Skip to content

Commit b52e0b8

Browse files
abrennan89abrennan89
authored
Merge pull request #69829 from abrennan89/OBSDOCS-83
OBSDOCS-83: Removed JSON message field
2 parents ae1439e + 690196a commit b52e0b8

File tree

1 file changed

+5
-14
lines changed

1 file changed

+5
-14
lines changed

modules/cluster-logging-json-log-forwarding.adoc

Lines changed: 5 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,17 @@
11
[id="cluster-logging-json-log-forwarding_{context}"]
22
= Parsing JSON logs
33

4-
Logs including JSON logs are usually represented as a string inside the `message` field. That makes it hard for users to query specific fields inside a JSON document. OpenShift Logging's Log Forwarding API enables you to parse JSON logs into a structured object and forward them to either OpenShift Logging-managed Elasticsearch or any other third-party system supported by the Log Forwarding API.
4+
You can use a `ClusterLogForwarder` object to parse JSON logs into a structured object and forward them to a supported output.
55

6-
To illustrate how this works, suppose that you have the following structured JSON log entry.
6+
To illustrate how this works, suppose that you have the following structured JSON log entry:
77

88
.Example structured JSON log entry
99
[source,yaml]
1010
----
1111
{"level":"info","name":"fred","home":"bedrock"}
1212
----
1313

14-
Normally, the `ClusterLogForwarder` custom resource (CR) forwards that log entry in the `message` field. The `message` field contains the JSON-quoted string equivalent of the JSON log entry, as shown in the following example.
15-
16-
.Example `message` field
17-
[source,yaml]
18-
----
19-
{"message":"{\"level\":\"info\",\"name\":\"fred\",\"home\":\"bedrock\"",
20-
"more fields..."}
21-
----
22-
23-
To enable parsing JSON log, you add `parse: json` to a pipeline in the `ClusterLogForwarder` CR, as shown in the following example.
14+
To enable parsing JSON log, you add `parse: json` to a pipeline in the `ClusterLogForwarder` CR, as shown in the following example:
2415

2516
.Example snippet showing `parse: json`
2617
[source,yaml]
@@ -31,7 +22,7 @@ pipelines:
3122
parse: json
3223
----
3324

34-
When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON-structured log entry in a `structured` field, as shown in the following example. This does not modify the original `message` field.
25+
When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON-structured log entry in a `structured` field, as shown in the following example:
3526

3627
.Example `structured` output containing the structured JSON log entry
3728
[source,yaml]
@@ -42,5 +33,5 @@ When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON
4233

4334
[IMPORTANT]
4435
====
45-
If the log entry does not contain valid structured JSON, the `structured` field will be absent.
36+
If the log entry does not contain valid structured JSON, the `structured` field is absent.
4637
====

0 commit comments

Comments
 (0)