Parser
Parser filters can be used to extract key-value pairs from message data. Logging operator currently supports the following parsers:
Regexp parser
The regexp parser can use regular expressions to parse fields from a message.
filters:
- parser:
regexp:
patterns:
- ".*test_field -> (?<test_field>.*)$"
prefix: .regexp.
For details, see the documentation of the AxoSyslog syslog-ng distribution.
Syslog parser
The syslog parser can parse syslog messages. For details, see the documentation of the AxoSyslog syslog-ng distribution.
filters:
- parser:
syslog-parser: {}
Configuration
Parser
regexp (*RegexpParser, optional)
Default: -
syslog-parser (*SyslogParser, optional)
Default: -
metrics-probe (*MetricsProbe, optional)
Counts the messages that pass through the flow, and creates labeled stats counters based on the fields of the passing messages. For details, see the documentation of the AxoSyslog syslog-ng distribution.
Regexp parser
patterns ([]string, required)
The regular expression patterns that you want to find a match. regexp-parser()
supports multiple patterns, and stops the processing at the first successful match. For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.
Default: -
prefix (string, optional)
Insert a prefix before the name part of the parsed name-value pairs to help further processing. For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.
Default: -
template (string, optional)
Specify a template of the record fields to match against. For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.
Default: -
flags ([]string, optional)
Flags to influence the behavior of the regexp-parser(). For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.
Default: -
SyslogParser
flags ([]string, optional)
Flags to influence the behavior of the syslog-parser(). For details, see the syslog-parser() documentation of the AxoSyslog syslog-ng distribution.
Default: -
MetricsProbe
Counts the messages that pass through the flow, and creates labeled stats counters based on the fields of the passing messages. For details, see the documentation of the AxoSyslog syslog-ng distribution.
SyslogNGFlow
apiVersion: logging.banzaicloud.io/v1beta1
kind: SyslogNGFlow
metadata:
name: flow-mertrics-probe
namespace: default
spec:
filters:
- parser:
metrics-probe:
key: "flow_events"
labels:
namespace: "${json.kubernetes.namespace_name}"
key (string, optional)
The name of the counter to create. Note that the value of this option is always prefixed with syslogng_
, so for example key("my-custom-key")
becomes syslogng_my-custom-key
.
Default: -
labels (ArrowMap, optional)
The labels used to create separate counters, based on the fields of the messages processed by metrics-probe()
. The keys of the map are the name of the label, and the values are syslog-ng templates.
Default: -
level (int, optional)
Sets the stats level of the generated metrics (default 0).
Default: 0