Append newline '\n' if not present in log (CRI format).
57 views
Skip to first unread message
Sumant Pangotra
Nov 15, 2021, 6:15:51 AM11/15/21
to Fluentd Google Group
Hi All,
I am trying to handle docker runtime(JOSN format) logs and Containerd (CRI format ) logs in a single fluentd config.
The docker runtime logs appends '\n' by default. However CRI logs doesn't have '\n' in the end.
I am trying to handle docker runtime(JOSN format) logs and Containerd (CRI format ) logs in a single fluentd config.
The docker runtime logs appends '\n' by default. However CRI logs doesn't have '\n' in the end.
I am trying to concat multiline logs with separator :"" to handle JSON logs, but same doesn't work for CRI logs and these multiline logs appear in a single line due to missing '\n'.
How can I add '\n' to CRI format logs?
<source>
@id fluentd-containers.log
@type tail
@label @containers
path /var/log/containers/*.log
pos_file /var/log/es-containers.log.pos
tag kubernetes.*
read_from_head true
<parse>
@type multi_format
<pattern>
format json
time_key time
time_format %Y-%m-%dT%H:%M:%S.%NZ
</pattern>
<pattern>
format /^(?<time>.+) (?<stream>stdout|stderr) [^ ]* (?<log>.*)$/
time_format %Y-%m-%dT%H:%M:%S.%N%:z
</pattern>
</parse>
</source>
<filter **>
@type concat
key log
multiline_start_regexp /^\d{4}-\d{2}-\d{2}/
separator ""
flush_interval 5
timeout_label @PARSELOGS
</filter>
How can I add '\n' to CRI format logs?
Thanks,
Sumant
Sumant
Reply all
Reply to author
Forward
0 new messages