parsed_body based filtering of error, need to remove attribute after filtering

Author: CircleCI

charts/lumigo-operator/templates/_agent_otel_collector_config.tpl

@@ -0,0 +1,73 @@
+{{ define "clusterAgent.otelCollectorConfig.filelogreceiver.operators" -}}
+# Find out which format is used by kubernetes
+- type: router
+  id: get-format
+  routes:
+    - output: parser-docker
+      expr: 'body matches "^\\{"'
+    - output: parser-crio
+      expr: 'body matches "^[^ Z]+ "'
+    - output: parser-containerd
+      expr: 'body matches "^[^ Z]+Z"'
+# Parse CRI-O format
+- type: regex_parser
+  id: parser-crio
+  regex:
+    '^(?P<time>[^ Z]+) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
+  output: overwrite-log-body
+  timestamp:
+    parse_from: attributes.time
+    layout_type: gotime
+    layout: '2006-01-02T15:04:05.999999999Z07:00'
+# Parse CRI-Containerd format
+- type: regex_parser
+  id: parser-containerd
+  regex:
+    '^(?P<time>[^ ^Z]+Z) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
+  output: overwrite-log-body
+  timestamp:
+    parse_from: attributes.time
+    layout: '%Y-%m-%dT%H:%M:%S.%LZ'
+# Parse Docker format
+- type: json_parser
+  id: parser-docker
+  output: overwrite-log-body
+  timestamp:
+    parse_from: attributes.time
+    layout: '%Y-%m-%dT%H:%M:%S.%LZ'
+- type: move
+  id: overwrite-log-body
+  from: attributes["log"]
+  to: body
+# best effort attempt to parse the body as a stringified JSON object
+- type: json_parser
+  parse_from: body
+  parse_to: attributes["parsed_body"]
+  on_error: send_quiet
+# Extract metadata from file path
+- type: regex_parser
+  id: extract-metadata-from-filepath
+  regex: '^.*\/(?P<namespace>[^_]+)_(?P<pod_name>[^_]+)_(?P<uid>[a-f0-9\-]{36})\/(?P<container_name>[^\._]+)\/(?P<restart_count>\d+)\.log$'
+  parse_from: attributes["log.file.path"]
+  cache:
+    size: 128 # default maximum amount of Pods per Node is 110
+# Rename attributes
+- type: move
+  from: attributes.stream
+  to: attributes["log.iostream"]
+- type: move
+  from: attributes.container_name
+  to: resource["k8s.container.name"]
+- type: move
+  from: attributes.namespace
+  to: resource["k8s.namespace.name"]
+- type: move
+  from: attributes.pod_name
+  to: resource["k8s.pod.name"]
+- type: move
+  from: attributes.restart_count
+  to: resource["k8s.container.restart_count"]
+- type: move
+  from: attributes.uid
+  to: resource["k8s.pod.uid"]
+{{- end }}

charts/lumigo-operator/templates/cluster-agent-daemonset.yaml

@@ -1,5 +1,6 @@
-{{- $logsEnabled := or .Values.clusterCollection.logs.enabled .Values.watchdog.logs.enabled }}
-{{- if or $logsEnabled .Values.clusterCollection.metrics.enabled }}
+{{- $watchdogLogsEnabled := and .Values.watchdog.enabled .Values.watchdog.logs.enabled -}}
+{{- $logCollectionEnabled := or .Values.clusterCollection.logs.enabled $watchdogLogsEnabled -}}
+{{- if $logCollectionEnabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -35,7 +36,7 @@ spec:
         lumigo.auto-trace: 'false' # We don't want the operator to inject itself into pods from this daemonset
     spec:
       containers:
-{{- if $logsEnabled }}
+{{- if $logCollectionEnabled }}
       - name: otel-collector
         image: {{ .Values.logFileCollector.image.repository }}:{{ .Values.logFileCollector.image.tag }}
         env:
@@ -89,7 +90,7 @@ spec:
       - name: collector-config
         configMap:
           name: {{ include "helm.fullname" . }}-cluster-agent-config
-{{- if $logsEnabled }}
+{{- if $logCollectionEnabled }}
       - name: varlogpods
         hostPath:
           path: /var/log/pods/

charts/lumigo-operator/templates/cluster-agent-otel-collector-config.yaml

@@ -1,23 +1,20 @@
 {{- define "clusterAgent.otelCollectorConfig" -}}
+{{ $logCollectionEnabled := .Values.clusterCollection.logs.enabled }}
+{{ $watchdogLogsEnabled := and .Values.watchdog.enabled .Values.watchdog.logs.enabled }}
 receivers:
-{{- if or .Values.watchdog.logs.enabled .Values.watchdog.logs.include }}
-  filelog/watchdog:
-    include:
-      - /var/log/pods/{{ .Release.Namespace }}_{{ include "helm.fullname" . }}-controller-manager_*/*/*.log
-      - /var/log/pods/{{ .Release.Namespace }}_{{ include "helm.fullname" . }}-telemetry-proxy_*/*/*.log
-{{- end }}
+{{ if $logCollectionEnabled }}
   filelog/application:
     include:
-    {{ if .Values.clusterCollection.logs.include }}
-    {{- range .Values.clusterCollection.logs.include }}
+      {{ if .Values.clusterCollection.logs.include }}
+        {{- range .Values.clusterCollection.logs.include }}
       - /var/log/pods/{{ .namespacePattern | default "*" }}_{{ .podPattern | default "*" }}_*/{{ .containerPattern | default "*" }}/*.log
-    {{- end }}
-    {{- else }}
+        {{- end }}
+      {{- else }}
       - /var/log/pods/*/*/*.log
-    {{- end }}
+      {{- end }}
     exclude:
+      - /var/log/pods/{{ .Release.Namespace }}_*/*/*.log
       - /var/log/pods/kube-system_*/*/*.log
-      - /var/log/pods/lumigo-system_*/*/*.log
       # Exclude logs from the otlp-sink in tests (Kind cluster)
       - /var/log/pods/local-path-storage_*/*/*.log
       - /var/log/pods/otlp-sink_*/*/*.log
@@ -30,76 +27,20 @@ receivers:
     include_file_path: true
     include_file_name: false
     operators:
-      # Find out which format is used by kubernetes
-      - type: router
-        id: get-format
-        routes:
-          - output: parser-docker
-            expr: 'body matches "^\\{"'
-          - output: parser-crio
-            expr: 'body matches "^[^ Z]+ "'
-          - output: parser-containerd
-            expr: 'body matches "^[^ Z]+Z"'
-      # Parse CRI-O format
-      - type: regex_parser
-        id: parser-crio
-        regex:
-          '^(?P<time>[^ Z]+) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
-        output: overwrite-log-body
-        timestamp:
-          parse_from: attributes.time
-          layout_type: gotime
-          layout: '2006-01-02T15:04:05.999999999Z07:00'
-      # Parse CRI-Containerd format
-      - type: regex_parser
-        id: parser-containerd
-        regex:
-          '^(?P<time>[^ ^Z]+Z) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
-        output: overwrite-log-body
-        timestamp:
-          parse_from: attributes.time
-          layout: '%Y-%m-%dT%H:%M:%S.%LZ'
-      # Parse Docker format
-      - type: json_parser
-        id: parser-docker
-        output: overwrite-log-body
-        timestamp:
-          parse_from: attributes.time
-          layout: '%Y-%m-%dT%H:%M:%S.%LZ'
-      - type: move
-        id: overwrite-log-body
-        from: attributes["log"]
-        to: body
-      # best effort attempt to parse the body as a stringified JSON object
-      - type: json_parser
-        parse_to: body
-        on_error: send_quiet
-      # Extract metadata from file path
-      - type: regex_parser
-        id: extract-metadata-from-filepath
-        regex: '^.*\/(?P<namespace>[^_]+)_(?P<pod_name>[^_]+)_(?P<uid>[a-f0-9\-]{36})\/(?P<container_name>[^\._]+)\/(?P<restart_count>\d+)\.log$'
-        parse_from: attributes["log.file.path"]
-        cache:
-          size: 128 # default maximum amount of Pods per Node is 110
-      # Rename attributes
-      - type: move
-        from: attributes.stream
-        to: attributes["log.iostream"]
-      - type: move
-        from: attributes.container_name
-        to: resource["k8s.container.name"]
-      - type: move
-        from: attributes.namespace
-        to: resource["k8s.namespace.name"]
-      - type: move
-        from: attributes.pod_name
-        to: resource["k8s.pod.name"]
-      - type: move
-        from: attributes.restart_count
-        to: resource["k8s.container.restart_count"]
-      - type: move
-        from: attributes.uid
-        to: resource["k8s.pod.uid"]
+{{ include "clusterAgent.otelCollectorConfig.filelogreceiver.operators" . | indent 4 }}
+{{- end }}
+{{- if $watchdogLogsEnabled }}
+  filelog/watchdog:
+    include:
+      - /var/log/pods/{{ .Release.Namespace }}_{{ include "helm.fullname" . }}-controller-manager-*_*/*/*.log
+      - /var/log/pods/{{ .Release.Namespace }}_{{ include "helm.fullname" . }}-telemetry-proxy-*_*/*/*.log
+    start_at: end
+    include_file_path: true
+    include_file_name: false
+    operators:
+{{ include "clusterAgent.otelCollectorConfig.filelogreceiver.operators" . | indent 4 }}
+{{- end }}
+
 exporters:
   otlphttp:
     endpoint: ${env:LUMIGO_LOGS_ENDPOINT}
@@ -110,6 +51,7 @@ exporters:
     verbosity: detailed
 {{- end }}
 processors:
+  batch:
   transform/application:
     log_statements:
       - context: log
@@ -120,13 +62,15 @@ processors:
     log_statements:
       - context: log
         statements:
-          - set(instrumentation_scope.name, "lumigo-operator.watchdog_log_file_collector")
+          - set(instrumentation_scope.name, "lumigo-operator.watchdog.log_file_collector")
           - set(resource.attributes["k8s.cluster.name"], "${env:KUBERNETES_CLUSTER_NAME}")
   filter/drop_non_error_logs:
+    error_mode: propagate
     logs:
       log_record:
-        - 'not IsMatch(body, ".*error.*")'
-  batch:
+        - not IsMap(log.attributes["parsed_body"])
+        - not IsString(log.attributes["parsed_body"]["error"])
+
 service:
 {{- if .Values.debug.enabled }}
   telemetry:
@@ -135,7 +79,7 @@ service:
       encoding: json
 {{- end }}
   pipelines:
-{{- if .Values.watchdog.logs.enabled }}
+{{ if $logCollectionEnabled }}
     logs/application:
       receivers:
         - filelog/application
@@ -148,6 +92,7 @@ service:
         - debug
 {{- end }}
 {{- end }}
+{{- if $watchdogLogsEnabled }}
     logs/watchdog:
       receivers:
         - filelog/watchdog
@@ -161,3 +106,4 @@ service:
         - debug
 {{- end }}
 {{- end }}
+{{- end }}

charts/lumigo-operator/values.yaml

@@ -74,7 +74,7 @@ controllerManager:
 logFileCollector:
   image:
     repository: otel/opentelemetry-collector-contrib
-    tag: 0.112.0
+    tag: 0.122.0
   resources:
     limits:
       cpu: 500m