cloudfoundry-community / logsearch-for-cloudfoundry

A Logsearch addon that customises Logsearch to work with Cloud Foundry data
Apache License 2.0
49 stars 57 forks source link

Starting a discussion about using blackbox in the syslog-release and logsearch #295

Closed bandesz closed 4 years ago

bandesz commented 6 years ago

Hi,

As probably some of you know there is a blackbox component in the syslog-release which is enabled by default and also enabled in cf-deployment (if you enable the syslog opsfile). The blackbox component tails all logs files under /var/vcap/sys/log/*/* and forwards these logs to the rsyslog daemon. There is also an other rule higher up to exclude all logs tagged "vcap.*". Blackbox essentially replaces logger.

The problem is that the new logs won't be tagged with vcap.component_name but only with component_name.

Do you have any plans to support this setup? Do you know about operators who are in a similar situation? Currently we have a fork of this repository and had to amend some Logstash filter to not expect "vcap." prefixes.