Story

As a log admin, I want to limit the maximum size of log records by truncating them

Note this can lose valuable data, or create log records that cannot be parsed (e.g. truncated JSON logs) The goal is to at least let the user know that something in the system is producing logs too big to forward, and ideally to indicate what pod or node is responsible.

Design

Introduce a limit object field to forwarder outputs (see  LOG-2207 and LOG-2298 that also use the limit field)

Add the following sub-field

limit.maxRecordBytes: max size of a complete log record envelope (metadata+payload)

If a record exceeds this size: 

• add field truncatedFrom to root of the envelop with the original size of the message field in bytes.
• truncate message field so that the total record size is maxRecordBytes.

If maxRecordBytes is too small for the metadata:

• Strip the envelope to 

   {"truncatedFrom":N, "message":"<...truncated message...>"} 

If maxRecordBytes is absent or 0, there is no limit.

For logs that are not wrapped in aa JSON envelope (e.g. API server events, K8s events, syslog message-only logs)

• Truncate the payload to maxRecordBytes

Acceptance Criteria

• Record  limits are enforced as described, tested for at least: loki, syslog, cloudwatch outputs.