The log-shipper module: Custom Resources

ClusterLogDestination

Scope: Cluster
Version: v1alpha1

Describes setting for a log storage, which you can use in many log sources.

metadata.name — is an upstream name, which you should use in custom resource ClusterLoggingConfig.

• spec

  object

  Required value

  • spec.buffer

    object

    Buffer parameters.

    • spec.buffer.disk

      object

      Disk buffer parameters.

      • spec.buffer.disk.maxSize

        integer or string

        The maximum size of the buffer on disk. Must be at least ~256MB (268435488 bytes).

        You can express size as a plain integer or as a fixed-point number using one of these quantity suffixes: E, P, T, G, M, k, Ei, Pi, Ti, Gi, Mi, Ki.

        More about resource quantity:

        • kubernetes quantity
        • memory resource units

        Pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

        Examples:

        maxSize: 512Mi
        

        maxSize: 268435488
        

    • spec.buffer.memory

      object
      • spec.buffer.memory.maxEvents

        number

        The maximum number of events allowed in the buffer.

    • spec.buffer.type

      string

      Required value

      The type of buffer to use.

      Allowed values: Disk, Memory

    • spec.buffer.whenFull

      string

      Event handling behavior when a buffer is full.

      Default: Block

      Allowed values: DropNewest, Block

  • spec.elasticsearch

    object
    • spec.elasticsearch.auth

      object
      • spec.elasticsearch.auth.awsAccessKey

        string

        Base64-encoded AWS ACCESS_KEY.

      • spec.elasticsearch.auth.awsAssumeRole

        string

        The ARN of an IAM role to assume at startup.

      • spec.elasticsearch.auth.awsRegion

        string

        AWS region for authentication.

      • spec.elasticsearch.auth.awsSecretKey

        string

        Base64-encoded AWS SECRET_KEY.

      • spec.elasticsearch.auth.password

        string

        Base64-encoded Basic authentication password.

      • spec.elasticsearch.auth.strategy

        string

        The authentication strategy to use.

        Default: Basic

        Allowed values: Basic, AWS

      • spec.elasticsearch.auth.user

        string

        The Basic authentication user name.

    • spec.elasticsearch.dataStreamEnabled

      boolean

      Use for storage indexes or datastreams (https://www.elastic.co/guide/en/elasticsearch/reference/master/data-streams.html).

      Datastream usage is better for logs and metrics storage but they works only for Elasticsearch >= 7.16.X.

      Default: false

    • spec.elasticsearch.docType

      string

      The doc_type for your index data. This is only relevant for Elasticsearch <= 6.X.

      • For Elasticsearch >= 7.X you do not need this option since this version has removed doc_type mapping;
      • For Elasticsearch >= 6.X the recommended value is _doc, because using it will make it easy to upgrade to 7.X;
      • For Elasticsearch < 6.X you can’t use a value starting with _ or empty string. Use, for example, values like logs.
    • spec.elasticsearch.endpoint

      string

      Required value

      Base URL of the Elasticsearch instance.

    • spec.elasticsearch.index

      string

      Index name to write events to.

    • spec.elasticsearch.pipeline

      string

      Name of the pipeline to apply.

    • spec.elasticsearch.tls

      object

      Configures the TLS options for outgoing connections.

      • spec.elasticsearch.tls.caFile

        string

        Base64-encoded CA certificate in PEM format.

      • spec.elasticsearch.tls.clientCrt

        object

        Configures the client certificate for outgoing connections.

        • spec.elasticsearch.tls.clientCrt.crtFile

          string

          Required value

          Base64-encoded certificate in PEM format.

          You must also set the keyFile parameter.

        • spec.elasticsearch.tls.clientCrt.keyFile

          string

          Required value

          Base64-encoded private key in PEM format (PKCS#8).

          You must also set the crtFile parameter.

        • spec.elasticsearch.tls.clientCrt.keyPass

          string

          Base64-encoded pass phrase used to unlock the encrypted key file.

      • spec.elasticsearch.tls.secretRef

        object

        Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.

        • spec.elasticsearch.tls.secretRef.name

          string

          Name of the Secret with TLS certificates.

      • spec.elasticsearch.tls.verifyCertificate

        boolean

        Validate the TLS certificate of the remote host. Specifically the issuer is checked but not CRLs (Certificate Revocation Lists).

        Default: true

      • spec.elasticsearch.tls.verifyHostname

        boolean

        Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

        Default: true

  • spec.extraLabels

    object

    A set of labels that will be attached to each batch of events.

    You can use simple templating here: {{ app }}.

    There are some reserved keys:

    • parsed_data
    • pod
    • pod_labels_*
    • pod_ip
    • namespace
    • image
    • container
    • node
    • pod_owner

    More about field path notation…

    Example:

    extraLabels:
      forwarder: vector
      key: value
      app_info: "{{ app }}"
      array_member: "{{ array[0] }}"
      symbol_escating_value: "{{ pay\\.day }}"
    

  • spec.kafka

    object
    • spec.kafka.bootstrapServers

      array of strings

      Required value

      A list of host and port pairs that are the addresses of the Kafka brokers in a “bootstrap” Kafka cluster that a Kafka client connects to initially to bootstrap itself.

      Default: []

      Example:

      bootstrapServers:
      - 10.14.22.123:9092
      - 10.14.23.332:9092
      

      • Element of the array

        string

        Pattern: ^(.+)\:\d{1,5}$

    • spec.kafka.encoding

      object

      How to encode the message.

      • spec.kafka.encoding.cef

        object

        CEF-specific configuration fields. Only applicable when codec is set to CEF.

        • spec.kafka.encoding.cef.deviceProduct

          string

          Default: log-shipper-agent

        • spec.kafka.encoding.cef.deviceVendor

          string

          Default: Deckhouse

        • spec.kafka.encoding.cef.deviceVersion

          string

          Default: 1

      • spec.kafka.encoding.codec

        string

        Available encoding formats.

        Default: JSON

        Allowed values: JSON, CEF

    • spec.kafka.keyField

      string

      Allows to set the key_field.

      Examples:

      keyField: host
      

      keyField: node
      

      keyField: namespace
      

      keyField: parsed_data.app_info
      

    • spec.kafka.sasl

      object

      Configuration for SASL authentication when interacting with Kafka.

      • spec.kafka.sasl.mechanism

        string

        Required value

        The SASL mechanism to use. Only PLAIN and SCRAM-based mechanisms are supported.

        Allowed values: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512

      • spec.kafka.sasl.password

        string

        Required value

        The SASL password.

        Example:

        password: qwerty
        

      • spec.kafka.sasl.username

        string

        Required value

        The SASL username.

        Example:

        username: username
        

    • spec.kafka.tls

      object

      Configures the TLS options for outgoing connections.

      • spec.kafka.tls.caFile

        string

        Base64-encoded CA certificate in PEM format.

      • spec.kafka.tls.clientCrt

        object

        Configures the client certificate for outgoing connections.

        • spec.kafka.tls.clientCrt.crtFile

          string

          Required value

          Base64-encoded certificate in PEM format.

          You must also set the keyFile parameter.

        • spec.kafka.tls.clientCrt.keyFile

          string

          Required value

          Base64-encoded private key in PEM format (PKCS#8).

          You must also set the crtFile parameter.

        • spec.kafka.tls.clientCrt.keyPass

          string

          Base64-encoded pass phrase used to unlock the encrypted key file.

      • spec.kafka.tls.secretRef

        object

        Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.

        • spec.kafka.tls.secretRef.name

          string

          Name of the Secret with TLS certificates.

      • spec.kafka.tls.verifyCertificate

        boolean

        Validate the TLS certificate of the remote host.

        Default: true

      • spec.kafka.tls.verifyHostname

        boolean

        Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

        Default: true

    • spec.kafka.topic

      string

      Required value

      The Kafka topic name to write events to. This parameter supports template syntax, which enables you to use dynamic per-event values.

      Examples:

      topic: logs
      

      topic: logs-{{unit}}-%Y-%m-%d
      

  • spec.logstash

    object
    • spec.logstash.endpoint

      string

      Required value

      Base URL of the Logstash instance.

    • spec.logstash.tls

      object

      Configures the TLS options for outgoing connections.

      • spec.logstash.tls.caFile

        string

        Base64-encoded CA certificate in PEM format.

