-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: filter log records based on JSON fields #101
Comments
I think it sounds like a good idea. This is partly related to #97, the |
I guess this is the new plain text log stream: meta data from the orchestration layer (Kubernetes, anything else if that still exists) and then the plain text message. Great way to pre-filter when grepping for logs -- works out pretty will with log databases like Loki (filter out most of the logs using meta data, then apply linear search for whatever you're looking for) but also stream evaluation where complex regular expressions are applied (like grok exporter). Yes, the other proposal also sounds promising. I'd pledge for making this as performant as possible (this is a great way to pre-filter on high load systems before applying the rather expensive grok patterns), but generic enough that it fits most use cases. Our use case would include hierarchical JSON attributes (thus jsonpath), but if somebody comes up with a more generic solution, let's go for that! We have log messages mostly like this one:
I'll go over the other proposal next week and see where both of them match already anyway. |
Hi @JensErat, I am the author of the other proposal. I think our proposals are somewhat equivalent, and that we should strive to find a common solution. The filter you present:
Could be expressed with:
In the proposal I wrote. My proposal is objectively harder to read, and likely also less performant, but does have the advantage of stronger expressabilitiy using go-templates. I think Additionally I think we should either add a |
If I get it right, grok_exporter currently only makes use of JSON fields apart from the log messsage (from webhook tailer) for assigning labels. I'd like to propose a change to also filter based of JSON fields.
An example configuration, but I'm also fine with other approaches if anybody comes up with a better proposal:
Before evaluating the grok matcher, grok_exporter would loop over all filters and have only pass those records that match all lines.
Why do I want this?
Given there is agreement on this design proposal and we actually go the grok_exporter route (not decided yet, and might take some time), we would also contribute code.
The text was updated successfully, but these errors were encountered: