From 7307c3867fefb725a898190a4ef11f7567b76c5d Mon Sep 17 00:00:00 2001 From: Antoine Toulme Date: Mon, 30 Oct 2023 09:38:45 -0700 Subject: [PATCH 1/4] add combineWith to multiline options --- .chloggen/recombine_with_field.yaml | 12 ++++++++++++ docs/advanced-configuration.md | 1 + .../templates/config/_otel-agent.tpl | 1 + helm-charts/splunk-otel-collector/values.yaml | 1 + 4 files changed, 15 insertions(+) create mode 100644 .chloggen/recombine_with_field.yaml diff --git a/.chloggen/recombine_with_field.yaml b/.chloggen/recombine_with_field.yaml new file mode 100644 index 0000000000..c646781968 --- /dev/null +++ b/.chloggen/recombine_with_field.yaml @@ -0,0 +1,12 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: enhancement +# The name of the component, or a single word describing the area of concern, (e.g. agent, clusterReceiver, gateway, networkExplorer, operator, chart, other) +component: agent +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Add combineWith field to multiline configuration +# One or more tracking issues related to the change +issues: [756] +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/docs/advanced-configuration.md b/docs/advanced-configuration.md index 251b06a7c5..bbcbede90d 100644 --- a/docs/advanced-configuration.md +++ b/docs/advanced-configuration.md @@ -474,6 +474,7 @@ logsCollection: containerName: value: server firstEntryRegex: ^[^\s].* + combineWith: "" ``` Use https://regex101.com/ to find a golang regex that works for your format and specify it in the config file for the config option `firstEntryRegex`. diff --git a/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl b/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl index 7dbdfd3185..9ba0e53a0b 100644 --- a/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl +++ b/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl @@ -409,6 +409,7 @@ receivers: combine_field: attributes.log is_first_entry: '(attributes.log) matches {{ .firstEntryRegex | quote }}' max_log_size: {{ $.Values.logsCollection.containers.maxRecombineLogSize }} + combine_with: {{ .combineWith | default "\n" | quote }} {{- end }} {{- end }} # Clean up log record diff --git a/helm-charts/splunk-otel-collector/values.yaml b/helm-charts/splunk-otel-collector/values.yaml index a4afbca43a..b3f09089d1 100644 --- a/helm-charts/splunk-otel-collector/values.yaml +++ b/helm-charts/splunk-otel-collector/values.yaml @@ -587,6 +587,7 @@ logsCollection: # containerName: # value: server # firstEntryRegex: ^[^\s].* + # combineWith: "" multilineConfigs: [] # Set useSplunkIncludeAnnotation flag to `true` to collect logs from pods with `splunk.com/include: true` annotation and ignore others. # All other logs will be ignored. From c2e58b077a571e68cd23caa2c5b2bc4af439d390 Mon Sep 17 00:00:00 2001 From: Antoine Toulme Date: Mon, 30 Oct 2023 13:34:32 -0700 Subject: [PATCH 2/4] Add multiline config to example --- examples/only-logs-otel/only-logs-otel-values.yaml | 12 ++++++++++++ .../rendered_manifests/configmap-agent.yaml | 14 ++++++++++++++ .../rendered_manifests/daemonset.yaml | 2 +- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/examples/only-logs-otel/only-logs-otel-values.yaml b/examples/only-logs-otel/only-logs-otel-values.yaml index e32d67ac71..a34acb6b1b 100644 --- a/examples/only-logs-otel/only-logs-otel-values.yaml +++ b/examples/only-logs-otel/only-logs-otel-values.yaml @@ -7,3 +7,15 @@ splunkObservability: tracesEnabled: false logsEngine: otel +logsCollection: + containers: + multilineConfigs: + - namespaceName: + value: default + podName: + value: buttercup-app-.* + useRegexp: true + containerName: + value: server + firstEntryRegex: ^[^\s].* + combineWith: "\t" diff --git a/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml b/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml index f86b4ab0db..accc38ddda 100644 --- a/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml +++ b/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml @@ -227,6 +227,20 @@ data: - from: attributes["log.file.path"] to: resource["com.splunk.source"] type: move + - default: clean-up-log-record + routes: + - expr: (resource["k8s.namespace.name"]) == "default" && (resource["k8s.pod.name"]) + matches "buttercup-app-.