RHDEVDOCS-2521 NEW Document our JSON log entry format.

Author: rolfedh

…ter-logging-exported-fields-aushape.adoc …-exported-fields-aushape.2021-06-04.adocmodules/cluster-logging-exported-fields-aushape.adoc renamed to _unused_topics/cluster-logging-exported-fields-aushape.2021-06-04.adoc modules/cluster-logging-exported-fields-aushape.adoc renamed to _unused_topics/cluster-logging-exported-fields-aushape.2021-06-04.adoc

@@ -11,7 +11,7 @@ from Elasticsearch and Kibana. The default fields are Top Level and `collectd*`
 [discrete]
 === Top Level Fields
 
-The top level fields are common to every application, and may be present in
+The top level fields are common to every application and can be present in
 every record. For the Elasticsearch template, top level fields populate the actual
 mappings of `default` in the template's mapping section.
 

…r-logging-exported-fields-container.adoc …xported-fields-container.2021-06-04.adocmodules/cluster-logging-exported-fields-container.adoc renamed to _unused_topics/cluster-logging-exported-fields-container.2021-06-04.adoc modules/cluster-logging-exported-fields-container.adoc renamed to _unused_topics/cluster-logging-exported-fields-container.2021-06-04.adoc

@@ -0,0 +1,83 @@
+[id="cluster-logging-exported-fields-kubernetes_{context}"]
+= Kubernetes
+
+The following fields can be present in the namespace for kubernetes-specific metadata.
+
+== kubernetes.pod_name
+
+The name of the pod
+
+[horizontal]
+Data type:: keyword
+
+
+== kubernetes.pod_id
+
+Kubernetes ID of the pod.
+
+[horizontal]
+Data type:: keyword
+
+
+== kubernetes.namespace_name
+
+The name of the namespace in Kubernetes.
+
+[horizontal]
+Data type:: keyword
+
+
+== kubernetes.namespace_id
+
+ID of the namespace in Kubernetes.
+
+[horizontal]
+Data type:: keyword
+
+
+== kubernetes.host
+
+Kubernetes node name
+
+[horizontal]
+Data type:: keyword
+
+
+== kubernetes.master_url
+
+Kubernetes Master URL
+
+[horizontal]
+Data type:: keyword
+
+
+== kubernetes.container_name
+
+The name of the container in Kubernetes.
+
+[horizontal]
+Data type:: text
+
+
+== kubernetes.annotations
+
+Annotations associated with the Kubernetes object
+
+[horizontal]
+Data type:: group
+
+
+== kubernetes.labels
+
+Labels attached to the Kubernetes object Each label name is a subfield of labels field. Each label name is de-dotted: dots in the name are replaced with underscores.
+
+[horizontal]
+Data type:: group
+
+
+== kubernetes.event
+
+The kubernetes event obtained from kubernetes master API The event is already JSON object and as whole nested under kubernetes field This description should loosely follow 'type Event' in https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#event-v1-core
+
+[horizontal]
+Data type:: group

…ter-logging-exported-fields-default.adoc …-exported-fields-default.2021-06-04.adocmodules/cluster-logging-exported-fields-default.adoc renamed to _unused_topics/cluster-logging-exported-fields-default.2021-06-04.adoc modules/cluster-logging-exported-fields-default.adoc renamed to _unused_topics/cluster-logging-exported-fields-default.2021-06-04.adoc

@@ -10,7 +10,7 @@ from Elasticsearch and Kibana.
 
 Contains common fields specific to `systemd` journal.
 link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html[Applications]
-may write their own fields to the journal. These will be available under the
+can write their own fields to the journal. These will be available under the
 `systemd.u` namespace. `RESULT` and `UNIT` are two such fields.
 
 [discrete]

_unused_topics/cluster-logging-exported-fields-kubernetes.2021-06-04.adoc

@@ -1,42 +1,15 @@
 :context: cluster-logging-exported-fields
 [id="cluster-logging-exported-fields"]
-= Exported fields
+= Log Record Fields
 include::modules/common-attributes.adoc[]
 
 toc::[]
 
-These are the fields exported by the logging system and available for searching from Elasticsearch and Kibana. Use the full, dotted field name when searching. For example, for an Elasticsearch */_search URL*, to look for a Kubernetes pod name, use `/_search/q=kubernetes.pod_name:name-of-my-pod`.
+The following fields can be present in log records exported by OpenShift Logging system. Although log records are typically formatted as JSON objects, the same data model can be applied to other encodings.
 
-The following sections describe fields that may not be present in your logging store. Not all of these fields are present in every record. The fields are grouped in the following categories:
+To search these fields from Elasticsearch and Kibana, use the full dotted field name when searching. For example, with an Elasticsearch */_search URL*, to look for a Kubernetes pod name, use `/_search/q=kubernetes.pod_name:name-of-my-pod`.
 
-* `exported-fields-Default`
-* `exported-fields-systemd`
-* `exported-fields-kubernetes`
-* `exported-fields-pipeline_metadata`
-* `exported-fields-ovirt`
-* `exported-fields-aushape`
-* `exported-fields-tlog`
+// The logging system can forward JSON-formatted log entries to external systems. These log entries are formatted as a fluentd message with extra fields such as `kubernetes`. The fields exported by the logging system and available for searching from Elasticsearch and Kibana are documented at the end of this document.
 
-// * `exported-fields-rsyslog`
-
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-exported-fields-default.adoc[leveloffset=+1]
-
-//modules/cluster-logging-exported-fields-rsyslog.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-exported-fields-systemd.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-exported-fields-kubernetes.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-exported-fields-container.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-exported-fields-ovirt.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-exported-fields-aushape.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-exported-fields-tlog.adoc[leveloffset=+1]
+include::modules/cluster-logging-exported-fields-top-level-fields.adoc[leveloffset=0]
+include::modules/cluster-logging-exported-fields-kubernetes.adoc[leveloffset=0]