      • spec.logstash.tls.clientCrt

        object

        Configures the client certificate for outgoing connections.

        • spec.logstash.tls.clientCrt.crtFile

          string

          Required value

          Base64-encoded certificate in PEM format.

          You must also set the keyFile parameter.

        • spec.logstash.tls.clientCrt.keyFile

          string

          Required value

          Base64-encoded private key in PEM format (PKCS#8).

          You must also set the crtFile parameter.

        • spec.logstash.tls.clientCrt.keyPass

          string

          Base64-encoded pass phrase used to unlock the encrypted key file.

      • spec.logstash.tls.secretRef

        object

        Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.

        • spec.logstash.tls.secretRef.name

          string

          Name of the Secret with TLS certificates.

      • spec.logstash.tls.verifyCertificate

        boolean

        Validate the TLS certificate of the remote host.

        Default: true

      • spec.logstash.tls.verifyHostname

        boolean

        Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

        Default: true

  • spec.loki

    object
    • spec.loki.auth

      object
      • spec.loki.auth.password

        string

        Base64-encoded Basic authentication password.

      • spec.loki.auth.strategy

        string

        The authentication strategy to use.

        Default: Basic

        Allowed values: Basic, Bearer

      • spec.loki.auth.token

        string

        The token to use for Bearer authentication.

      • spec.loki.auth.user

        string

        The Basic authentication user name.

    • spec.loki.endpoint

      string

      Required value

      Base URL of the Loki instance.

      Agent automatically adds /loki/api/v1/push into URL during data transmission.

    • spec.loki.tenantID

      string

      ID of a tenant.

      This option is used only for GrafanaCloud. When running Loki locally, a tenant ID is not required.

    • spec.loki.tls

      object

      Configures the TLS options for outgoing connections.

      • spec.loki.tls.caFile

        string

        Base64-encoded CA certificate in PEM format.

      • spec.loki.tls.clientCrt

        object

        Configures the client certificate for outgoing connections.

        • spec.loki.tls.clientCrt.crtFile

          string

          Required value

          Base64-encoded certificate in PEM format.

          You must also set the keyFile parameter.

        • spec.loki.tls.clientCrt.keyFile

          string

          Required value

          Base64-encoded private key in PEM format (PKCS#8).

          You must also set the crtFile parameter.

        • spec.loki.tls.clientCrt.keyPass

          string

          Base64-encoded pass phrase used to unlock the encrypted key file.

      • spec.loki.tls.secretRef

        object

        Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.

        • spec.loki.tls.secretRef.name

          string

          Name of the Secret with TLS certificates.

      • spec.loki.tls.verifyCertificate

        boolean

        Validate the TLS certificate of the remote host.

        If set to false, the certificate is not checked in the Certificate Revocation Lists.

        Default: true

      • spec.loki.tls.verifyHostname

        boolean

        Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

        Default: true

  • spec.rateLimit

    object

    Parameter for limiting the flow of events.

    • spec.rateLimit.excludes

      array of objects

      List of excludes for keyField.

      Only NOT matched log entries would be rate limited.

      Examples:

      excludes:
        field: tier
        operator: Exists
      

      excludes:
        field: foo
        operator: NotIn
        values:
        - dev
        - 42
        - 'true'
        - '3.14'
      

      excludes:
        field: bar
        operator: Regex
        values:
        - "^abc"
        - "^\\d.+$"
      

      • spec.rateLimit.excludes.field

        string

        Required value

        Field name for filtering.

      • spec.rateLimit.excludes.operator

        string

        Required value

        Operator for log field comparations:

        • In — finds a substring in a string.
        • NotIn — is a negative version of the In operator.
        • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
        • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
        • Exists — drops log event if it contains some fields.
        • DoesNotExist — drops log event if it does not contain some fields.

        Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

      • spec.rateLimit.excludes.values

        array

        Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

        Fields a with float or boolean values will be converted to strings during comparison.

    • spec.rateLimit.keyField

      string

      The name of the log field whose value will be hashed to determine if the event should be rate limited.

    • spec.rateLimit.linesPerMinute

      number

      Required value

      The number of records per minute.

  • spec.socket

    object
    • spec.socket.address

      string

      Required value

      Address of the socket.

      Pattern: ^.*:[1-9][0-9]+$

    • spec.socket.encoding

      object

      How to encode the message.

      • spec.socket.encoding.cef

        object

        CEF-specific configuration fields. Only applicable when codec is set to CEF.

        • spec.socket.encoding.cef.deviceProduct

          string

          Default: log-shipper-agent

        • spec.socket.encoding.cef.deviceVendor

          string

          Default: Deckhouse

        • spec.socket.encoding.cef.deviceVersion

          string

          Default: 1

      • spec.socket.encoding.codec

        string

        Available encoding formats.

        Default: JSON

        Allowed values: Text, JSON, Syslog, CEF, GELF

    • spec.socket.mode

      string

      Required value

      Allowed values: TCP, UDP

    • spec.socket.tcp

      object
      • spec.socket.tcp.tls

        object

        Configures the TLS options for outgoing connections.

        • spec.socket.tcp.tls.caFile

          string

          Base64-encoded CA certificate in PEM format.

        • spec.socket.tcp.tls.clientCrt

          object

          Configures the client certificate for outgoing connections.

          • spec.socket.tcp.tls.clientCrt.crtFile

            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.socket.tcp.tls.clientCrt.keyFile

            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.socket.tcp.tls.clientCrt.keyPass

            string

            Base64-encoded pass phrase used to unlock the encrypted key file.

        • spec.socket.tcp.tls.secretRef

          object

          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.

          • spec.socket.tcp.tls.secretRef.name

            string

            Name of the Secret with TLS certificates.

      • spec.socket.tcp.verifyCertificate

        boolean

        Validate the TLS certificate of the remote host.

        If set to false, the certificate is not checked in the Certificate Revocation Lists.

        Default: true

      • spec.socket.tcp.verifyHostname

        boolean

        Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

        Default: true

  • spec.splunk

    object
    • spec.splunk.endpoint

      string

      Required value

      Base URL of the Splunk instance.

      Example:

      endpoint: https://http-inputs-hec.splunkcloud.com
      

    • spec.splunk.index

      string

      Index name to write events to.

    • spec.splunk.tls

      object

      Configures the TLS options for outgoing connections.

      • spec.splunk.tls.caFile

        string

        Base64-encoded CA certificate in PEM format.

      • spec.splunk.tls.clientCrt

        object

        Configures the client certificate for outgoing connections.

        • spec.splunk.tls.clientCrt.crtFile

          string

          Required value

          Base64-encoded certificate in PEM format.

          You must also set the keyFile parameter.

        • spec.splunk.tls.clientCrt.keyFile

          string

          Required value

          Base64-encoded private key in PEM format (PKCS#8).

          You must also set the crtFile parameter.

        • spec.splunk.tls.clientCrt.keyPass

          string

          Base64-encoded pass phrase used to unlock the encrypted key file.

      • spec.splunk.tls.secretRef

        object

        Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.

        • spec.splunk.tls.secretRef.name

          string

          Name of the Secret with TLS certificates.

      • spec.splunk.tls.verifyCertificate

        boolean

        Validate the TLS certificate of the remote host.

        Default: true

      • spec.splunk.tls.verifyHostname

        boolean

        Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

        Default: true

    • spec.splunk.token

      string

      Required value

      Default Splunk HEC token. If an event has a token set in its metadata, it will have priority over the one set here.

  • spec.transformations

    array of objects

    List of transformations that can be applied to logs before sending them to the destination.

    Available options:

    • ReplaceKeys: Replaces source with target in the specified label keys.

      Example:

      transformations:
      - action: ReplaceKeys
        replaceKeys:
          source: "."
          target: "_"
          labels:
            - .pod_labels
      

    • ParseMessage: Converts the message field from the format specified in sourceFormat into an object. If conversion fails, the message field remains unchanged.

      Examples:

      transformations:
      - action: ParseMessage
        parseMessage:
          sourceFormat: String
          string:
            targetField: msg
      

      transformations:
      - action: ParseMessage
        parseMessage:
          sourceFormat: Klog
      - action: ParseMessage
        parseMessage:
          sourceFormat: JSON
          json:
            depth: 1
      - action: ParseMessage
        parseMessage:
          sourceFormat: String
          string:
            targetField: msg
      

    • DropLabels: Removes the specified labels.

