-
Feature
-
Resolution: Unresolved
-
Undefined
-
None
-
Logging 6.3
-
None
-
False
-
-
False
-
Not Selected
-
0
-
Important
Proposed title of this feature request
Allow users to disable enrichment for Splunk output
What is the nature and description of the request?
With syslog type output, there is a way to disable (or minimise) enrichment of the log record. The functionality is not available for any other output yet.
$ oc explain obsclf.spec.outputs.syslog.enrichment
GROUP: observability.openshift.io
KIND: ClusterLogForwarder
VERSION: v1
FIELD: enrichment <string>
ENUM:
None
KubernetesMinimal
DESCRIPTION:
Enrichment is an additional modification to the log message before
forwarding it to the receiver.
Supported values are:
1. None
- Adds no additional enrichment to the record
2. KubernetesMinimal
- Adds namespace_name, pod_name, and container_name to the beginning of
the message body (e.g. namespace_name=myproject, container_name=server,
pod_name=pod-123, message={"foo":"bar"}).
This may result in the message body being an invalid JSON structure.
Similar functionality is being looked upon for Splunk output as well.
The goal is to minimise the transformation of log records by vector and improve its throughput.
Why does the customer need this? (List the business requirements)
To improve the throughput of vector
List any affected packages or components.
Red Hat OpenShift Logging (Vector)
