-
Notifications
You must be signed in to change notification settings - Fork 459
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support additional parser configuration: ndjson and multiline in cont…
…ainer logs data-stream (#2345) * add sample_event; support ndjson parser Signed-off-by: Tetiana Kravchenko <[email protected]> * add possibility to adjust container, ndjson and multiline parser configuratios Signed-off-by: Tetiana Kravchenko <[email protected]> * add pr link Signed-off-by: Tetiana Kravchenko <[email protected]> * remove test; add container parser configuration; use generic Additional parsers configuration instead of multilineParser ad jsonParser Signed-off-by: Tetiana Kravchenko <[email protected]> * add a link to parsers documentation Signed-off-by: Tetiana Kravchenko <[email protected]> * bump package version to 1.8.0; add node.annotations. and namespace_annotations.* fields Signed-off-by: Tetiana Kravchenko <[email protected]> * add container parser link to the documentation Signed-off-by: Tetiana Kravchenko <[email protected]> * add multiline configuration example Signed-off-by: Tetiana Kravchenko <[email protected]>
- Loading branch information
1 parent
09cc8cb
commit 1dbbe4e
Showing
9 changed files
with
201 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
113 changes: 113 additions & 0 deletions
113
packages/kubernetes/data_stream/container_logs/sample_event.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
{ | ||
"container": { | ||
"image": { | ||
"name": "nginx:1.14.2" | ||
}, | ||
"runtime": "containerd", | ||
"id": "6a5ac062689963aea9ee83f8e6adc2e1d658b280c0912e92c275a73c278ecd38" | ||
}, | ||
"kubernetes": { | ||
"container": { | ||
"name": "nginx" | ||
}, | ||
"node": { | ||
"uid": "4b2a1961-1526-4ccb-bd8d-738dbbcf97da", | ||
"hostname": "kind-control-plane", | ||
"name": "kind-control-plane", | ||
"labels": { | ||
"node_kubernetes_io/exclude-from-external-load-balancers": "", | ||
"node-role_kubernetes_io/master": "", | ||
"kubernetes_io/hostname": "kind-control-plane", | ||
"node-role_kubernetes_io/control-plane": "", | ||
"beta_kubernetes_io/os": "linux", | ||
"kubernetes_io/arch": "amd64", | ||
"kubernetes_io/os": "linux", | ||
"beta_kubernetes_io/arch": "amd64" | ||
} | ||
}, | ||
"pod": { | ||
"uid": "bf2630e4-b6fa-4477-a6d0-ebf62d3ad495", | ||
"ip": "10.244.0.10", | ||
"name": "nginx-deployment-66b6c48dd5-ffdxp" | ||
}, | ||
"namespace": "default", | ||
"replicaset": { | ||
"name": "nginx-deployment-66b6c48dd5" | ||
}, | ||
"namespace_uid": "2774c099-c88d-4819-b87c-d0a6d7a3fc99", | ||
"namespace_labels": { | ||
"kubernetes_io/metadata_name": "default" | ||
}, | ||
"deployment": { | ||
"name": "nginx-deployment" | ||
}, | ||
"labels": { | ||
"app": "nginx", | ||
"pod-template-hash": "66b6c48dd5" | ||
} | ||
}, | ||
"agent": { | ||
"name": "kind-control-plane", | ||
"id": "ae6e5950-8f6c-44a2-a801-1f8a21129d53", | ||
"type": "filebeat", | ||
"ephemeral_id": "fa7a4f61-3c25-43af-8765-350c5d7be20b", | ||
"version": "8.1.0" | ||
}, | ||
"log": { | ||
"file": { | ||
"path": "/var/log/containers/nginx-deployment-66b6c48dd5-ffdxp_default_nginx-6a5ac062689963aea9ee83f8e6adc2e1d658b280c0912e92c275a73c278ecd38.log" | ||
}, | ||
"offset": 3673 | ||
}, | ||
"elastic_agent": { | ||
"id": "ae6e5950-8f6c-44a2-a801-1f8a21129d53", | ||
"version": "8.1.0", | ||
"snapshot": true | ||
}, | ||
"message": "127.0.0.1 - - [14/Dec/2021:09:42:30 +0000] \"GET / HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0\" \"-\"", | ||
"orchestrator": { | ||
"cluster": { | ||
"name": "kind", | ||
"url": "kind-control-plane:6443" | ||
} | ||
}, | ||
"input": { | ||
"type": "filestream" | ||
}, | ||
"@timestamp": "2021-12-14T09:42:30.686Z", | ||
"ecs": { | ||
"version": "8.0.0" | ||
}, | ||
"data_stream": { | ||
"namespace": "default", | ||
"type": "logs", | ||
"dataset": "kubernetes.container_logs" | ||
}, | ||
"host": { | ||
"hostname": "kind-control-plane", | ||
"os": { | ||
"kernel": "5.10.47-linuxkit", | ||
"codename": "Core", | ||
"name": "CentOS Linux", | ||
"family": "redhat", | ||
"type": "linux", | ||
"version": "7 (Core)", | ||
"platform": "centos" | ||
}, | ||
"ip": [ | ||
"10.244.0.1" | ||
], | ||
"containerized": true, | ||
"name": "kind-control-plane", | ||
"id": "f4e2f4a6efe0567a6719dc21d5d05a04", | ||
"mac": [ | ||
"c6:7a:a1:3b:4b:43" | ||
], | ||
"architecture": "x86_64" | ||
}, | ||
"event": { | ||
"agent_id_status": "verified", | ||
"ingested": "2021-12-14T09:42:33Z", | ||
"dataset": "kubernetes.container_logs" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters