Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiline parser for Java/Tomcat logs #364

Open
dev-travelex opened this issue Apr 8, 2024 · 0 comments
Open

Multiline parser for Java/Tomcat logs #364

dev-travelex opened this issue Apr 8, 2024 · 0 comments

Comments

@dev-travelex
Copy link

dev-travelex commented Apr 8, 2024
edited
Loading

I am using cloudwatch_logs for my EKS cluster which hosts a Tomcat webapp. As per this, I don't see any option to have the multiline parser.

Wanted to know how to handle that with the cloudwatch logs. When I added [INPUT], I got an error stating valid ones are filters.conf, output.conf, parsers.conf, flb_log_cw. I am using Terraform here.


locals {
  default_config = {
    output_conf  = <<-EOF
    [OUTPUT]
      Name cloudwatch_logs
      Match kube.*
      region ${var.target_region}
      log_key log
      log_group_name ${local.cwlog_group_fmdev}
      log_stream_prefix ${local.cwlog_stream_prefix_fmdev}
      log_stream_template $kubernetes['pod_name'].$kubernetes['container_name']
      log_retention_days 14
      auto_create_group true
    [OUTPUT]
      Name cloudwatch_logs
      Match kube.*
      region ${var.target_region}
      log_key log
      log_group_name ${local.cwlog_group_testing}
      log_stream_prefix ${local.cwlog_stream_prefix_testing}
      log_stream_template $kubernetes['pod_name'].$kubernetes['container_name']
      log_retention_days 14
      auto_create_group true
    [OUTPUT]
      Name cloudwatch_logs
      Match kube.*
      region ${var.target_region}
      log_key log
      log_group_name ${local.cwlog_group_uat}
      log_stream_prefix ${local.cwlog_stream_prefix_uat}
      log_stream_template $kubernetes['pod_name'].$kubernetes['container_name']
      log_retention_days 14
      auto_create_group true
    EOF
    filters_conf = <<-EOF
    [FILTER]
      Name parser
      Match *
      Key_name log
      Parser crio
    [FILTER]
      Name kubernetes
      Match kube.*
      Merge_Log On
      Keep_Log Off
      Buffer_Size 0
      Kube_Meta_Cache_TTL 300s
    [FILTER]
      Name grep
      Match *
      Exclude $kubernetes['container_name'] datadog-agent
    EOF
    parsers_conf = <<-EOF
    [PARSER]
      Name crio
      Format Regex
      Regex \[(?<time>[^\']+)\' (?<log>.*)$
      Time_Key time
      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
    EOF
    flb_log_cw   = false
  }

  config = local.default_config
}

########################
### K8s resources ######
########################

resource "kubernetes_namespace_v1" "aws_observability" {

  metadata {
    name = "aws-observability"

    labels = {
      aws-observability = "enabled"
    }
  }
}

# fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging
resource "kubernetes_config_map_v1" "aws_logging" {
  metadata {
    name      = "aws-logging"
    namespace = "aws-observability"
  }

  data = {
    "parsers.conf" = local.config["parsers_conf"]
    "filters.conf" = local.config["filters_conf"]
    "flb_log_cw"   = local.config["flb_log_cw"]
    "output.conf"  = local.config["output_conf"]
  }
}

Error I got:

Error: Failed to update Config Map: admission webhook "0500-amazon-eks-fargate-configmaps-admission.amazonaws.com" denied the request: input.conf is not valid. Please only provide output.conf, filters.conf, parsers.conf or flb_log_cw in the logging configmap with kubernetes_config_map_v1.aws_logging,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dev-travelex