cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ppal
Observer
Member since: ‎03-11-2024
‎03-28-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-11-2024
View All

Re: How to modify logs via Splunk Otel Collector?

by in Splunk Enterprise
‎03-28-2024 11:35 AM
‎03-28-2024 11:35 AM
Interesting, thanks for taking time and replying to my queries. @PaulPanther  ... View more

Re: How to modify logs via Splunk Otel Collector?

by in Splunk Enterprise
‎03-26-2024 08:25 AM
‎03-26-2024 08:25 AM
yes, each method was tested separately to it doesn't overlap. I just combined it here to it's easier to see what been tried so far. Here is the sample log (reduced to a few kv) from k8s nodes that is pulled by collector(agent).  2024-03-11T21:04:41.411025006Z stdout F {"time": "2024-03-11T21:04:41+00:00", "upstream_namespace":"system-monitoring", "remote_user": "sample-user"}   If for example I just use `attributes/upsert` it appends to existing but not overwrite it. ... View more

Re: How to modify logs via Splunk Otel Collector?

by in Splunk Enterprise
‎03-26-2024 07:50 AM
‎03-26-2024 07:50 AM
Yes, it does.  service: pipelines: logs: exporters: - otlp processors: - transform - attributes/upsert   So far I have tried these options but none seem to work.  processors: attributes/upsert: actions: - key: upstream_namespace action: upsert value: "REDACTED_NS" transform: log_statements: - context: log statements: - replace_all_patterns(attributes,"value","upstream_namespace", "REDACTED_NS") - replace_all_patterns(attributes,"key","upstream_namespace", "REDACTED_NS") - replace_match(attributes["upstream_namespace"], "*" , "REDACTED_NS") - replace_match(attributes["upstream_namespace"], "system-monitoring" , "REDACTED_NS") - delete_key(attributes,"upstream_namespace") - delete_key(resource.attributes,"upstream_namespace") - replace_all_patterns(attributes["upstream_namespace"],"value","upstream_namespace", "REDACTED_NS") - replace_all_patterns(attributes["upstream_namespace"],"value","system-monitoring", "REDACTED_NS") The attribute/upsert and set() however appends to existing value.  upstream_namespace: REDACTED_NS system-monitoring Not sure what is missing here, any suggestions to resolve this? Thanks ... View more

How to modify logs via Splunk Otel Collector?

by in Splunk Enterprise
‎03-12-2024 08:33 AM
‎03-12-2024 08:33 AM
Hi Everyone, I am trying to replicate log modification that was possible with fluentd when using splunk-connect-for-kubernetes.       splunk_kubernetes_logging: cleanAuthtoken: tag: 'tail.containers.**' type: 'record_modifier' body: | # replace key log <replace> key log expression /"traffic_http_auth".*?:.*?".+?"/ # replace string replace "\"traffic_http_auth\": \"auth cleared\"" </replace>       Now since the above charts support ended we have switched to splunk-otel-collector. Along with this we also switched the logsengine: otel  and now having a hard time replicating this modification. Per the documentation I read this should come via processors (which is the agent), please correct me if I am wrong here. I have tried two processors but both doesn't work.  What I am missing here?     logsengine: otel agent: enabled: true config: processors: attributes/log_body_regexp: actions: - key: traffic_http_auth action: update value: "obfuscated" transform: log_statements: - context: log statements: - set(traffic_http_auth, "REDACTED")       This is new to me, can anyone point me where this logs modifiers can be applied.  Thanks, Ppal       ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-28-2024 09:51 PM