search

aws / amazon-cloudwatch-logs-for-fluent-bit

A Fluent Bit output plugin for CloudWatch Logs
Apache License 2.0
170 stars 49 forks source link

Multiline parser for Java/Tomcat logs #364

Open dev-travelex opened 4 months ago

dev-travelex commented 4 months ago

I am using cloudwatch_logs for my EKS cluster which hosts a Tomcat webapp. As per this, I don't see any option to have the multiline parser.

Wanted to know how to handle that with the cloudwatch logs. When I added [INPUT], I got an error stating valid ones are filters.conf, output.conf, parsers.conf, flb_log_cw. I am using Terraform here. 


locals {
  default_config = {
    output_conf  = <<-EOF
    [OUTPUT]
      Name cloudwatch_logs
      Match kube.*
      region ${var.target_region}
      log_key log
      log_group_name ${local.cwlog_group_fmdev}
      log_stream_prefix ${local.cwlog_stream_prefix_fmdev}
      log_stream_template $kubernetes['pod_name'].$kubernetes['container_name']
      log_retention_days 14
      auto_create_group true
    [OUTPUT]
      Name cloudwatch_logs
      Match kube.*
      region ${var.target_region}
      log_key log
      log_group_name ${local.cwlog_group_testing}
      log_stream_prefix ${local.cwlog_stream_prefix_testing}
      log_stream_template $kubernetes['pod_name'].$kubernetes['container_name']
      log_retention_days 14
      auto_create_group true
    [OUTPUT]
      Name cloudwatch_logs
      Match kube.*
      region ${var.target_region}
      log_key log
      log_group_name ${local.cwlog_group_uat}
      log_stream_prefix ${local.cwlog_stream_prefix_uat}
      log_stream_template $kubernetes['pod_name'].$kubernetes['container_name']
      log_retention_days 14
      auto_create_group true
    EOF
    filters_conf = <<-EOF
    [FILTER]
      Name parser
      Match *
      Key_name log
      Parser crio
    [FILTER]
      Name kubernetes
      Match kube.*
      Merge_Log On
      Keep_Log Off
      Buffer_Size 0
      Kube_Meta_Cache_TTL 300s
    [FILTER]
      Name grep
      Match *
      Exclude $kubernetes['container_name'] datadog-agent
    EOF
    parsers_conf = <<-EOF
    [PARSER]
      Name crio
      Format Regex
      Regex \[(?<time>[^\']+)\' (?<log>.*)$
      Time_Key time
      Time_Format %Y-%m-%dT%H:%M:%S.%L%z
    EOF
    flb_log_cw   = false
  }

  config = local.default_config
}

########################
### K8s resources ######
########################

resource "kubernetes_namespace_v1" "aws_observability" {

  metadata {
    name = "aws-observability"

    labels = {
      aws-observability = "enabled"
    }
  }
}

# fluent-bit-cloudwatch value as the name of the CloudWatch log group that is automatically created as soon as your apps start logging
resource "kubernetes_config_map_v1" "aws_logging" {
  metadata {
    name      = "aws-logging"
    namespace = "aws-observability"
  }

  data = {
    "parsers.conf" = local.config["parsers_conf"]
    "filters.conf" = local.config["filters_conf"]
    "flb_log_cw"   = local.config["flb_log_cw"]
    "output.conf"  = local.config["output_conf"]
  }
}

Error I got:

Error: Failed to update Config Map: admission webhook "0500-amazon-eks-fargate-configmaps-admission.amazonaws.com" denied the request: input.conf is not valid. Please only provide output.conf, filters.conf, parsers.conf or flb_log_cw in the logging configmap with kubernetes_config_map_v1.aws_logging,