This is a combined PR for the whole feature of outputting JSON log format to improve the tools experience, interoperability and among the initial steps of making the tool fit well with other log analysis tools and platforms like Azure Monitor, ELK, etc.
For easy reviewing, the individual PRs are (a few could be slightly outdated due to the fixes done within this PR):
104
107
108
109
e2e Example with Azure Monitor
Sample Kusto query, crunching data from IIS ETW provider; get all HTTP Status 400 and above:
ContainerLog
| where LogEntry has "Microsoft-Windows-IIS-Logging" // for optimization of parse_json
| extend d = parse_json(LogEntry)
| extend Source = d.Source
| extend Status = d.LogEntry.EventData["sc-status"]
| extend Method = d.LogEntry.EventData["cs-method"]
| extend Path = d.LogEntry.EventData["cs-uri-stem"]
| extend UserAgent = d.LogEntry.EventData["csUser-Agent"]
| extend cIP = d.LogEntry.EventData["c-ip"]
| extend sIP = d.LogEntry.EventData["s-ip"]
| extend Port = d.LogEntry.EventData["s-port"]
| extend PodName = d.LogEntry.EventData["s-computername"]
| extend TimeTaken = d.LogEntry.EventData["time-taken"]
| where Status > 400
| project TimeGenerated, Source, PodName, Method, Status, UserAgent, cIP, sIP, Port, Path, LogEntry
| take 30
# add nandaams as your remote
git add remote nandaams git@github.com:nandaams/windows-container-tools.git
# fetch this PR's branch
git fetch nandaams v2/json-output-all
# now checkout to the branch and continue
git checkout v2/json-output-all
ℹ️ See the spec and schema details in the discussion here - https://github.com/microsoft/windows-container-tools/discussions/103
This is a combined PR for the whole feature of outputting JSON log format to improve the tools experience, interoperability and among the initial steps of making the tool fit well with other log analysis tools and platforms like Azure Monitor, ELK, etc.
For easy reviewing, the individual PRs are (a few could be slightly outdated due to the fixes done within this PR):
104
107
108
109
e2e Example with Azure Monitor
Sample Kusto query, crunching data from IIS ETW provider; get all
HTTP Status 400 and above
:Sample result set here -> https://pastebin.com/qKp86uNt
To test this locally: