Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2758

Limit maximum record size

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • NEW

    Description

      Story

      As a log admin, I want to limit the maximum size of log records by truncating them

      Note this can lose valuable data, or create log records that cannot be parsed (e.g. truncated JSON logs) The goal is to at least let the user know that something in the system is producing logs too big to forward, and ideally to indicate what pod or node is responsible.

      Design

      Introduce a limit object field to forwarder outputs (see  LOG-2207 and LOG-2298 that also use the limit field)

      Add the following sub-field

      limit.maxRecordBytes: max size of a complete log record envelope (metadata+payload)

      If a record exceeds this size: 

      • add field truncatedFrom to root of the envelop with the original size of the message field in bytes.
      • truncate message field so that the total record size is maxRecordBytes.

      If maxRecordBytes is too small for the metadata:

      • Strip the envelope to  
         {"truncatedFrom":N, "message":"<...truncated message...>"}

      If maxRecordBytes is absent or 0, there is no limit.

      For logs that are not wrapped in aa JSON envelope (e.g. API server events, K8s events, syslog message-only logs)

      • Truncate the payload to maxRecordBytes

      Acceptance Criteria

      • Record  limits are enforced as described, tested for at least: loki, syslog, cloudwatch outputs.

      Attachments

        Issue Links

          blocks

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-121 Kibana shows payload content length greater than maximum allowed

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • In Progress
          is cloned by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. LOG-2851 Limit maximum write batch size

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. LOG-2635 CloudWatch forwarding rejecting large log events, fills tmpfs

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. LOG-2298 CLF supporting Flow Control Spec

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed

          Activity

            People

              prangupt Pranjal Gupta (Inactive)
              rhn-engineering-aconway Alan Conway
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: