Dedot fluentbit filter for labels and annotations #30
Conversation
nutellinoit
requested review from
lzecca78,
phisco,
niccoloraspa,
ralgozino,
angelbarrera92 and
lnovara
|
How it affects current running setups? The patch LGTM! |
|
No ES operation needed, because the logs are always sent to the same indexes. IDEA: |
Not sure if it is "easy" to do. But worth a test |
|
Can you check the linter? it is complaining about Lua :) |
|
Hi @angelbarrera92 , can you help me with the linter? |
|
And side note, this change is now running on two clusters |
If you copy-pasted the code, maybe could be better to "exclude" it somehow. Is this the case? |
Yes, that's the case |
|
Hi @nutellinoit ! The patch itself lgtm, but I'm missing a piece. What is this patch trying to solve? Is this an issue with our current implementation? if that's the case, is it fixed upstream? should we instead wait for the upstream patch and update the hole module? or is this a backport of a hotfix? |
|
Hi @ralgozino , the patch is solving the problem that causes issue if in the same cluster you have a deployment with a labels for example I did this workaround because the dedot filter on fluentbit is present only on elasticsearch output, but we are not directly sending logs to ES, we are sending logs to fluentd. Also it's easier to manage fluentbit configuration instead of fluentd. If you want we can pair and i will show you the patch up&running |
Done here: 7cb863e |
Thank you @angelbarrera92 ! |
Thank you for the explanation Samu, there's no need to pair but thanks for offering it! |
Hi team, i added a little lua script on fluentbit to dedot labels and annotations before sending data to fluentd.
Source here: fluent/fluent-bit#1134 (comment)
This way, there will be no conflict on elasticsearch side because everything will be a string instead of an object.
I tested it and it's working, but before merging or do more test (eg on a real cluster) tell me what you think about it