feat(logs): add format setting

CHANGELOG.md

@@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - feat: add option to specify additionalEndpoints for metrics [#2788]
 - chore: upgrade kubernetes-setup to v3.5.0 [#2785]
 - feat(logs): parse JSON logs [#2773]
+- feat(logs): add format setting [#2794]
 
 ### Fixed
 
@@ -50,6 +51,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#2791]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2791
 [#2773]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2773
 [#2790]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2790
+[#2794]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2794
 [v1.15.3-sumo-0]: https://github.com/SumoLogic/sumologic-kubernetes-fluentd/releases/tag/v1.15.3-sumo-0
 [Unreleased]: https://github.com/SumoLogic/sumologic-kubernetes-collection/compare/v3.0.0-beta.0...main
 

deploy/helm/sumologic/README.md

@@ -35,6 +35,7 @@ The following table lists the configurable parameters of the Sumo Logic chart an
 | `sumologic.logs.collector.allowSideBySide`                                       | Allow running otel and Fluent Bit side by side. This will result in duplicated logs being ingested. Only enable this if you're **certain** it's what you want.                                                                                                                                                                                                       | `false`                                                                                                                                                                              |
 | `sumologic.logs.collector.otelcol.enabled`                                       | Enable OpenTelemtry logs collector.                                                                                                                                                                                                                                                                                                                                  | `true`                                                                                                                                                                               |
 | `sumologic.logs.container.enabled`                                               | Enable collecting logs from Kubernetes containers.                                                                                                                                                                                                                                                                                                                   | `true`                                                                                                                                                                               |
+| `sumologic.logs.container.format`                                                | Format for container logs.                                                                                                                                                                                                                                                                                                                                           | `json`                                                                                                                                                                               |
 | `sumologic.logs.multiline.enabled`                                               | Enable multiline detection for Kubernetes container logs.                                                                                                                                                                                                                                                                                                            | `true`                                                                                                                                                                               |
 | `sumologic.logs.multiline.first_line_regex`                                      | Regular expression to match first line of multiline logs.                                                                                                                                                                                                                                                                                                            | `^\[?\d{4}-\d{1,2}-\d{1,2}.\d{2}:\d{2}:\d{2}`                                                                                                                                        |
 | `sumologic.logs.systemd.enabled`                                                 | Enable collecting systemd logs from Kubernets nodes.                                                                                                                                                                                                                                                                                                                 | `true`                                                                                                                                                                               |

deploy/helm/sumologic/conf/logs/otelcol/config.yaml

@@ -27,7 +27,7 @@ extensions:
 exporters:
 {{ if .Values.sumologic.logs.container.enabled }}
   sumologic/containers:
-    log_format: json
+    log_format: {{ include "logs.otelcol.container.exporter.format" . }}
     json_logs:
       add_timestamp: true
       timestamp_key: timestamp

deploy/helm/sumologic/templates/_helpers.tpl

@@ -1576,3 +1576,18 @@ Generate list of remoteWrite endpoints for telegraf configuration
 {{- $endpoints := sortAlpha $endpoints -}}
 {{ $endpoints | join ",\n" }}
 {{- end -}}
+
+{{/*
+Return the log format for the Sumologic exporter for container logs
+
+'{{ include "metric.endpoints" . }}'
+*/}}
+{{- define "logs.otelcol.container.exporter.format" -}}
+{{- if eq .Values.sumologic.logs.container.format "json" -}}
+{{- "json" -}}
+{{- else if eq .Values.sumologic.logs.container.format "text" -}}
+{{- "text" -}}
+{{- else -}}
+{{- fail "`sumologic.logs.container.format` can only be `json` or `text`" -}}
+{{- end -}}
+{{- end -}}

deploy/helm/sumologic/values.yaml

@@ -252,6 +252,10 @@ sumologic:
 
     container:
       enabled: true
+      ## Format to post logs into Sumo: json, text.
+      ## NOTE: Multiline log detection works differently for `text` format. See below link for full reference:
+      ## https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/main/docs/troubleshoot-collection.md#using-text-format
+      format: json
 
       otelcol:
         ## Extra processors for container logs. See [/docs/collecting-container-logs.md](/docs/collecting-container-logs.md) for details.

docs/collecting-container-logs.md

@@ -57,6 +57,73 @@ This feature is enabled by default and the default regex will catch logs startin
 
 This feature can rarely cause problems by merging together lines which are supposed to be separate. In that case, feel free to disable it.
 
+### Log format
+
+There are two log formats available: `json` and `text`. `json` is the default.
+
+#### `json` log format
+
+Logs formatted as `json` are wrapped in a JSON object with additional properties, with the log body residing under the `log` key.
+
+For example, if we take the following log line:
+
+```text
+2007-03-01T13:00:00Z I am a log line
+```
+
+it will show up in Sumo Logic as:
+
+```javascript
+{
+  log: "2007-03-01T13:00:00Z I am a log line",
+  stream: "stdout",
+  timestamp: 1673627100045
+}
+```
+
+If the log line contains json to begin with:
+
+```json
+{"log_property": "value","text": "I am a json log"}
+```
+
+it will be displayed as a nested object inside the `log` key:
+
+```javascript
+{
+  log: {
+    log_property: "value",
+    text: "I am a json log"
+  },
+  stream: "stdout",
+  timestamp: 1673627100045
+}
+```
+
+#### `text` log format
+
+If you'd like to disable the wrapper, you can do so by setting:
+
+```yaml
+sumologic:
+  logs:
+    container:
+      format: text
+```
+
+Then the log lines from the previous section will look like the following in Sumo Logic:
+
+```text
+2007-03-01T13:00:00Z I am a log line
+```
+
+```javascript
+{
+  log_property: "value",
+  text: "I am a json log"
+}
+```
+
 ### Setting source name and other built-in metadata
 
 It's possible to customize the built-in Sumo Logic metadata (like [source name][source_name] for example) for container logs:

tests/helm/logs_test.go

@@ -199,6 +199,30 @@ fluent-bit:
 	require.Contains(t, containersPipeline.Processors, "filter/include-host")
 }
 
+func TestMetadataLogFormatText(t *testing.T) {
+	t.Parallel()
+	templatePath := "templates/logs/otelcol/configmap.yaml"
+	valuesYaml := `
+sumologic:
+  logs:
+    container:
+      format: text
+`
+	otelConfigYaml := GetOtelConfigYaml(t, valuesYaml, templatePath)
+
+	var otelConfig struct {
+		Exporters struct {
+			Containers struct {
+				LogFormat string `yaml:"log_format"`
+			} `yaml:"sumologic/containers"`
+		}
+	}
+	err := yaml.Unmarshal([]byte(otelConfigYaml), &otelConfig)
+	require.NoError(t, err)
+
+	require.Equal(t, "text", otelConfig.Exporters.Containers.LogFormat)
+}
+
 func TestCollectorOtelConfigMerge(t *testing.T) {
 	t.Parallel()
 	templatePath := "templates/logs/collector/otelcol/configmap.yaml"