openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

Merge pull request #70117 from openshift-cherrypick-robot/cherry-pick-69829-to-enterprise-4.15

Browse Source 
[enterprise-4.15] OBSDOCS-83: Removed JSON message field
This commit is contained in:
Ashleigh Brennan
2024-01-11 09:24:49 -06:00
committed by GitHub
parent be91cd6813 6c4a7917aa
commit f65a9a8d75
1 changed files with 5 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/cluster-logging-json-log-forwarding.adoc
View File

@@ -1,9 +1,9 @@
[id="cluster-logging-json-log-forwarding_{context}"]
= Parsing JSON logs
Logs including JSON logs are usually represented as a string inside the `message` field. That makes it hard for users to query specific fields inside a JSON document. OpenShift Logging's Log Forwarding API enables you to parse JSON logs into a structured object and forward them to either OpenShift Logging-managed Elasticsearch or any other third-party system supported by the Log Forwarding API.
You can use a `ClusterLogForwarder` object to parse JSON logs into a structured object and forward them to a supported output.
To illustrate how this works, suppose that you have the following structured JSON log entry.
To illustrate how this works, suppose that you have the following structured JSON log entry:
.Example structured JSON log entry
[source,yaml]
@@ -11,16 +11,7 @@ To illustrate how this works, suppose that you have the following structured JSO
{"level":"info","name":"fred","home":"bedrock"}
----
Normally, the `ClusterLogForwarder` custom resource (CR) forwards that log entry in the `message` field. The `message` field contains the JSON-quoted string equivalent of the JSON log entry, as shown in the following example.
.Example `message` field
[source,yaml]
----
{"message":"{\"level\":\"info\",\"name\":\"fred\",\"home\":\"bedrock\"",
"more fields..."}
----
To enable parsing JSON log, you add `parse: json` to a pipeline in the `ClusterLogForwarder` CR, as shown in the following example.
To enable parsing JSON log, you add `parse: json` to a pipeline in the `ClusterLogForwarder` CR, as shown in the following example:
.Example snippet showing `parse: json`
[source,yaml]
@@ -31,7 +22,7 @@ pipelines:
parse: json
----
When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON-structured log entry in a `structured` field, as shown in the following example. This does not modify the original `message` field.
When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON-structured log entry in a `structured` field, as shown in the following example:
.Example `structured` output containing the structured JSON log entry
[source,yaml]
@@ -42,5 +33,5 @@ When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON
[IMPORTANT]
====
If the log entry does not contain valid structured JSON, the `structured` field will be absent.
If the log entry does not contain valid structured JSON, the `structured` field is absent.
====