      Example:

      transformations:
      - action: DropLabels
        dropLabels:
          labels:
            - .first
            - .second
      

    • spec.transformations.action

      string

      Type of a transformation.

      Allowed values: ReplaceKeys, ParseMessage, DropLabels

    • spec.transformations.dropLabels

      object

      Removes the specified labels.

      • spec.transformations.dropLabels.labels

        array of strings

        Required value

        List of labels to remove.

        • Element of the array

          string

          Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-]+$

    • spec.transformations.parseMessage

      object

      Converts the message field into an object.

      • spec.transformations.parseMessage.json

        object
        • spec.transformations.parseMessage.json.depth

          integer

          Depth for JSON parsing.

          Allowed values: 1 <= X <= 128

      • spec.transformations.parseMessage.sourceFormat

        string

        Required value

        Message format for converting into an object.

        Allowed values: String, JSON, Klog, SysLog, CLF, Logfmt

      • spec.transformations.parseMessage.string

        object
        • spec.transformations.parseMessage.string.targetField

          string

          Required value

          Target field where the structured message is placed.

          Pattern: ^[a-zA-Z0-9_\\\.\-]+$

    • spec.transformations.replaceKeys

      object

      Recursive replacement of all matches of the source pattern with the target value in the specified labels.

      • spec.transformations.replaceKeys.labels

        array of strings

        Required value

        List of labels in which the recursive replacement will be performed.

        • Element of the array

          string

          Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-]+$

      • spec.transformations.replaceKeys.source

        string

        Required value

        Pattern used to find matches. Can be a static string or a regular expression.

      • spec.transformations.replaceKeys.target

        string

        Value that replaces all matches of the pattern.

        Default:

  • spec.type

    string

    Type of a log storage backend.

    Allowed values: Loki, Elasticsearch, Logstash, Vector, Kafka, Splunk, Socket

  • spec.vector

    object
    • spec.vector.endpoint

      string

      Required value

      An address of the Vector instance. API v2 must be used for communication between instances.

      Pattern: ^(.+):([0-9]{1,5})$

    • spec.vector.tls

      object

      Configures the TLS options for outgoing connections.

      • spec.vector.tls.caFile

        string

        Base64-encoded CA certificate in PEM format.

      • spec.vector.tls.clientCrt

        object

        Configures the client certificate for outgoing connections.

        • spec.vector.tls.clientCrt.crtFile

          string

          Required value

          Base64-encoded certificate in PEM format.

          You must also set the keyFile parameter.

        • spec.vector.tls.clientCrt.keyFile

          string

          Required value

          Base64-encoded private key in PEM format (PKCS#8).

          You must also set the crtFile parameter.

        • spec.vector.tls.clientCrt.keyPass

          string

          Base64-encoded passphrase used to unlock the encrypted key file.

      • spec.vector.tls.secretRef

        object

        Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.

        • spec.vector.tls.secretRef.name

          string

          Name of the Secret with TLS certificates.

      • spec.vector.tls.verifyCertificate

        boolean

        Validate the TLS certificate of the remote host.

        Default: true

      • spec.vector.tls.verifyHostname

        boolean

        Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

        Default: true

ClusterLoggingConfig

Scope: Cluster

PodLoggingConfig

Scope: Namespaced
Version: v1alpha1

Custom resource for namespaced Kubernetes source.

Each custom resource PodLoggingConfig describes rules for log fetching from specified namespace.

• spec

  object

  Required value

  • spec.clusterDestinationRefs

    array of strings

    Required value

    Array of ClusterLogDestination custom resource names which this source will output with.

  • spec.keepDeletedFilesOpenedFor

    string

    Specifies the time to keep deleted files opened for reading. Vector will keep pods metadata for this time as well to read logs from deleted pods. This option is useful in cases of a log storage unavailability or a network partition. Vector will keep log files opened until finally sending them to the destination.

    Enabling this option may affect the resource consumption of the Vector and also flood a disk with deleted logs. Use it with caution.

    The format is a string containing the time unit in hours and minutes: 30m, 1h, 2h30m, 24h.

    Pattern: ^([0-9]+h([0-9]+m)?|[0-9]+m)$

  • spec.labelFilter

    array of objects

    Rules to filter log lines by their metadata labels.

