-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Multiline support for kubernetes collection #313
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you upload a screenshot of the final results, maybe for a single line message and a multiline message? You can drag an image into the PR description and it will automatically upload and embed.
…rict matching only to messages beginning with a date.
…/sumologic-kubernetes-collection into vsinghal-fix-multiline
Can you merge master as well, I think your branch hasn't picked up the libsonnet stuff |
enable_ruby | ||
renew_record true | ||
<record> | ||
log ${record["log"].split(/[\n\t]+/).map! {|item| JSON.parse(item)["log"]}.join("")} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just confirming: This won't cause issues if somehow the log coming from containers.**
doesn't have log
/stream
/time
keys?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is only expecting the log
key and using that to generate the stream
and time
key value pairs from that, so it should be fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But if the string contained in log
doesn't have stream
and time
, i.e. if the user is not using docker, then this wouldn't work, correct? Maybe we should document somewhere that we only support docker for now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually it would work even if the log
doesn't have stream
and time
keys. Its just that if the key is not present, the JSON.parse value will be empty string for the key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks Vijit!
regex: | ||
- name: multi_line | ||
regex: (?<log>^{"log":"\d{4}-\d{1,2}-\d{1,2} \d{2}:\d{2}:\d{2}.*) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vsinghal13 are we using these values somewhere else? because we have defined same thing in deploy/helm/fluent-bit-overrides.yaml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The fluent-bit-overrides.yaml
is an auto-generated file for all the fluent-bit values that have been overridden in values.yaml
. This is done for non-helm users.
Description
In order to fix the multiline support the following config was added:
Multiline log :
![multiline message](https://user-images.githubusercontent.com/56007827/69582144-d1ec8c00-0f8c-11ea-82b7-e312631544e4.png)
Single line log:
![single line message](https://user-images.githubusercontent.com/56007827/69582157-d5801300-0f8c-11ea-8d4f-309b2b695c5b.png)
Testing performed