SteveL1
commented
1 year ago Seems the problem was that I had the sendAllMetadata flag set to true. Setting this to false fixed the issue
Closed SteveL1 closed 1 year ago
SteveL1
commented
1 year ago Seems the problem was that I had the sendAllMetadata flag set to true. Setting this to false fixed the issue
We have been running the same helm chart for the past few years and have just upgraded our k8s so that we need to change to cri logging format.
To do that I thought I would use the latest helm chart and while sending message to splunk works just fine I have a problem with the format of the message.
I need to have the pod log data to be the message and not within a log field.
Currently the message is
but i need to be in this format
I know the fields are different, but it's the formatting of the record that i'm trying to understand
I can see in the configmap that there's a concat for containers that (in my VERY limited knowledge) would move the log field to the message but i must be misunderstanding what it's doing because that's not happening.
I'd appreciate any help on this as currently none of our alerting works!!!!