Details
-
Feature
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
0
-
0
-
0%
-
0
Description
Proposed title of this feature request
Remap support for the reduce transform (multi-line logs)
2. What is the nature and description of the request?
We're faced with an issue with the OpenShift Logging Operator, specifically with how the Vector Collector configuration is reconciled as part of the ClusterLogForwarder and detectMultilineErrors CustomResource -It doesn't allow for modifications needed when the exception detector script doesn't pick up a customer's RegEx.
3. Why does the customer need this? (List the business requirements here)
Due to the logs being broken up there are usability issues and artificial cost increases that arise:
1.)The first being the logs are not usable. There is alerting that has been created in Splunk from the generated logs which do not work. and it is nearly impossible to sift through and see where one log ends and the other begins.
2.) Also from a Splunk pricing model perspective, it has increased message workload and eaten up the current license quota limit due to one message being broken up into many.
Workload in question - This particular application is a fairly significant third party application that is a member of our ecosystem of partners. The legacy version of this application has already EOL'd this winter and customer needs to migrate everything to a supported version required to run on new platforms like OpenShift. OpenShift is one of a few that are certified for this new version.
4. List any affected packages or components.
- Red Hat Logging Operator
- Vector log collector
- detectMultilineErrors CustomResource
- ClusterLogForwarder
