lvdjzeocb3k, execID=b7a7104ebd64f038eca8b50b65868357867d51263caa38b45029f8d6f52e59eb, image=ghcr.io/crazy-max/rtorrent-rutorrent:latest@sha256:4e0df24d4f168d705c9864dad04e99c1c55c9e987e7bf0b6b0c84efb686ef858, name=dcp-downloaders_rutorrent.1.je15qmqrfkdyg4lvdjzeocb3k, org.opencontainers.image.created=2023-11-18T18:12:25.503Z, org.opencontainers.image.description=rTorrent and ruTorrent, org.opencontainers.image.licenses=MIT, org.opencontainers.image.revision=56abffe6f59c52880359afe3589c101833fb2abb, org.opencontainers.image.source=https://github.com/crazy-max/docker-rtorrent-rutorrent, org.opencontainers.image.title=rTorrent and ruTorrent, org.opencontainers.image.url=https://github.com/crazy-max/docker-rtorrent-rutorrent, org.opencontainers.image.vendor=CrazyMax, org.opencontainers.image.version=4.2.9-0.9.8-0.13.8)
|
By LogViewPlus Support - 26 Nov 2023
That's a tricky one that I have not seen before. I can get a decent parse with:
%d{yyyy-MM-ddT%H:mm:ss.fffffffff}-%s{Zone} %c %m%n
%d{yyyy-MM-ddT%H:mm:ss.fffffffff}+%s{Zone} %c %m%n
I am having some trouble parsing the timezone, so I used a multi-pattern to handle the '+' scenario for now. I will look into this as it is likely something that we can fix for the next release.
Hope that helps,
Toby
|
By Johnny Appleseed - 7 Dec 2023
Thank you, that does work pretty well! One thing I'd like to still do with it is to add 2 more columns for the action and the container hash.
For example:
The far left of the message has the action, highlighted in lime green, and then the container hash after it, highlighted in reddish.
Then anything after that in the regular Message column. Is this possible?
Also, if you happen to use Docker yourself and need examples of the above logs, the command is just docker events
|
By Johnny Appleseed - 7 Dec 2023
Quick enhancement requests too, that would be super useful =) :
- I always have to manually resize the parser wizard and/or parser settings dialogs, to make it easier to edit these formats, like so:
Note: this one also has the divider for the right-most column moved to the left for more room there as well.
Basically about 95%-98% the width of the parent (main) window. I (as well as probably most people these days) have a nice, wide screen monitor to use, and this gives me plenty of breathing room to edit things.
Would it be possible to have LVP save and restore these window dimensions if/when a user movies them around?
- Also,
This is slightly less important, but still very handy; in the topmost screenshot I circled a blank area. It would be quite handy to have a quick Legend there that just says what each variable does. i.e. the %d, %s, %m, %n, etc.
I tend to forget all the time exactly what they do when I'm only messing with setting up parsers occasionally, and it would be handy to be able to just look over to the right for a quick 'cheatsheet' of what they do.
|
By LogViewPlus Support - 7 Dec 2023
For parsing the message, I am not 100% clear on what you are after, but you can extract more detail from the message. For example, consider the pattern:
%d{yyyy-MM-ddT%H:mm:ss.fffffffffzzzz} %c %s{Action} %S{Command} (%S, com.docker.swarm.node.id=%S{NodeId}, %S{Key1}=%S{Value1}, %m)%n
This would parse your logs into:
So it really just depends on the information you are interested in. Note that when parsing the log file, all log entries must have the same format. If the log entry format, or the information you are after has a lot of variation you might be better off using a Message Filter instead. Sometimes a two-stage parse is best.
Window sizes and additional help are both great ideas - thanks for the suggestion! I will take a look and see what we can do before the next release.
Hope that helps,
Toby
|
|