search

splunk / splunk-connect-for-kubernetes

Helm charts associated with kubernetes plug-ins
Apache License 2.0
344 stars 270 forks source link

Docs update needed on multiline log configs #836

Closed matthewmodestino closed 1 year ago

matthewmodestino commented 1 year ago

<

What would you like to be added:

Please update the readme to show how to add multiline rules to the values.yaml not directly to configmap. Here is some samples we can use:

 logs:
    sck:
      from:
        pod: sck-splunk-kubernetes-
        container: splunk-fluentd-k8s-
      multiline:
        firstline: /^\d{4}-\d{2}-\d{2}\s\d{2}\:\d{2}\:\d{2}\s\+\d{4}\s\[\w+\]\:/
        separator: "\n"
    ghost:
      from:
        pod: ghost
        container: ghost
      multiline:
        firstline: /^\[\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}\]/
        separator: "\n"    
    mario:
      from:
        pod: mattymo-mario
        container: docker-supermario
      multiline: 
        firstline: /NOTE\:\sPicked\sup\sJDK_JAVA_OPTIONS\:|\d{2}\-\w+\-\d{4}\s\d{2}:\d{2}:\d{2}\.\d{3}\s\w+\s\[/ 
        separator: "\n"

Why is this needed: Current docs tell folks to touch the configmap directly. Should be putting in values and upgrading. Please do keep the guidance of testing with rubular tho!

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 1 year ago

This issue was closed because it has been inactive for 14 days since being marked as stale.