Open kharenis opened 2 years ago
nokute78
commented
2 years ago https://github.com/fluent/fluent-bit/issues/2152 Currently, filter_modify doesn't support record accessor.
Only STRING:KEY of Conditions supports record accessor.
https://docs.fluentbit.io/manual/pipeline/filters/modify#conditions
You can set Record Accessor as STRING:KEY for nested key.
github-actions[bot]
commented
2 years ago This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.
andrewnazarov
commented
2 years ago This would be a great help if one wants to work with nested keys. We are facing the same issue trying to modify the k8s metainformation.
dgsardina
commented
2 years ago Same use case and issue, ended up forwarding to fluentd instead.
chrw
commented
2 years ago I'm having the same issue trying to copy the Kubernetes namespace into a variable.
ryan65
commented
2 years ago Hi Anyone found a workaround. I need to remove the pod_id from the kubernetes metadata object, couldnt find a way either with modify or record_modifier No nested support.
pranavmarla
commented
2 years ago Hi Anyone found a workaround. I need to remove the pod_id from the kubernetes metadata object, couldnt find a way either with modify or record_modifier No nested support.
@ryan65 At this point, I suspect a Lua filter is your only option
ryan65
commented
2 years ago Thanks , will try.
RalfWenzel
commented
1 year ago hi, i have the same issue, pod_id and hash values should be removed . Is there any plan to add this as a feature?
agup006
commented
1 year ago @nokute78 for the PR does that help RA with modify?
sabdalla80
commented
1 year ago Just keeping this thread alive, I can also use this feature.
maxmoshe
commented
1 year ago If anybody needs an example for a solution using lua, this worked for me:
[FILTER]
Name lua
Match *
script /fluent-bit/scripts/alter_fields.lua
call alter_fieldsfunction alter_fields(tag, timestamp, record)
new_record = record
new_record["applicationName"] = record["kubernetes"]["namespace_name"]
new_record["subsystemName"] = record["kubernetes"]["container_name"]
new_record["kubernetes"]["annotations"] = nil
return 1, timestamp, new_record
end
blackluck
commented
1 year ago Anyone have a solution to this kind of problem, without lua? We have lot of problems with lua and want to get rid of it, so that's not an option.
homiakos
commented
9 months ago I support this.
the same grep plugin can work with k8s metadata: https://docs.fluentbit.io/manual/pipeline/filters/grep
In general, it’s strange to change the metadadata format and not support plugins working with the new format
adrianmace
commented
8 months ago This behaviour is necessary. There are so many custom lua scripts floating around doing the same thing.
brudman
commented
3 months ago I agree it would be great if this was supported! Another option for doing this is to use the nest filter described by liyuntao in https://github.com/fluent/fluent-bit/issues/422
[FILTER] Name nest Match kube.* Operation lift Nested_under kubernetes Add_prefix kubernetes.
[FILTER] Name record_modifier Match kube. Remove_key kubernetes.container Remove_key kubernetes.pod_id Remove_key kubernetes.docker_id
Then if you need the kubernetes object again:
[FILTER] Name nest Match kube. Operation nest Wildcard kubernetes. Nest_under kubernetes Remove_prefix kubernetes.
Bug Report
When using the modify filter to copy nested fields using Record Accessors, the filter fails to find the fields.
To Reproduce
Expected behavior 'application' field should be added to the log structure with the value taken from one of the 3 found fields. $kubernetes['pod_id'], $kubernetes['docker_id'], $kubernetes['container_hash'] should be removed from the log structure.
Your Environment
[FILTER] Name expect Match kube.* key_exists kubernetes key_exists log action exit
[FILTER] Name grep Match kube.* Exclude $kubernetes['namespace_name'] kube-system
[FILTER] Name stdout Match kube.*
[FILTER] Name modify Match kube.* Copy $kubernetes['labels']['app'] application Copy $kubernetes['labels']['app.kubernetes.io/name'] application Copy $kubernetes['container_name'] application Remove $kubernetes['pod_id'] Remove $kubernetes['docker_id'] Remove $kubernetes['container_hash']