Transform formatting

rcastley · rcastley · commit f0c947b5e417 · 2025-02-07T14:18:38.000Z
diff --git a/content/en/ninja-workshops/10-advanced-otel/7-transform-data/7-1-configuration.md b/content/en/ninja-workshops/10-advanced-otel/7-transform-data/7-1-configuration.md
@@ -6,61 +6,63 @@ weight: 1
 
 {{% notice title="Exercise" style="green" icon="running" %}}
 
-- **Configure the `transform/logs` processor**: In the `agent.yaml` apply the processor to `log_statements` in the `resource` context and retain only relevant resource attributes (`com.splunk.sourcetype`, `host.name`, `otelcol.service.mode`):
+**Configure the `transform/logs` processor**: In the `agent.yaml` apply the processor to `log_statements` in the `resource` context and retain only relevant resource attributes (`com.splunk.sourcetype`, `host.name`, `otelcol.service.mode`):
 
-  ```yaml
-  transform/logs:                     # Processor Type/Name
-    log_statements:                   # Log Processing Statements
-      - context: resource             # Log Context
-        statements:                   # List of attribute keys to keep
-          - keep_keys(attributes, ["com.splunk.sourcetype", "host.name", "otelcol.service.mode"])
-  ```
+```yaml
+transform/logs:                     # Processor Type/Name
+  log_statements:                   # Log Processing Statements
+    - context: resource             # Log Context
+      statements:                   # List of attribute keys to keep
+        - keep_keys(attributes, ["com.splunk.sourcetype", "host.name", "otelcol.service.mode"])
+```
+
+This configuration ensures that only the specified attributes are retained, improving log efficiency and reducing unnecessary metadata.
 
-  This configuration ensures that only the specified attributes are retained, improving log efficiency and reducing unnecessary metadata.
-- **Adding a Context Block for Log Severity Mapping**: To properly set the `severity_text` and `severity_number` fields of a log record, add another log context block within log_statements. This configuration extracts the `level` value from the log body, maps it to `severity_text`, and assigns the appropriate `severity_number`:
+**Adding a Context Block for Log Severity Mapping**: To properly set the `severity_text` and `severity_number` fields of a log record, add another log context block within log_statements. This configuration extracts the `level` value from the log body, maps it to `severity_text`, and assigns the appropriate `severity_number`:
 
-  ```yaml
-      - context: log                  # Log Context
-        statements:                   # Transform Statements Array
-          - set(cache, ParseJSON(body)) where IsMatch(body, "^\\{")
-          - flatten(cache, "")        
-          - merge_maps(attributes, cache, "upsert")
-          - set(severity_text, attributes["level"])
-          - set(severity_number, 1) where severity_text == "TRACE"
-          - set(severity_number, 5) where severity_text == "DEBUG"
-          - set(severity_number, 9) where severity_text == "INFO"
-          - set(severity_number, 13) where severity_text == "WARN"
-          - set(severity_number, 17) where severity_text == "ERROR"
-          - set(severity_number, 21) where severity_text == "FATAL"
-  ```
+```yaml
+    - context: log                  # Log Context
+      statements:                   # Transform Statements Array
+        - set(cache, ParseJSON(body)) where IsMatch(body, "^\\{")
+        - flatten(cache, "")        
+        - merge_maps(attributes, cache, "upsert")
+        - set(severity_text, attributes["level"])
+        - set(severity_number, 1) where severity_text == "TRACE"
+        - set(severity_number, 5) where severity_text == "DEBUG"
+        - set(severity_number, 9) where severity_text == "INFO"
+        - set(severity_number, 13) where severity_text == "WARN"
+        - set(severity_number, 17) where severity_text == "ERROR"
+        - set(severity_number, 21) where severity_text == "FATAL"
+```
 
-- **Summary of Key Transformations**:
-  - **Parse JSON**: Extracts structured data from the log body.
-  - **Flatten JSON**: Converts nested JSON objects into a flat structure.
-  - **Merge Attributes**: Integrates extracted data into log attributes.
-  - **Map Severity Text**: Assigns severity_text from the log’s level attribute.
-  - **Assign Severity Numbers**: Converts severity levels into standardized numerical values.
+**Summary of Key Transformations**:
 
-  This setup ensures that log severity is properly extracted, standardized, and structured for efficient processing.
+- **Parse JSON**: Extracts structured data from the log body.
+- **Flatten JSON**: Converts nested JSON objects into a flat structure.
+- **Merge Attributes**: Integrates extracted data into log attributes.
+- **Map Severity Text**: Assigns severity_text from the log’s level attribute.
+- **Assign Severity Numbers**: Converts severity levels into standardized numerical values.
+
+This setup ensures that log severity is properly extracted, standardized, and structured for efficient processing.
 