*" && (resource["k8s.container.name"]) == "server" + output: default_buttercup-app-.*_server + type: router + - combine_field: attributes.log + combine_with: "\t" + id: default_buttercup-app-.*_server + is_first_entry: (attributes.log) matches "^[^\\s].*" + max_log_size: 1048576 + output: clean-up-log-record + source_identifier: resource["com.splunk.source"] + type: recombine - from: attributes.log id: clean-up-log-record to: body diff --git a/examples/only-logs-otel/rendered_manifests/daemonset.yaml b/examples/only-logs-otel/rendered_manifests/daemonset.yaml index 580fe54a42..9b5df87df1 100644 --- a/examples/only-logs-otel/rendered_manifests/daemonset.yaml +++ b/examples/only-logs-otel/rendered_manifests/daemonset.yaml @@ -31,7 +31,7 @@ spec: component: otel-collector-agent release: default annotations: - checksum/config: 82c6445c679f194d080fa8bd2763321f93e84c16fa3cb7217750960f4348e1ee + checksum/config: 518596dd0bfcc27059fdef2d78839a0f496454e695d2bc5393f134f4c3eafda3 kubectl.kubernetes.io/default-container: otel-collector spec: hostNetwork: true From ade498a3e293f294974fbae5a72949b490e62e81 Mon Sep 17 00:00:00 2001 From: Antoine Toulme Date: Mon, 30 Oct 2023 13:46:11 -0700 Subject: [PATCH 3/4] support empty strings and default value properly --- .../only-logs-otel/only-logs-otel-values.yaml | 17 ++++++++++++++ .../rendered_manifests/configmap-agent.yaml | 22 +++++++++++++++++++ .../rendered_manifests/daemonset.yaml | 2 +- .../templates/config/_otel-agent.tpl | 6 ++++- 4 files changed, 45 insertions(+), 2 deletions(-) diff --git a/examples/only-logs-otel/only-logs-otel-values.yaml b/examples/only-logs-otel/only-logs-otel-values.yaml index a34acb6b1b..d61e88c77b 100644 --- a/examples/only-logs-otel/only-logs-otel-values.yaml +++ b/examples/only-logs-otel/only-logs-otel-values.yaml @@ -19,3 +19,20 @@ logsCollection: value: server firstEntryRegex: ^[^\s].* combineWith: "\t" + - namespaceName: + value: k8s-nm2 + podName: + value: foo-app-.* + useRegexp: true + containerName: + value: client + firstEntryRegex: ^[^\s].* + combineWith: "" + - namespaceName: + value: k8s-nm3 + podName: + value: foo-app-.* + useRegexp: true + containerName: + value: server + firstEntryRegex: ^[^\s].* diff --git a/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml b/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml index accc38ddda..702ba1f37c 100644 --- a/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml +++ b/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml @@ -232,6 +232,12 @@ data: - expr: (resource["k8s.namespace.name"]) == "default" && (resource["k8s.pod.name"]) matches "buttercup-app-.*" && (resource["k8s.container.name"]) == "server" output: default_buttercup-app-.*_server + - expr: (resource["k8s.namespace.name"]) == "k8s-nm2" && (resource["k8s.pod.name"]) + matches "foo-app-.*" && (resource["k8s.container.name"]) == "client" + output: k8s-nm2_foo-app-.*_client + - expr: (resource["k8s.namespace.name"]) == "k8s-nm3" && (resource["k8s.pod.name"]) + matches "foo-app-.*" && (resource["k8s.container.name"]) == "server" + output: k8s-nm3_foo-app-.*_server type: router - combine_field: attributes.log combine_with: "\t" @@ -241,6 +247,22 @@ data: output: clean-up-log-record source_identifier: resource["com.splunk.source"] type: recombine + - combine_field: attributes.log + combine_with: "" + id: k8s-nm2_foo-app-.*_client + is_first_entry: (attributes.log) matches "^[^\\s].*" + max_log_size: 1048576 + output: clean-up-log-record + source_identifier: resource["com.splunk.source"] + type: recombine + - combine_field: attributes.log + combine_with: \n + id: k8s-nm3_foo-app-.*_server + is_first_entry: (attributes.log) matches "^[^\\s].*" + max_log_size: 1048576 + output: clean-up-log-record + source_identifier: resource["com.splunk.source"] + type: recombine - from: attributes.log id: clean-up-log-record to: body diff --git a/examples/only-logs-otel/rendered_manifests/daemonset.yaml b/examples/only-logs-otel/rendered_manifests/daemonset.yaml index 9b5df87df1..a610eabf08 100644 --- a/examples/only-logs-otel/rendered_manifests/daemonset.yaml +++ b/examples/only-logs-otel/rendered_manifests/daemonset.yaml @@ -31,7 +31,7 @@ spec: component: otel-collector-agent release: default annotations: - checksum/config: 518596dd0bfcc27059fdef2d78839a0f496454e695d2bc5393f134f4c3eafda3 + checksum/config: d1dc83e964da43e81f1a7d845fe604e22858d82d1b799ee8b40e32b040bf72d4 kubectl.kubernetes.io/default-container: otel-collector spec: hostNetwork: true diff --git a/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl b/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl index 9ba0e53a0b..fcd4a55467 100644 --- a/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl +++ b/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl @@ -409,7 +409,11 @@ receivers: combine_field: attributes.log is_first_entry: '(attributes.log) matches {{ .firstEntryRegex | quote }}' max_log_size: {{ $.Values.logsCollection.containers.maxRecombineLogSize }} - combine_with: {{ .combineWith | default "\n" | quote }} + {{- if hasKey . "combineWith" }} + combine_with: {{ .combineWith | quote }} + {{- else }} + combine_with: "\\n" + {{- end }} {{- end }} {{- end }} # Clean up log record From b3aaa6cffb1fc8aa9520faeb3a840e8b1312b809 Mon Sep 17 00:00:00 2001 From: Antoine Toulme Date: Tue, 31 Oct 2023 15:34:48 -0700 Subject: [PATCH 4/4] code review --- examples/only-logs-otel/only-logs-otel-values.yaml | 5 +++-- .../only-logs-otel/rendered_manifests/configmap-agent.yaml | 1 - examples/only-logs-otel/rendered_manifests/daemonset.yaml | 2 +- .../splunk-otel-collector/templates/config/_otel-agent.tpl | 2 -- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/examples/only-logs-otel/only-logs-otel-values.yaml b/examples/only-logs-otel/only-logs-otel-values.yaml index d61e88c77b..4b10cd0e83 100644 --- a/examples/only-logs-otel/only-logs-otel-values.yaml +++ b/examples/only-logs-otel/only-logs-otel-values.yaml @@ -18,7 +18,7 @@ logsCollection: containerName: value: server firstEntryRegex: ^[^\s].* - combineWith: "\t" + combineWith: "\t" # Recombine entries together with a tab character. - namespaceName: value: k8s-nm2 podName: @@ -27,7 +27,7 @@ logsCollection: containerName: value: client firstEntryRegex: ^[^\s].* - combineWith: "" + combineWith: "" # Recombine entries without a separator. - namespaceName: value: k8s-nm3 podName: @@ -36,3 +36,4 @@ logsCollection: containerName: value: server firstEntryRegex: ^[^\s].* + # Recombine entries with the default separator, "\n". diff --git a/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml b/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml index 702ba1f37c..d527c1340a 100644 --- a/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml +++ b/examples/only-logs-otel/rendered_manifests/configmap-agent.yaml @@ -256,7 +256,6 @@ data: source_identifier: resource["com.splunk.source"] type: recombine - combine_field: attributes.log - combine_with: \n id: k8s-nm3_foo-app-.*_server is_first_entry: (attributes.log) matches "^[^\\s].*" max_log_size: 1048576 diff --git a/examples/only-logs-otel/rendered_manifests/daemonset.yaml b/examples/only-logs-otel/rendered_manifests/daemonset.yaml index a610eabf08..df92247f74 100644 --- a/examples/only-logs-otel/rendered_manifests/daemonset.yaml +++ b/examples/only-logs-otel/rendered_manifests/daemonset.yaml @@ -31,7 +31,7 @@ spec: component: otel-collector-agent release: default annotations: - checksum/config: d1dc83e964da43e81f1a7d845fe604e22858d82d1b799ee8b40e32b040bf72d4 + checksum/config: 4f78d6630e152af9891dda63bcdfc713718524850c2de9794b88ba005c4875ec kubectl.kubernetes.io/default-container: otel-collector spec: hostNetwork: true diff --git a/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl b/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl index fcd4a55467..76db14223b 100644 --- a/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl +++ b/helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl @@ -411,8 +411,6 @@ receivers: max_log_size: {{ $.Values.logsCollection.containers.maxRecombineLogSize }} {{- if hasKey . "combineWith" }} combine_with: {{ .combineWith | quote }} - {{- else }} - combine_with: "\\n" {{- end }} {{- end }} {{- end }}