1

We're using New Relic Fluent Bit integration to send Kubernetes pod logs to New Relic. Some pods are running Java apps so we'd like to apply java multiline parsing. Unfortunately this fluent-bit conf catch logs but multiline java parsing added in a FILTER block is not working. How can we do?

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: fluent-bit-config
      namespace: newrelic
      labels:
        k8s-app: newrelic-logging
    data:
      # fluent bit config file
      fluent-bit.conf: |
        [SERVICE]
            Flush             1
            Log_Level         info
            Daemon            off
            Parsers_File      parsers.conf
            HTTP_Server       On
            HTTP_Listen       0.0.0.0
            HTTP_Port         2020
    
        @INCLUDE input-kubernetes.conf
        @INCLUDE filter-kubernetes.conf
        @INCLUDE output-newrelic.conf
    
      input-kubernetes.conf: |
        [INPUT]
            Name              tail
            Tag               kube.*
            Path              /var/log/containers/*.log
            Parser            docker
            DB                /var/log/flb_kube.db
            Mem_Buf_Limit     5MB
            Skip_Long_Lines   On
            Refresh_Interval  10
    
      filter-kubernetes.conf: |
        [FILTER]
            Name        record_modifier
            Match       *
            Record      cluster_name ${CLUSTER_NAME}
    
        [FILTER]
            Name        kubernetes
            Match       kube.*
            Kube_URL    https://kubernetes.default.svc.cluster.local:443
            Merge_Log   Off
        
        [FILTER]
            Name                  multiline
            Match                 kube.*
            multiline.key_content log
            multiline.parser      java
    
      output-newrelic.conf: |
        [OUTPUT]
            Name        newrelic
            Match       *
            licenseKey  ${LICENSE_KEY}
            endpoint    ${ENDPOINT}
      
      parsers.conf: |
        [PARSER]
            Name              docker
            Format            json
            Time_Key          time
            Time_Format       %Y-%m-%dT%H:%M:%S.%L
            Time_Keep         On
Stefano Lazzaro
  • 387
  • 1
  • 4
  • 22
  • any progress on getting this filter to work? i am running into a similar issue with filtering the logs and concatenating multi-line logs from a java app running in docker – mmiara May 05 '23 at 18:04
  • didn't try to fix this, maybe I should get back to it. – Stefano Lazzaro May 09 '23 at 07:42
  • the java parser does not seem to work for me, so i believe i have to use the new `MULTILINE_PARSER` to create a custom multiline parser using the regex method. have not gotten it to work yet – mmiara May 09 '23 at 19:15

0 Answers0