-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[exporter/splunkhec] Allow to drop log messages longer than a given max length #18066
Comments
Hey @atoulme, I am not 100% sure of the requirements here. We can break events to fix the max limit, but we can not merge those events again into splunk AFAIK. From the description, it looks like you are asking to add a unique id (and maybe the sequence number) to those broken events to group them together in the search. For example, {"fields":{}, "event":"event1"}
{"fields":{}, "event":"event2"} It will be converted to: {"fields":{"id":"id-1", "seq-no":1}, "event":"event1.1"}
{"fields":{"id":"id-1", "seq-no":2}, "event":"event1.2"}
{"fields":{"id":"id-1", "seq-no":3}, "event":"event1.3"}
{"fields":{"id":"id-2", "seq-no":1}, "event":"event2.1"}
{"fields":{"id":"id-2", "seq-no":2}, "event":"event2.2"} Let me know if I am not interpreting it correctly. |
Pinging code owners for exporter/splunkhec: @atoulme @dmitryax. See Adding Labels via Comments if you do not have permissions to add labels yourself. |
No, we probably cannot merge them back, but I guess that is fine. Yes, the unique id and sequence number sounds good to me. |
I'll take a crack at this using @harshit-splunk 's comment as a jumping off point |
Talking about this with other folks, it appears splitting log messages should be done explicitly with a transformprocessor rather than try to do this in the exporter. We should abandon this approach. |
signalfx/splunk-otel-collector-chart#696 (comment) |
@atoulme does this look good? |
lgtm, go for it. |
Added a new config to apply the maxEventSize on our data. - It applies this limit on uncompressed data Link to tracking Issue: #18066 --------- Co-authored-by: Antoine Toulme <[email protected]>
@atoulme I think we can close this one as PR is merged |
@atoulme @VihasMakwana, this issue sounds a bit different from the implementation done in #20752: The issue and the name of the configuration Do we really need another batch limit with a confusing name? I'd suggest we make it applied to individual log records and keep |
Ah, that is a bug then. |
Yes, this is not implemented properly, apologies. https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/20752/files#r1194214914 has the offending line. |
PR is out with the fix. |
Component(s)
exporter/splunkhec
Is your feature request related to a problem? Please describe.
Log records can have an indefinite size, and we want to make sure we don't overwhelm backends when we send logs.
Describe the solution you'd like
Allow the user to configure a max length for a log record of up to a fixed amount.
If a log record is longer than the max set, cut it into parts that fit in the limit, and add a field that identifies that this part of a series.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: