Skip to content

Commit 34267ec

Browse files
hvaghani221hvaghani221
authored
reverted customFilters and moved data ingestion to it's own label (#733)
* reverted customFilters and moved data ingestion to its own label
1 parent 928a45d commit 34267ec

File tree

1 file changed

+28
-30
lines changed
  • helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/templates

1 file changed

+28
-30
lines changed

helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/templates/configMap.yaml

Lines changed: 28 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ data:
7575
<source>
7676
@id containers.log
7777
@type tail
78-
@label @CUSTOM
78+
@label @CONCAT
7979
tag tail.containers.*
8080
path {{ .Values.fluentd.path | default "/var/log/containers/*.log" }}
8181
{{- if .Values.fluentd.exclude_path }}
@@ -109,7 +109,7 @@ data:
109109
<source>
110110
@id tail.file.{{ $name }}
111111
@type tail
112-
@label @CUSTOM
112+
@label @CONCAT
113113
tag tail.file.{{ or $logDef.sourcetype $name }}
114114
path {{ $logDef.from.file.path }}
115115
pos_file {{ $.Values.containers.path }}/splunk-fluentd-{{ $name }}.pos
@@ -152,7 +152,7 @@ data:
152152
<source>
153153
@id journald-{{ $name }}
154154
@type systemd
155-
@label @CUSTOM
155+
@label @CONCAT
156156
tag journald.{{ or $logDef.sourcetype $name }}
157157
path {{ $.Values.journalLogPath | quote }}
158158
matches [{ "_SYSTEMD_UNIT": {{ $logDef.from.journald.unit | quote }} }]
@@ -174,7 +174,7 @@ data:
174174
<source>
175175
@id fluentd-monitor-agent
176176
@type monitor_agent
177-
@label @SPLUNK
177+
@label @PARSE
178178
{{- if .Values.global.monitoring_agent_enabled }}
179179
tag monitor_agent
180180
{{- end }}
@@ -198,15 +198,15 @@ data:
198198
partial_key logtag
199199
partial_value P
200200
separator ''
201-
timeout_label @SPLUNK
201+
timeout_label @PARSE
202202
</filter>
203203
{{- end }}
204204
{{- range $name, $logDef := .Values.logs }}
205205
{{- if and $logDef.from.pod $logDef.multiline }}
206206
<filter tail.containers.var.log.containers.{{ $logDef.from.pod }}*{{ or $logDef.from.container $name }}*.log>
207207
@type concat
208208
key log
209-
timeout_label @SPLUNK
209+
timeout_label @PARSE
210210
stream_identity_key stream
211211
{{- if $logDef.multiline.firstline }}
212212
multiline_start_regexp {{ $logDef.multiline.firstline }}
@@ -226,19 +226,19 @@ data:
226226
<filter journald.{{ or $logDef.sourcetype $name }}>
227227
@type concat
228228
key log
229-
timeout_label @SPLUNK
229+
timeout_label @PARSE
230230
multiline_start_regexp {{ $logDef.multiline.firstline }}
231231
flush_interval {{ $logDef.multiline.flushInterval | default 5 }}
232232
</filter>
233233
{{- end }}
234234
{{- end }}
235-
# Events are relabeled then emitted to the SPLUNK label
235+
# Events are relabeled then emitted to the PARSE label for processing
236236
<match **>
237237
@type relabel
238-
@label @SPLUNK
238+
@label @PARSE
239239
</match>
240240
</label>
241-
<label @SPLUNK>
241+
<label @PARSE>
242242
{{- if .Values.containers.removeBlankEvents }}
243243
# filter to remove empty lines
244244
<filter tail.containers.**>
@@ -342,7 +342,24 @@ data:
342342
jq ".record.source = \"namespace:#{ENV['MY_NAMESPACE']}/pod:#{ENV['MY_POD_NAME']}\" | .record.sourcetype = \"fluentd:monitor-agent\" | .record.cluster_name = \"{{ or .Values.kubernetes.clusterName .Values.global.kubernetes.clusterName | default "cluster_name" }}\" | .record.splunk_index = \"{{ or .Values.global.monitoring_agent_index_name .Values.global.splunk.hec.indexName .Values.splunk.hec.indexName | default "main" }}\" {{- if .Values.customMetadata }}{{- range .Values.customMetadata }}| .record.{{ .name }} = \"{{ .value }}\" {{- end }}{{- end }} | .record"
343343
</filter>
344344
{{- end }}
345-
345+
# = custom filters specified by users =
346+
{{- range $name, $filterDef := .Values.customFilters }}
347+
{{- if and $filterDef.tag $filterDef.type }}
348+
<filter {{ $filterDef.tag }}>
349+
@type {{ $filterDef.type }}
350+
{{- with $filterDef.body }}
351+
{{ . | nindent 8 }}
352+
{{- end }}
353+
</filter>
354+
{{- end }}
355+
{{- end }}
356+
# Events are relabeled then emitted to the SPLUNK label for ingestion
357+
<match **>
358+
@type relabel
359+
@label @SPLUNK
360+
</match>
361+
</label>
362+
<label @SPLUNK>
346363
# = output =
347364
<match **>
348365
{{- if or .Values.splunk.hec.host .Values.global.splunk.hec.host .Values.splunk.hec.fullUrl .Values.global.splunk.hec.fullUrl }}
@@ -460,22 +477,3 @@ data:
460477
{{- end }}
461478
</match>
462479
</label>
463-
# = custom filters specified by users =
464-
<label @CUSTOM>
465-
{{- range $name, $filterDef := .Values.customFilters }}
466-
{{- if and $filterDef.tag $filterDef.type }}
467-
<filter {{ $filterDef.tag }}>
468-
@type {{ $filterDef.type }}
469-
{{- with $filterDef.body }}
470-
{{ . | nindent 8 }}
471-
{{- end }}
472-
</filter>
473-
{{- end }}
474-
{{- end }}
475-
476-
# Events are relabeled then emitted to the CONCAT label
477-
<match **>
478-
@type relabel
479-
@label @CONCAT
480-
</match>
481-
</label>

0 commit comments

Comments
 (0)