Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: Logging 6.4.3
Affects Version/s: Logging 6.4.0
Component/s: Log Collection
Labels:
- devel_ack+
- prune
- vector

Activity Type:
Incidents & Support
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs QE Status:
NEW
QE Status:
NEW
Release Note Text:

Hide
Before this update, the `.auditID` field was not preserved unless it was explicitly referenced as `.structured.auditID` in `.notIN` for Audit logs, leading to confusion and missing fields in the output. With this update, the `auditID` field is correctly maintained without requiring users to reference the structured path explicitly, ensuring the field is preserved in the output as expected.

Show
Before this update, the `.auditID` field was not preserved unless it was explicitly referenced as `.structured.auditID` in `.notIN` for Audit logs, leading to confusion and missing fields in the output. With this update, the `auditID` field is correctly maintained without requiring users to reference the structured path explicitly, ensuring the field is preserved in the output as expected.
Release Note Type:
Bug Fix
Intelligence Requested:
Market:

Sprint:
Logging - Sprint 283, Logging - Sprint 284
Severity:
Low

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description of problem: (+ expectation from this jira)

The ".auditID" field is not maintained when mentioned in .notIN for Audit, it has to be mentioned as ".structured.auditID"

When prune filter is not used it appears in Observe>Loki just as "auditID"

auditID 0decf002-e40e-4250-a907-cb17f82bcba3

New users unfamiliar with vector.toml pipelines often struggle to understand that the 'structured' parameter is required to ensure field auditID is preserved in the output.

If this is expected there should be list of such fields in doc : https://issues.redhat.com/browse/OBSDOCS-2359

If its not expected then it should be worked upon