Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1737

Loganalytics content must be improved

    Details

    • Similar Issues:

      Description

      Currently Fluentd is only configured to collect logs and send them to log analytics without analyzing application logs content, this means that we can easily search logs based on Kubernetes information like labels, container name,... but once we want to analyse logs contents, we are doomed.
      And especially in the following example we only have a part of the java stacktrace.
      This image should provide different application log behaviors which we can choose based on pod label.

      For instance:
      log_format: nginx
      log_format: tomcat

      Example


      SourceSystem: RestAPI
      TimeGenerated [UTC]: 2018-07-28T10:06:39.593Z
      log_s: at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      stream_s: stdout
      time_s: 1532772373
      docker_container_id_s: 62c5c3f15069621b98bbf4d6cb438d1ce55e92d0a06fba648b70ea48084d3063
      kubernetes_namespace_name_s: default
      kubernetes_pod_name_s: pluginsite-2379806032-qlrz2
      kubernetes_labels_app_s: pluginsite
      kubernetes_labels_logtype_s: archive
      kubernetes_labels_pod_template_hash_s: 2379806032
      kubernetes_labels_type_s: pluginsite
      kubernetes_host_s: k8s-agent-4c94e966-1
      kubernetes_container_name_s: pluginsite
      logtype_s: archive
      kubernetes_pod_id_g: 8cb92e04-528a-11e8-8459-000d3a045000
      Type: Kubernetes_CL


        Attachments

          Activity

          Hide
          olblak Olivier Vernin added a comment -

          Azure LogAnalytics provides a regex mechanism to search and create dashboard, so excepted for multi-line logs. the fluentd is right as it is

          Show
          olblak Olivier Vernin added a comment - Azure LogAnalytics provides a regex mechanism to search and create dashboard, so excepted for multi-line logs. the fluentd is right as it is

            People

            • Assignee:
              Unassigned
              Reporter:
              olblak Olivier Vernin
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: