add logparsers CRs to telemetry fluent bit (kyma-project#15062)

* add logparsers CRs to telemetry fluent bit * bump telemetry version * add proper version * add proper version 2
piotrmiskiewicz · Aug 10, 2022 · 721bfd5 · 721bfd5
1 parent 67786a9
commit 721bfd5
Show file tree

Hide file tree

Showing 2 changed files with 189 additions and 1 deletion.
diff --git a/resources/telemetry/charts/fluent-bit/templates/kyma-additions/logparsers.yaml b/resources/telemetry/charts/fluent-bit/templates/kyma-additions/logparsers.yaml
@@ -0,0 +1,188 @@
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: apache
+spec:
+  parser: |
+    Format regex
+    Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
+    Time_Key time
+    Time_Format %d/%b/%Y:%H:%M:%S %z
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: apache2
+spec:
+  parser: |
+    Format regex
+    Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>.*)")?$
+    Time_Key time
+    Time_Format %d/%b/%Y:%H:%M:%S %z
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: apache-error
+spec:
+  parser: |
+    Format regex
+    Regex  ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: nginx
+spec:
+  parser: |
+    Format regex
+    Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")
+    Time_Key time
+    Time_Format %d/%b/%Y:%H:%M:%S %z
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: k8s-nginx-ingress
+spec:
+  parser: |
+    # https://rubular.com/r/IhIbCAIs7ImOkc
+    Format      regex
+    Regex       ^(?<host>[^ ]*) - (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*) "(?<referer>[^\"]*)" "(?<agent>[^\"]*)" (?<request_length>[^ ]*) (?<request_time>[^ ]*) \[(?<proxy_upstream_name>[^ ]*)\] (\[(?<proxy_alternative_upstream_name>[^ ]*)\] )?(?<upstream_addr>[^ ]*) (?<upstream_response_length>[^ ]*) (?<upstream_response_time>[^ ]*) (?<upstream_status>[^ ]*) (?<reg_id>[^ ]*).*$
+    Time_Key    time
+    Time_Format %d/%b/%Y:%H:%M:%S %z
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: json
+spec:
+  parser: |
+    Format json
+    Time_Key time
+    Time_Format %d/%b/%Y:%H:%M:%S %z
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: docker
+spec:
+  parser: |
+    Format       json
+    Time_Key     time
+    Time_Format  %Y-%m-%dT%H:%M:%S.%L
+    Time_Keep    On
+    # --
+    # Since Fluent Bit v1.2, if you are parsing Docker logs and using
+    # the Kubernetes filter, it's not longer required to decode the
+    # 'log' key.
+    #
+    # Command      |  Decoder | Field | Optional Action
+    # =============|==================|=================
+    #Decode_Field_As    json     log
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: docker-daemon
+spec:
+  parser: |
+    Format      regex
+    Regex       time="(?<time>[^ ]*)" level=(?<level>[^ ]*) msg="(?<msg>[^ ].*)"
+    Time_Key    time
+    Time_Format %Y-%m-%dT%H:%M:%S.%L
+    Time_Keep   On
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: syslog-rfc5424
+spec:
+  parser: |
+    Format      regex
+    Regex       ^\<(?<pri>[0-9]{1,5})\>1 (?<time>[^ ]+) (?<host>[^ ]+) (?<ident>[^ ]+) (?<pid>[-0-9]+) (?<msgid>[^ ]+) (?<extradata>(\[(.*?)\]|-)) (?<message>.+)$
+    Time_Key    time
+    Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+    Time_Keep   On
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: syslog-rfc3164-local
+spec:
+  parser: |
+    Format      regex
+    Regex       ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
+    Time_Key    time
+    Time_Format %b %d %H:%M:%S
+    Time_Keep   On
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: syslog-rfc3164
+spec:
+  parser: |
+    Format      regex
+    Regex       /^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$/
+    Time_Key    time
+    Time_Format %b %d %H:%M:%S
+    Time_Keep   On
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: mongodb
+spec:
+  parser: |
+    Format  regex
+    Regex   ^(?<time>[^ ]*)\s+(?<severity>\w)\s+(?<component>[^ ]+)\s+\[(?<context>[^\]]+)]\s+(?<message>.*?) *(?<ms>(\d+))?(:?ms)?$
+    Time_Format %Y-%m-%dT%H:%M:%S.%L
+    Time_Keep   On
+    Time_Key time
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: envoy
+spec:
+  parser: |
+    # https://rubular.com/r/3fVxCrE5iFiZim
+    Format  regex
+    Regex ^\[(?<start_time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)? (?<protocol>\S+)" (?<code>[^ ]*) (?<response_flags>[^ ]*) (?<bytes_received>[^ ]*) (?<bytes_sent>[^ ]*) (?<duration>[^ ]*) (?<x_envoy_upstream_service_time>[^ ]*) "(?<x_forwarded_for>[^ ]*)" "(?<user_agent>[^\"]*)" "(?<request_id>[^\"]*)" "(?<authority>[^ ]*)" "(?<upstream_host>[^ ]*)"
+    Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+    Time_Keep   On
+    Time_Key start_time
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: cri
+spec:
+  parser: |
+    # http://rubular.com/r/tjUt3Awgg4
+    Format regex
+    Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$
+    Time_Key    time
+    Time_Format %Y-%m-%dT%H:%M:%S.%L%z
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: kube-custom
+spec:
+  parser: |
+    Format  regex
+    Regex   (?<tag>[^.]+)?\.?(?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$
+
+---
+apiVersion: telemetry.kyma-project.io/v1alpha1
+kind: LogParser
+metadata:
+  name: java
+spec:
+  parser: |
+    Format            regex
+    Regex             ^(?<time>\d{4}-\d{1,2}-\d{1,2} \d{1,2}:\d{1,2}:\d{1,2},\d{1,3}) (?<level>[^\s]+) \[(?<thread>.*)\] (?<message>.*)
+    Time_Key          time
+    Time_Format       %Y-%m-%d %H:%M:%S,%L
diff --git a/resources/telemetry/values.yaml b/resources/telemetry/values.yaml
@@ -4,7 +4,7 @@ global:
   images:
     telemetry_operator:
       name: "telemetry-operator"
-      version: "PR-15030"
+      version: "PR-15054"
     fluent_bit:
       name: "fluent-bit"
       version: "1.9.6-fdfefada"