 {{% notice title="Tip" style="primary" icon="lightbulb" %}}
 This method of mapping all JSON fields to top-level attributes should only be used for **testing and debugging OTTL**. It will result in high cardinality in a production scenario.
 {{% /notice %}}
 
-- **Update the `logs` pipeline**: Add the `transform/logs:` processor into the `logs:` pipeline:
+**Update the `logs` pipeline**: Add the `transform/logs:` processor into the `logs:` pipeline:
 
-  ```yaml
-  logs:                    # Logs Pipeline
-      receivers:           # Array of receivers in this pipeline
-      - filelog/quotes
-      - otlp
-      processors:          # Array of Processors in this pipeline
-      - memory_limiter     # You also could use [memory_limiter]
-      - resourcedetection
-      - resource/add_mode
-      - transform/logs
-      - batch
-  ```
+```yaml
+logs:                    # Logs Pipeline
+    receivers:           # Array of receivers in this pipeline
+    - filelog/quotes
+    - otlp
+    processors:          # Array of Processors in this pipeline
+    - memory_limiter     # You also could use [memory_limiter]
+    - resourcedetection
+    - resource/add_mode
+    - transform/logs
+    - batch
+```
 
 {{% /notice %}}
 
diff --git a/content/en/ninja-workshops/10-advanced-otel/7-transform-data/7-2-setup.md b/content/en/ninja-workshops/10-advanced-otel/7-transform-data/7-2-setup.md
@@ -6,28 +6,28 @@ weight: 2
 
 {{% notice title="Exercise" style="green" icon="running" %}}
 
-- **Start the Log Generator**: In the **Test** terminal window, navigate to the `[WORKSHOP]/7-transform-data` directory and start the appropriate `log-gen` script for your system. We want to work with structured JSON logs, so add the `-json` flag.
+**Start the Log Generator**: In the **Test** terminal window, navigate to the `[WORKSHOP]/7-transform-data` directory and start the appropriate `log-gen` script for your system. We want to work with structured JSON logs, so add the `-json` flag.
 
-  ```sh
-  ./log-gen.sh -json
-  ```
+```sh
+./log-gen.sh -json
+```
 
-  The script will begin writing lines to a file named `./quotes.log`, while displaying a single line of output in the console.
+The script will begin writing lines to a file named `./quotes.log`, while displaying a single line of output in the console.
 
-  ```txt
-  Writing logs to quotes.log. Press Ctrl+C to stop.
-  ```
+```txt
+Writing logs to quotes.log. Press Ctrl+C to stop.
+```
 
-- **Start the Gateway**: In the **Gateway** terminal window navigate to the `[WORKSHOP]/7-transform-data` directory and run:
+**Start the Gateway**: In the **Gateway** terminal window navigate to the `[WORKSHOP]/7-transform-data` directory and run:
 
-  ```sh
-  ../otelbin --config=gateway.yaml
-  ```
+```sh
+../otelbin --config=gateway.yaml
+```
 
-- **Start the Agent**: In the **Agent** terminal window navigate to the `[WORKSHOP]/7-transform-data` directory and run:
+**Start the Agent**: In the **Agent** terminal window navigate to the `[WORKSHOP]/7-transform-data` directory and run:
 
-  ```sh
-  ../otelbin --config=agent.yaml
-  ```
+```sh
+../otelbin --config=agent.yaml
+```
 
 {{% /notice %}}
diff --git a/content/en/ninja-workshops/10-advanced-otel/7-transform-data/7-3-test-transform.md b/content/en/ninja-workshops/10-advanced-otel/7-transform-data/7-3-test-transform.md
@@ -14,7 +14,7 @@ This ensures proper metadata filtering, severity mapping, and structured log enr
 
 {{% notice title="Exercise" style="green" icon="running" %}}
 
-- **Check the debug output** of both the **Agent** and **Gateway** to confirm that `com.splunk/source` and `os.type` have been removed.
+**Check the debug output**: For both the **Agent** and **Gateway** confirm that `com.splunk/source` and `os.type` have been removed:
 
 {{% tabs %}}
 {{% tab title="New Debug Output" %}}
@@ -41,7 +41,7 @@ This ensures proper metadata filtering, severity mapping, and structured log enr
 {{% /tab %}}
 {{% /tabs %}}
 
-- **Check the debug output** of both the **Agent** and **Gateway** to confirm that `SeverityText` and `SeverityNumber` in the `LogRecord` is now defined with the severity `level` from the log body. Confirm that the JSON fields from the body can be accessed as top-level log `Attributes`.
+**Check the debug output**: For both the **Agent** and **Gateway** confirm that `SeverityText` and `SeverityNumber` in the `LogRecord` is now defined with the severity `level` from the log body. Confirm that the JSON fields from the body can be accessed as top-level log `Attributes`:
 
 {{% tabs %}}
 {{% tab title="New Debug Output" %}}
@@ -85,7 +85,7 @@ This ensures proper metadata filtering, severity mapping, and structured log enr
 {{% /tab %}}
 {{% /tabs %}}
 
-- **Check** the new `gateway-logs.out` file to verify the data has been transformed:
+**Check file output**: In the new `gateway-logs.out` file verify the data has been transformed:
 
 {{% tabs %}}
 {{% tab title="New File Output" %}}
