Telegraf: How to extract from field using regex processor?

Question

I would like to extract the values for connections, upstream and downstream using telegraf regex processor plugin from this input:

2022/11/16 22:38:48 In the last 1h0m0s, there were 10 connections. Traffic Relayed ↑ 60 MB, ↓ 4 MB.

Using this configuration the result key "upstream" is a copy of the initial message but without a part of the 'regexed' stuff.

[[processors.regex]]
  tagpass = ["snowflake-proxy"]

  [[processors.regex.fields]]
    ## Field to change
    key = "message"
    ## All the power of the Go regular expressions available here
    ## For example, named subgroups
    pattern = 'Relayed.{3}(?P<UPSTREAM>\d{1,4}\W.B),'
    replacement = "${UPSTREAM}"
    ## If result_key is present, a new field will be created
    ## instead of changing existing field
    result_key = "upstream"

Current output:

2022/11/17 10:38:48 In the last 1h0m0s, there were 1 connections. Traffic 3 MB ↓ 5 MB.

How do I get the decimals?

I'm quite a bit confused how to use the regex here, because on several examples in the web it should work like this. See for example: http://wiki.webperfect.ch/index.php?title=Telegraf:_Processor_Plugins

Answer 1

The replacement config option specifies what you want to replace in for any matches.

I think you want something closer to this:

  [[processors.regex.fields]]
    key = "message"
    pattern = '.*Relayed.{3}(?P<UPSTREAM>\d{1,4}\W.B),.*$'
    replacement = "${1}"
    result_key = "upstream"

to get:

upstream="60 MB"