    Example:

    labelFilter:
    - field: container
      operator: In
      values:
      - nginx
    - field: pod_labels.tier
      operator: Regex
      values:
      - prod-.+
      - stage-.+
    - field: message
      operator: Regex
      values:
      - ".*search_text.*"
    

    • spec.labelFilter.field

      string

      Required value

      Label name for filtering.

      Must not be empty.

      Pattern: .+

    • spec.labelFilter.operator

      string

      Required value

      Operator for log field comparations:

      • In — finds a substring in a string.
      • NotIn — is a negative version of the In operator.
      • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
      • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
      • Exists — drops log event if it contains some fields.
      • DoesNotExist — drops log event if it does not contain some fields.

      Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

    • spec.labelFilter.values

      array

      Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

      Fields with a float or boolean values will be converted to strings during comparison.

  • spec.labelSelector

    object

    Specifies the label selector to filter Pods.

    You can get more into here.

    • spec.labelSelector.matchExpressions

      array of objects

      List of label expressions for Pods.

      Example:

      matchExpressions:
      - key: tier
        operator: In
        values:
        - production
        - staging
      

      • spec.labelSelector.matchExpressions.key

        string

        A label name.

      • spec.labelSelector.matchExpressions.operator

        string

        A comparison operator.

        Allowed values: In, NotIn, Exists, DoesNotExist

      • spec.labelSelector.matchExpressions.values

        array of strings

        A label value.

        • Element of the array

          string

          Pattern: [a-z0-9]([-a-z0-9]*[a-z0-9])?

          Length: 1..63

    • spec.labelSelector.matchLabels

      object

      List of labels which Pod should have.

      Example:

      matchLabels:
        foo: bar
        baz: who
      

  • spec.logFilter

    array of objects

    A list of filters for logs that are applied to messages in JSON format.

    Only matched lines would be stored to log destination.

    Example:

    logFilter:
    - field: tier
      operator: Exists
    - field: foo
      operator: NotIn
      values:
      - dev
      - 42
      - 'true'
      - '3.14'
    - field: bar
      operator: Regex
      values:
      - "^abc"
      - "^\\d.+$"
    

    • spec.logFilter.field

      string

      Required value

      Field name for filtering. It should be empty for non-JSON messages.

    • spec.logFilter.operator

      string

      Required value

      Operator for log field comparations:

      • In — finds a substring in a string.
      • NotIn — is a negative version of the In operator.
      • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
      • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
      • Exists — drops log event if it contains some fields.
      • DoesNotExist — drops log event if it does not contain some fields.

      Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

    • spec.logFilter.values

      array

      Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

      Fields a with float or boolean values will be converted to strings during comparison.

  • spec.multilineParser

    object

    Multiline parser for different patterns.

    • spec.multilineParser.custom

      object

      Multiline parser custom regex rules.

      • spec.multilineParser.custom.endsWhen

        object

        It’s a condition to distinguish the last log line of the multiline log.

        • spec.multilineParser.custom.endsWhen.notRegex

          string

          Regex string, which treats as match only strings that DON’T match the regex.

        • spec.multilineParser.custom.endsWhen.regex

          string

          Regex string, which treats as match only strings that match the regex.

      • spec.multilineParser.custom.startsWhen

        object

        It’s a condition to distinguish the first log line of multiline log.

        • spec.multilineParser.custom.startsWhen.notRegex

          string

          Regex string, which treats as match only strings that DON’T match the regex.

        • spec.multilineParser.custom.startsWhen.regex

          string

          Regex string, which treats as match only strings that match the regex.

    • spec.multilineParser.type

      string

      Required value

      Parser types:

      • None — do not parse logs.
      • General — tries to match general multiline logs with space or tabulation on extra lines.
      • Backslash — tries to match bash style logs with backslash on all lines except the last event line.
      • LogWithTime — tries to detect events by timestamp.
      • MultilineJSON — tries to match JSON logs, assuming the event starts with the { symbol.
      • Custom - tries to match logs with the user provided regex in spec.multilineParser.custom field.

      Default: None

      Allowed values: None, General, Backslash, LogWithTime, MultilineJSON, Custom