diff --git a/CHANGELOG.md b/CHANGELOG.md index 40dd0aff37..85c4d3c296 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - feat: add option to specify additionalEndpoints for metrics [#2788] - chore: upgrade kubernetes-setup to v3.5.0 [#2785] - feat(logs): parse JSON logs [#2773] +- feat(logs): add format setting [#2794] ### Fixed @@ -50,6 +51,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [#2791]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2791 [#2773]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2773 [#2790]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2790 +[#2794]: https://github.com/SumoLogic/sumologic-kubernetes-collection/pull/2794 [v1.15.3-sumo-0]: https://github.com/SumoLogic/sumologic-kubernetes-fluentd/releases/tag/v1.15.3-sumo-0 [Unreleased]: https://github.com/SumoLogic/sumologic-kubernetes-collection/compare/v3.0.0-beta.0...main diff --git a/deploy/helm/sumologic/README.md b/deploy/helm/sumologic/README.md index a6874f84ee..678f5f1b81 100644 --- a/deploy/helm/sumologic/README.md +++ b/deploy/helm/sumologic/README.md @@ -35,6 +35,7 @@ The following table lists the configurable parameters of the Sumo Logic chart an | `sumologic.logs.collector.allowSideBySide` | Allow running otel and Fluent Bit side by side. This will result in duplicated logs being ingested. Only enable this if you're **certain** it's what you want. | `false` | | `sumologic.logs.collector.otelcol.enabled` | Enable OpenTelemtry logs collector. | `true` | | `sumologic.logs.container.enabled` | Enable collecting logs from Kubernetes containers. | `true` | +| `sumologic.logs.container.format` | Format for container logs. | `json` | | `sumologic.logs.multiline.enabled` | Enable multiline detection for Kubernetes container logs. | `true` | | `sumologic.logs.multiline.first_line_regex` | Regular expression to match first line of multiline logs. | `^\[?\d{4}-\d{1,2}-\d{1,2}.\d{2}:\d{2}:\d{2}` | | `sumologic.logs.systemd.enabled` | Enable collecting systemd logs from Kubernets nodes. | `true` | diff --git a/deploy/helm/sumologic/conf/logs/otelcol/config.yaml b/deploy/helm/sumologic/conf/logs/otelcol/config.yaml index 3b43cdd6b9..3a141e782d 100644 --- a/deploy/helm/sumologic/conf/logs/otelcol/config.yaml +++ b/deploy/helm/sumologic/conf/logs/otelcol/config.yaml @@ -27,7 +27,7 @@ extensions: exporters: {{ if .Values.sumologic.logs.container.enabled }} sumologic/containers: - log_format: json + log_format: {{ include "logs.otelcol.container.exporter.format" . }} json_logs: add_timestamp: true timestamp_key: timestamp diff --git a/deploy/helm/sumologic/templates/_helpers.tpl b/deploy/helm/sumologic/templates/_helpers.tpl index b074f7636c..7549534ef0 100644 --- a/deploy/helm/sumologic/templates/_helpers.tpl +++ b/deploy/helm/sumologic/templates/_helpers.tpl @@ -1576,3 +1576,18 @@ Generate list of remoteWrite endpoints for telegraf configuration {{- $endpoints := sortAlpha $endpoints -}} {{ $endpoints | join ",\n" }} {{- end -}} + +{{/* +Return the log format for the Sumologic exporter for container logs + +'{{ include "metric.endpoints" . }}' +*/}} +{{- define "logs.otelcol.container.exporter.format" -}} +{{- if eq .Values.sumologic.logs.container.format "json" -}} +{{- "json" -}} +{{- else if eq .Values.sumologic.logs.container.format "text" -}} +{{- "text" -}} +{{- else -}} +{{- fail "`sumologic.logs.container.format` can only be `json` or `text`" -}} +{{- end -}} +{{- end -}} diff --git a/deploy/helm/sumologic/values.yaml b/deploy/helm/sumologic/values.yaml index 6d22b8d49a..7d30899411 100644 --- a/deploy/helm/sumologic/values.yaml +++ b/deploy/helm/sumologic/values.yaml @@ -252,6 +252,10 @@ sumologic: container: enabled: true + ## Format to post logs into Sumo: json, text. + ## NOTE: Multiline log detection works differently for `text` format. See below link for full reference: + ## https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/main/docs/troubleshoot-collection.md#using-text-format + format: json otelcol: ## Extra processors for container logs. See [/docs/collecting-container-logs.md](/docs/collecting-container-logs.md) for details. diff --git a/docs/collecting-container-logs.md b/docs/collecting-container-logs.md index 7ef1eb2d98..259e97d39e 100644 --- a/docs/collecting-container-logs.md +++ b/docs/collecting-container-logs.md @@ -57,6 +57,73 @@ This feature is enabled by default and the default regex will catch logs startin This feature can rarely cause problems by merging together lines which are supposed to be separate. In that case, feel free to disable it. +### Log format + +There are two log formats available: `json` and `text`. `json` is the default. + +#### `json` log format + +Logs formatted as `json` are wrapped in a JSON object with additional properties, with the log body residing under the `log` key. + +For example, if we take the following log line: + +```text +2007-03-01T13:00:00Z I am a log line +``` + +it will show up in Sumo Logic as: + +```javascript +{ + log: "2007-03-01T13:00:00Z I am a log line", + stream: "stdout", + timestamp: 1673627100045 +} +``` + +If the log line contains json to begin with: + +```json +{"log_property": "value","text": "I am a json log"} +``` + +it will be displayed as a nested object inside the `log` key: + +```javascript +{ + log: { + log_property: "value", + text: "I am a json log" + }, + stream: "stdout", + timestamp: 1673627100045 +} +``` + +#### `text` log format + +If you'd like to disable the wrapper, you can do so by setting: + +```yaml +sumologic: + logs: + container: + format: text +``` + +Then the log lines from the previous section will look like the following in Sumo Logic: + +```text +2007-03-01T13:00:00Z I am a log line +``` + +```javascript +{ + log_property: "value", + text: "I am a json log" +} +``` + ### Setting source name and other built-in metadata It's possible to customize the built-in Sumo Logic metadata (like [source name][source_name] for example) for container logs: diff --git a/tests/helm/logs_test.go b/tests/helm/logs_test.go index 91b2951f4e..8d32e12a23 100644 --- a/tests/helm/logs_test.go +++ b/tests/helm/logs_test.go @@ -199,6 +199,30 @@ fluent-bit: require.Contains(t, containersPipeline.Processors, "filter/include-host") } +func TestMetadataLogFormatText(t *testing.T) { + t.Parallel() + templatePath := "templates/logs/otelcol/configmap.yaml" + valuesYaml := ` +sumologic: + logs: + container: + format: text +` + otelConfigYaml := GetOtelConfigYaml(t, valuesYaml, templatePath) + + var otelConfig struct { + Exporters struct { + Containers struct { + LogFormat string `yaml:"log_format"` + } `yaml:"sumologic/containers"` + } + } + err := yaml.Unmarshal([]byte(otelConfigYaml), &otelConfig) + require.NoError(t, err) + + require.Equal(t, "text", otelConfig.Exporters.Containers.LogFormat) +} + func TestCollectorOtelConfigMerge(t *testing.T) { t.Parallel() templatePath := "templates/logs/collector/otelcol/configmap.yaml"