While I was configuring Datadog Pipelines to parse Kubernetes services written on Go and using glog library, I faced issue that Datadog’s Golang integrations does not support glog.
So, here is plain Grok match rule:
(?<loglevel>[A-Z])%{NUMBER:logcode} %{TIME} %{NUMBER:threadid} (?<file_source>%{WORD}\.%{WORD}):(?<file_line>%{NUMBER})\] (?<message>.*)
For Datadog specifically:
Helper rules:
_level %{regex("[A-Z]")}
_logcode %{regex("[0-9].*")}
_date %{date("HH:mm:ss.SSSSSS")}
_file_name %{regex("[a-zA-z.].*")}
Parsing rules:
glog .*%{_level:level}%{_logcode:logcode} %{_date:date}\s+%{number:threadid}\s+%{_file_name:file_name}:%{number:file_line}\]\s%{data:msg}