try recommended config from https://grafana.com/docs/grafana-cloud/monitor-infrastructure/kubernetes-monitoring/configuration/configure-infrastructure-manually/otel-collector/#configure-the-opentelemetry-logs-collector

Author: crutonjohn

clusters/apps/env/production/observability/otel/collector/pod-logging.yaml

@@ -36,7 +36,7 @@ spec:
           - /var/log/pods/*/*/*.log
         exclude:
           - /var/log/pods/*/otc-container/*.log
-        start_at: end
+        start_at: beginning
         storage: file_storage
         include_file_path: true
         include_file_name: false
@@ -45,6 +45,8 @@ spec:
           - type: router
             id: get-format
             routes:
+              - output: parser-docker
+                expr: 'body matches "^\\{"'
               - output: parser-crio
                 expr: 'body matches "^[^ Z]+ "'
               - output: parser-containerd
@@ -82,26 +84,23 @@ spec:
             regex: '^.*\/(?P<namespace>[^_]+)_(?P<pod_name>[^_]+)_(?P<uid>[a-f0-9\-]{36})\/(?P<container_name>[^\._]+)\/(?P<restart_count>\d+)\.log$'
             parse_from: attributes["log.file.path"]
             cache:
-              size: 128  # default maximum amount of Pods per Node is 110
+              size: 128 # default maximum amount of Pods per Node is 110
           # Rename attributes
           - type: move
-            from: attributes.stream
-            to: attributes["log.iostream"]
+            from: attributes["log.file.path"]
+            to: resource["filename"]
           - type: move
             from: attributes.container_name
-            to: resource["k8s.container.name"]
+            to: resource["container"]
           - type: move
             from: attributes.namespace
-            to: resource["k8s.namespace.name"]
+            to: resource["namespace"]
           - type: move
             from: attributes.pod_name
-            to: resource["k8s.pod.name"]
-          - type: move
-            from: attributes.restart_count
-            to: resource["k8s.container.restart_count"]
-          - type: move
-            from: attributes.uid
-            to: resource["k8s.pod.uid"]
+            to: resource["pod"]
+          - type: add
+            field: resource["cluster"]
+            value: 'main-lyh' # Set your cluster name here
       filelog/1:
         include:
           - /var/log/syslog
@@ -162,12 +161,12 @@ spec:
               - from: connection
       resource/loki0:
         attributes:
-          - action: insert
-            key: loki.resource.labels
-            value: event.domain, k8s.resource.name, k8s.pod.name, k8s.pod.uid, k8s.deployment.name, k8s.namespace.name, k8s.node.name, k8s.pod.start_time, k8s.container.name, container.image.name, container.image.tag, instance, environment, severity, app, log.iostream, log
           - action: insert
             key: loki.format
             value: raw
+          - action: insert
+            key: loki.resource.labels
+            value: pod, namespace, container, cluster, filename
       resource/loki1:
         attributes:
           - action: insert
@@ -215,10 +214,9 @@ spec:
       pipelines:
         logs/0:
           receivers:
-            - otlp
             - filelog/0
           processors:
-            - k8sattributes
+            #- k8sattributes
             - resource/loki0
             - batch
           exporters: