-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider allowing configuring journald receiver to turn on --all
flag
#30920
Comments
--all
flag--all
flag
Pinging code owners for receiver/journald: @sumo-drosiek @djaglowski. See Adding Labels via Comments if you do not have permissions to add labels yourself. |
Seems reasonable to me as long as it's optional and off by default. WDYT @sumo-drosiek? |
Totally agree. This flag seems to be worth to add it. @meridional Would you like to add it by yourself? I can do it if not :) |
Yes, I can take a stab at it. |
**Description:** This commit adds support for `all` to journald receiver, which allows full output, including unprintable characters and lines that are too long. **Link to tracking Issue:** #30920 **Testing:** unit test and manual test. **Documentation:** receiver/journaldreceiver/README.md and pkg/stanza/docs/operators/journald_input.md
Dear All, We want to forward log lines containing unprintable characters to our logging system and therefore would like to use this feature. Unfortunately, it did not work with the We found out that adding the option journalctl --utc --output=json --follow --priority info --directory /var/log/journal _SYSTEMD_USER_UNIT=target.service --all This looks good but unfortunately the
So the option I compared this like this and it indeed has this effect: This does not print unprintable characters but creates a byte array While this does print them There is some more context about this problem in these issues on Github: 1, 2, these issues seem to be undecided for me, it is unclear if it was intended such that Thank you in advance, Kind regards Robert otelcol --version
otelcontribcol version 0.95.0-dev
journalctl --version
systemd 252 (252-18.el9)
+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS -FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified |
I will have to look at it closer. @RobertFloor Could you share example logs, and what do you expect them to be? |
Hi unfortunately I cannot provide company logs, but this example shows the gist of it: # We add binary data to a journalctl log
-bash-4.3# printf "hey\rho\n" | systemd-cat -t HOLA
# It is shown as binary
-bash-4.3# journalctl -t HOLA --no-pager -q
systemd-testsuite HOLA[251]: [6B blob data]
# JSON logging creates a byte array
-bash-4.3# journalctl -t HOLA --no-pager -q -o json
{......,"MESSAGE":[104,101,121,13,104,111],"....."}
# JSON logging creates a byte array, --all has no effect
-bash-4.3# journalctl -t HOLA --no-pager -q -o json --all
{......,"MESSAGE":[104,101,121,13,104,111],"....."}
# This shows the binary data
journalctl -t HOLA --no-pager -q --all
HOLA[3416096]: hey This behavior is necessary, otherwise, a non-printable character would break the json structure $ printf '{"key": "value\rvalue"}' | jq
parse error: Invalid string: control characters from U+0000 through U+001F must be escaped at line 1, column 21 I agree that not using json is impossible, but the |
Yes, but we could convert it to the following form (which is correct as I think):
|
Component(s)
journald receiver.
Is your feature request related to a problem? Please describe.
Currently, journald receiver works by piping data from
journalctl -u <unit> -output=json ...
.Without
--all
flag, journalctl will output a json object where.MESSAGE=null
if the message has more than 4096 characters (see https://man7.org/linux/man-pages/man1/journalctl.1.html), effectively dropping the log line.Describe the solution you'd like
Add a configuration to journald receiver to allow users to turn on the
--all
flag. This config defaults to be turned off.Describe alternatives you've considered
Add
--all
flag unconditionally. This might have performance implications as indicated by journalctl documentation.Additional context
No response
The text was updated successfully, but these errors were encountered: