oracle-quickstart
diff --git a/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 67 additions & 1 deletion b/‎README.md‎
Lines changed: 67 additions & 1 deletion
diff --git a/‎logan/helm-chart/values.yaml‎
Lines changed: 69 additions & 31 deletions b/‎logan/helm-chart/values.yaml‎
Lines changed: 69 additions & 31 deletions
@@ -1,5 +1,11 @@
 # Change Log
 
+## 2022-04-20
+### Added
+- Pod Annotations based customiation of configuration paremeters (oci_la_log_source_name, oci_la_log_group_id, oci_la_entity_id) for logs collected through "Kubernetes Container Generic Logs".
+- README update for custom configuration documentation.
+- Flush interval and timeout label configuration for Concat plugin section.
+ 
 ## 2022-02-24
 ### Added
 - Oracle Linux 8 based Docker Image support.
 
@@ -125,10 +125,11 @@ These yaml files needs to be applied using kubectl to create the necessary resou
 - Use configmap-docker.yaml for Kubernetes clusters based off Docker runtime (e.g., OKE < 1.20) and configmap-cri.yaml for Kubernetes clusters based off CRI-O.
 - Inline comments are available in the file for each of the source/filter/match blocks for easy reference for making any changes to the configuration.
 - Refer [this](https://docs.oracle.com/en/learn/oci_logging_analytics_fluentd/) to learn about each of the Logging Analytics Fluentd Output plugin configuration parameters.
-- *Note*: A generic source with time only parser is defined/configured for collecting all application pod logs from /var/log/containers/ out of the box. 
+- **Note**: A generic source with time only parser is defined/configured for collecting all application pod logs from /var/log/containers/ out of the box. 
           It is recommended to define and use a LogSource/LogParser at Logging Analytics for a given log type and then modify the configuration accordingly.
           When adding a configuration (Source, Filter section) for any new container log, also exclude the log path from generic log collection, 
             by adding the log path to *exclude_path* field in *in_tail_containerlogs* source block. This is to avoid the duplicate collection of logs through generic log collection.
+            Refer [this](#custom-configuration) section for further details.
 
 ##### fluentd-daemonset.yaml
 
@@ -249,3 +250,68 @@ Use the following `helm uninstall` command to delete the chart. Provide the rele
 helm uninstall <release-name>
 ```
  
+## Custom Configuration
+
+### How to use custom logSource (oci_la_log_source_name) and/or other custom configuration for Pod/Container Logs collected through "Kubernetes Container Generic Logs" logSource ?
+
+A generic source with time only parser is defined/configured for collecting all application pod logs from /var/log/containers/ out of the box. 
+This is to ensure that all the logs generated by all pods are collected and pushed to Logging Analytics.
+Often you may need to configure a custom logSource for a particular pod log, either by using one of the existing OOB logSources at Logging Analytics or by defining one custom logSource matching to the requirements.
+Once you have defined/identified a logSource for a particular pod log, the following are couple of ways to get those pod logs associated to the logSource.
+
+#### Through Pod Annotations
+
+In this approach, all that you need to do is add the following annotation, "oracle.com/oci_la_log_source_name" (with logSourceName as value) to all the pods of choice.
+This approach works for all the use-cases, except for multi-line plain text formatted logs.
+
+- Refer [this doc](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to find how to add the annotation through Pod's metadata section. This is the recommended approach as it provides the persistent behavior.
+- Refer [this doc](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#annotate) to find how to add annotation through 'kubectl annotate' command. You may use this approach for quick testing.
+
+**Note** The following configuration parameters are supported for customisation through Pod Annotations in addition to logSource, 
+ - oracle.com/oci_la_log_group_id => to use custom logGroupId (oci_la_log_group_id)
+ - oracle.com/oci_la_entity_id => to use custom entityId (oci_la_entity_id)
+
+#### Through Custom Fluentd conf
+
+In this approach, a new set of Source, Filter sections have to be created in the fluentd config. 
+The following example demonstrates a custom fluentd config to tag /var/log/containers/frontend*.log with logSource "Guestbook Frontend Logs" 
+(*to be added to helm-chart values.yaml, under fluentd:configMapLogsFiles:kubernetes.conf value if using helm chart OR to either of configmap-cri.yaml / configmap-docker.yaml if using kubectl approach).
+
+```
+         <source>
+            @type tail
+            @id in_tail_frontend
+            path_key tailed_path
+            path /var/log/containers/frontend-*.log
+            pos_file /var/log/oci_la_fluentd_outplugin/pos/frontend.logs.pos
+            tag oci.oke.frontend.*
+            read_from_head "#{ENV['FLUENT_OCI_READ_FROM_HEAD'] || true}"
+            <parse>
+            {{- if eq $runtime "docker" }}
+            @type json
+            {{- else}}
+            @type cri
+            {{- end }}
+            </parse>
+         </source>
+
+         # Record transformer filter to apply Logging Analytics configuration to each record.
+         <filter oci.oke.frontend.**>
+            @type record_transformer
+            enable_ruby true
+            <record>
+            oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_NAME'] || 'UNDEFINED'}", "Kubernetes Cluster ID": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_ID'] || 'UNDEFINED'}"{{"}}"}}
+            oci_la_log_group_id "#{ENV['FLUENT_OCI_KUBERNETES_LOGGROUP_ID'] || ENV['FLUENT_OCI_DEFAULT_LOGGROUP_ID']}"
+            oci_la_log_path "${record['tailed_path']}"
+            oci_la_log_source_name "Guestbook Frontend Logs"
+            {{- if eq $runtime "docker" }}
+            message "${record['log']}"
+            {{- end }}
+            tag ${tag}
+            </record>
+         </filter>
+```
+**Note**: The log path */var/log/containers/frontend-*.log* has to be excluded from the generic container logs to avoid duplicate log collection. Add the log path to *exclude_path* value under *in_tail_containerlogs* source section.
+
+In addition to the above, you may need to modify the source section to add *multiline* parser, if the logs are of plain text multi-line format (OR) add a concat plugin filter if the logs are of say multi-line but wrapped in json.
+Refer OOB fluentd config in the helm-cahrt values.yaml for examples.
@@ -98,39 +98,49 @@ fluentd:
             skip_master_url "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_MASTER_URL'] || 'false'}"
             skip_namespace_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_NAMESPACE_METADATA'] || 'false'}"
             watch "#{ENV['FLUENT_KUBERNETES_WATCH'] || 'true'}"
+            de_dot false
+            annotation_match [ ".*" ]
          </filter>
 
-         # Match block to set info required for oci-logging-analytics fluentd output plugin
+         # Match block to ensure all the logs including concat plugin timeout logs will have same label
          <match oci.**>
-            @type oci-logging-analytics
-            enable_ruby               true
-            namespace                 "#{ENV['FLUENT_OCI_NAMESPACE']}"
-            endpoint                  "#{ENV['FLUENT_OCI_ENDPOINT']}"
-            {{- if eq $authtype "config" }}
-            config_file_location      "#{ENV['FLUENT_OCI_CONFIG_LOCATION'] || '/var/opt/.oci/config'}"
-            profile_name              "#{ENV['FLUENT_OCI_PROFILE'] || 'DEFAULT'}"
-            {{- end }} 
-            plugin_log_location       "#{ENV['FLUENT_OCI_LOG_LOCATION'] || '/var/log/'}" 
-            plugin_log_level          "#{ENV['FLUENT_OCI_LOG_LEVEL'] || 'info'}"
-            plugin_log_file_size      "#{ENV['FLUENT_OCI_LOG_FILE_SIZE'] || '10MB'}"
-            plugin_log_file_count     "#{ENV['FLUENT_OCI_LOG_FILE_COUNT'] || 10}"
-            kubernetes_metadata_keys_mapping     {"container_name":"Container","namespace_name":"Namespace","pod_name":"Pod","container_image":"Container Image Name","host":"Node"}
-            <buffer>
-                  @type                           file
-                  path                            "#{ENV['FLUENT_OCI_BUFFER_PATH'] || '/var/log/oci_la_fluentd_outplugin/logs/buffer/'}"
-                  flush_thread_count              "#{ENV['FLUENT_OCI_FLUSH_THREAD_COUNT'] || 1}" 
-                  chunk_limit_size                "#{ENV['FLUENT_OCI_CHUNK_LIMIT_SIZE'] || '2m'}"   # 2MB
-                  total_limit_size                "#{ENV['FLUENT_OCI_TOTAL_LIMIT_SIZE'] || 5368709120}" # 5GB
-                  flush_interval                  "#{ENV['FLUENT_OCI_FLUSH_INTERVAL'] || 30}" # seconds
-                  flush_thread_interval           "#{ENV['FLUENT_OCI_FLUSH_THREAD_INTERVAL'] || 0.5}"
-                  flush_thread_burst_interval     "#{ENV['FLUENT_OCI_FLUSH_THREAD_BURST_INTERVAL'] || 0.05}"
-                  retry_wait                      "#{ENV['FLUENT_OCI_RETRY_WAIT'] || 2}" # seconds
-                  retry_max_times                 "#{ENV['FLUENT_OCI_RETRY_MAX_TIMES'] || 17}"
-                  retry_exponential_backoff_base  "#{ENV['FLUENT_OCI_RETRY_EXPONENTIAL_BACKOFF_BASE'] || 2}"
-                  retry_forever                   "#{ENV['FLUENT_OCI_RETRY_FOREVER'] || true}"
-                  disable_chunk_backup true
-            </buffer>
+            @type relabel
+            @label @NORMAL
          </match>
+
+         # Match block to set info required for oci-logging-analytics fluentd output plugin
+         <label @NORMAL>
+            <match oci.**>
+               @type oci-logging-analytics
+               enable_ruby               true
+               namespace                 "#{ENV['FLUENT_OCI_NAMESPACE']}"
+               endpoint                  "#{ENV['FLUENT_OCI_ENDPOINT']}"
+               {{- if eq $authtype "config" }}
+               config_file_location      "#{ENV['FLUENT_OCI_CONFIG_LOCATION'] || '/var/opt/.oci/config'}"
+               profile_name              "#{ENV['FLUENT_OCI_PROFILE'] || 'DEFAULT'}"
+               {{- end }}
+               plugin_log_location       "#{ENV['FLUENT_OCI_LOG_LOCATION'] || '/var/log/'}"
+               plugin_log_level          "#{ENV['FLUENT_OCI_LOG_LEVEL'] || 'info'}"
+               plugin_log_file_size      "#{ENV['FLUENT_OCI_LOG_FILE_SIZE'] || '10MB'}"
+               plugin_log_file_count     "#{ENV['FLUENT_OCI_LOG_FILE_COUNT'] || 10}"
+               kubernetes_metadata_keys_mapping     {"container_name":"Container","namespace_name":"Namespace","pod_name":"Pod","container_image":"Container Image Name","host":"Node"}
+               <buffer>
+                     @type                           file
+                     path                            "#{ENV['FLUENT_OCI_BUFFER_PATH'] || '/var/log/oci_la_fluentd_outplugin/logs/buffer/'}"
+                     flush_thread_count              "#{ENV['FLUENT_OCI_FLUSH_THREAD_COUNT'] || 1}"
+                     chunk_limit_size                "#{ENV['FLUENT_OCI_CHUNK_LIMIT_SIZE'] || '2m'}"   # 2MB
+                     total_limit_size                "#{ENV['FLUENT_OCI_TOTAL_LIMIT_SIZE'] || 5368709120}" # 5GB
+                     flush_interval                  "#{ENV['FLUENT_OCI_FLUSH_INTERVAL'] || 30}" # seconds
+                     flush_thread_interval           "#{ENV['FLUENT_OCI_FLUSH_THREAD_INTERVAL'] || 0.5}"
+                     flush_thread_burst_interval     "#{ENV['FLUENT_OCI_FLUSH_THREAD_BURST_INTERVAL'] || 0.05}"
+                     retry_wait                      "#{ENV['FLUENT_OCI_RETRY_WAIT'] || 2}" # seconds
+                     retry_max_times                 "#{ENV['FLUENT_OCI_RETRY_MAX_TIMES'] || 17}"
+                     retry_exponential_backoff_base  "#{ENV['FLUENT_OCI_RETRY_EXPONENTIAL_BACKOFF_BASE'] || 2}"
+                     retry_forever                   "#{ENV['FLUENT_OCI_RETRY_FOREVER'] || true}"
+                     disable_chunk_backup true
+               </buffer>
+            </match>
+         </label>
       # kubernetes config file data which is included in main fluentd config file.
       kubernetes.conf: |
          {{- $runtime := .Values.runtime | lower }}
@@ -181,6 +191,8 @@ fluentd:
             @type concat
             key message
             stream_identity_key stream
+            flush_interval "#{ENV['FLUENT_CONCAT_FLUSH_INTERVAL'] || 60}" # seconds
+            timeout_label "@NORMAL"
             multiline_start_regexp /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/
          </filter>
 
@@ -224,6 +236,8 @@ fluentd:
             @type concat
             key message
             stream_identity_key stream
+            flush_interval "#{ENV['FLUENT_CONCAT_FLUSH_INTERVAL'] || 60}" # seconds
+            timeout_label "@NORMAL"
             multiline_start_regexp /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/
          </filter>
 
@@ -267,6 +281,8 @@ fluentd:
             @type concat
             key message
             stream_identity_key stream
+            flush_interval "#{ENV['FLUENT_CONCAT_FLUSH_INTERVAL'] || 60}" # seconds
+            timeout_label "@NORMAL"
             multiline_start_regexp /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/
          </filter>
 
@@ -310,6 +326,8 @@ fluentd:
             @type concat
             key message
             stream_identity_key stream
+            flush_interval "#{ENV['FLUENT_CONCAT_FLUSH_INTERVAL'] || 60}" # seconds
+            timeout_label "@NORMAL"
             multiline_start_regexp /^\[[^\]]+\]\s+/
          </filter>
 
@@ -423,6 +441,8 @@ fluentd:
             @type concat
             key message
             stream_identity_key stream
+            flush_interval "#{ENV['FLUENT_CONCAT_FLUSH_INTERVAL'] || 60}" # seconds
+            timeout_label "@NORMAL"
             multiline_start_regexp /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/
          </filter>
 
@@ -681,15 +701,33 @@ fluentd:
             </parse>
          </source>
 
+         # Filter to add kubernetes metadata
+         <filter oci.oke.containerlogs.**>
+            @type kubernetes_metadata
+            @id filter_kube_metadata_containerlogs
+            kubernetes_url "#{ENV['FLUENT_FILTER_KUBERNETES_URL'] || 'https://' + ENV.fetch('KUBERNETES_SERVICE_HOST') + ':' + ENV.fetch('KUBERNETES_SERVICE_PORT') + '/api'}"
+            verify_ssl "#{ENV['KUBERNETES_VERIFY_SSL'] || true}"
+            ca_file "#{ENV['KUBERNETES_CA_FILE']}"
+            skip_labels "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_LABELS'] || 'false'}"
+            skip_container_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_CONTAINER_METADATA'] || 'false'}"
+            skip_master_url "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_MASTER_URL'] || 'false'}"
+            skip_namespace_metadata "#{ENV['FLUENT_KUBERNETES_METADATA_SKIP_NAMESPACE_METADATA'] || 'false'}"
+            watch "#{ENV['FLUENT_KUBERNETES_WATCH'] || 'true'}"
+            de_dot false
+            annotation_match [ ".*" ]
+         </filter>
+
          # Record transformer filter to apply Logging Analytics configuration to each record.
          <filter oci.oke.containerlogs.**>
             @type record_transformer
             enable_ruby true
             <record>
             oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_NAME'] || 'UNDEFINED'}", "Kubernetes Cluster ID": "#{ENV['FLUENT_OCI_KUBERNETES_CLUSTER_ID'] || 'UNDEFINED'}"{{"}}"}}
-            oci_la_log_group_id "#{ENV['FLUENT_OCI_KUBERNETES_LOGGROUP_ID'] || ENV['FLUENT_OCI_DEFAULT_LOGGROUP_ID']}"
+            oci_la_log_group_id ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_group_id") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_group_id") : "#{ENV['FLUENT_OCI_KUBERNETES_LOGGROUP_ID'] || ENV['FLUENT_OCI_DEFAULT_LOGGROUP_ID']}"}
             oci_la_log_path "${record['tailed_path']}"
-            oci_la_log_source_name "Kubernetes Container Generic Logs"
+            oci_la_log_source_name ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_source_name") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_source_name") : "Kubernetes Container Generic Logs"}
+            oci_la_entity_id ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_entity_id") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_entity_id") : ""}
+            oci_la_log_set ${record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_set") ? record.dig("kubernetes", "annotations", "oracle.com/oci_la_log_set") : ""} 
             {{- if eq $runtime "docker" }}
             message "${record['log']}" 
             {{- end }}