Parser

Parser filters can be used to extract key-value pairs from message data. Logging operator currently supports the following parsers:

Regexp parser

The regexp parser can use regular expressions to parse fields from a message.

  filters:
  - parser:
      regexp:
        patterns:
        - ".*test_field -> (?<test_field>.*)$"
        prefix: .regexp.

For details, see the documentation of the AxoSyslog syslog-ng distribution.

Syslog parser

The syslog parser can parse syslog messages. For details, see the documentation of the AxoSyslog syslog-ng distribution.

  filters:
  - parser:
      syslog-parser: {}

Configuration

Parser

metrics-probe (*MetricsProbe, optional)

Counts the messages that pass through the flow, and creates labeled stats counters based on the fields of the passing messages. For details, see the documentation of the AxoSyslog syslog-ng distribution.

regexp ([]string, required)

The regular expression patterns that you want to find a match. regexp-parser() supports multiple patterns, and stops the processing at the first successful match. For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.

syslog-parser (*SyslogParser, optional)

Parse message as a syslog message.

Regexp parser

flags ([]string, optional)

Flags to influence the behavior of the regexp-parser(). For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.

patterns ([]string, required)

The regular expression patterns that you want to find a match. regexp-parser() supports multiple patterns, and stops the processing at the first successful match. For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.

prefix (string, optional)

Insert a prefix before the name part of the parsed name-value pairs to help further processing. For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.

template (string, optional)

Specify a template of the record fields to match against. For details, see the regexp-parser() documentation of the AxoSyslog syslog-ng distribution.

SyslogParser

Parse message as a syslog message.

flags ([]string, optional)

Flags to influence the behavior of the syslog-parser(). For details, see the syslog-parser() documentation of the AxoSyslog syslog-ng distribution.

MetricsProbe

Counts the messages that pass through the flow, and creates labeled stats counters based on the fields of the passing messages. For details, see the documentation of the AxoSyslog syslog-ng distribution.

SyslogNGFlow
apiVersion: logging.banzaicloud.io/v1beta1
kind: SyslogNGFlow
metadata:
  name: flow-mertrics-probe
  namespace: default
spec:
  filters:
    - parser:
        metrics-probe:
          key: "flow_events"
          labels:
            namespace: "${json.kubernetes.namespace_name}"

key (string, optional)

The name of the counter to create. Note that the value of this option is always prefixed with syslogng_, so for example key("my-custom-key") becomes syslogng_my-custom-key.

labels (ArrowMap, optional)

The labels used to create separate counters, based on the fields of the messages processed by metrics-probe(). The keys of the map are the name of the label, and the values are syslog-ng templates.

level (int, optional)

Sets the stats level of the generated metrics (default 0).

- (struct{}, required)

Last modified June 3, 2024: [4.6] Blog link fix (cc4602a)