The module lifecycle stageGeneral Availability
The module has requirements for installation

The Deckhouse Kubernetes Platform installs CRDs but does not remove them when a module is disabled. If you no longer need the created CRDs, delete them.

ClusterLogDestination

Scope: Cluster

v1alpha2 v1alpha1

Describes setting for a log storage, which you can use in many log sources.

metadata.name — is an upstream name, which you should use in custom resource ClusterLoggingConfig.

  • spec
    object
    • spec.buffer
      object
      Buffer parameters.
      • spec.buffer.disk
        object
        Disk buffer parameters.
        • spec.buffer.disk.maxSize
          integer or string

          The maximum size of the buffer on disk. Must be at least ~256MB (268435488 bytes).

          You can express size as a plain integer or as a fixed-point number using one of these quantity suffixes: E, P, T, G, M, k, Ei, Pi, Ti, Gi, Mi, Ki.

          More about resource quantity:

          Pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

          Examples: 


          maxSize: 512Mi

          maxSize: 268435488
      • spec.buffer.memory
        object
        • spec.buffer.memory.maxEvents
          number
          The maximum number of events allowed in the buffer.
      • spec.buffer.type
        string

        Required value

        The type of buffer to use.

        Allowed values: Disk, Memory

      • spec.buffer.whenFull
        string
        Event handling behavior when a buffer is full.

        Default: Block

        Allowed values: DropNewest, Block

    • spec.elasticsearch
      object
      • spec.elasticsearch.auth
        object
        • spec.elasticsearch.auth.awsAccessKey
          string
          Base64-encoded AWS ACCESS_KEY.
        • spec.elasticsearch.auth.awsAssumeRole
          string
          The ARN of an IAM role to assume at startup.
        • spec.elasticsearch.auth.awsRegion
          string
          AWS region for authentication.
        • spec.elasticsearch.auth.awsSecretKey
          string
          Base64-encoded AWS SECRET_KEY.
        • spec.elasticsearch.auth.password
          string
          Base64-encoded Basic authentication password.
        • spec.elasticsearch.auth.strategy
          string
          The authentication strategy to use.

          Default: Basic

          Allowed values: Basic, AWS

        • spec.elasticsearch.auth.user
          string
          The Basic authentication user name.
      • spec.elasticsearch.dataStreamEnabled
        boolean

        Use for storage indexes or datastreams (https://www.elastic.co/guide/en/elasticsearch/reference/master/data-streams.html).

        Datastream usage is better for logs and metrics storage but they works only for Elasticsearch >= 7.16.X.

        Default: false

      • spec.elasticsearch.docType
        string

        The doc_type for your index data. This is only relevant for Elasticsearch <= 6.X.

        • For Elasticsearch >= 7.X you do not need this option since this version has removed doc_type mapping;
        • For Elasticsearch >= 6.X the recommended value is _doc, because using it will make it easy to upgrade to 7.X;
        • For Elasticsearch < 6.X you can’t use a value starting with _ or empty string. Use, for example, values like logs.
      • spec.elasticsearch.endpoint
        string

        Required value

        Base URL of the Elasticsearch instance.
      • spec.elasticsearch.index
        string
        Index name to write events to.
      • spec.elasticsearch.pipeline
        string
        Name of the pipeline to apply.
      • spec.elasticsearch.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.elasticsearch.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.elasticsearch.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.elasticsearch.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.elasticsearch.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.elasticsearch.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.elasticsearch.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.elasticsearch.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.elasticsearch.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host. Specifically the issuer is checked but not CRLs (Certificate Revocation Lists).

          Default: true

        • spec.elasticsearch.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.extraLabels
      object

      A set of labels that will be attached to each batch of events.

      You can use simple templating here: {{ app }}.

      There are some reserved keys:

      • parsed_data
      • pod
      • pod_labels_*
      • pod_ip
      • namespace
      • image
      • container
      • node
      • pod_owner

      More about field path notation…

      Example: 


      app_info: '{{ app }}'
array_member: '{{ array[0] }}'
forwarder: vector
key: value
symbol_escating_value: '{{ pay\.day }}'
    • spec.kafka
      object
      • spec.kafka.bootstrapServers
        array of strings

        Required value

        A list of host and port pairs that are the addresses of the Kafka brokers in a “bootstrap” Kafka cluster that a Kafka client connects to initially to bootstrap itself.

        Default: []

        Example: 


        bootstrapServers:
- 10.14.22.123:9092
- 10.14.23.332:9092
        • spec.kafka.bootstrapServers.Element of the array
          string

          Pattern: ^(.+)\:\d{1,5}$

      • spec.kafka.encoding
        object
        How to encode the message.
        • spec.kafka.encoding.cef
          object
          CEF-specific configuration fields. Only applicable when codec is set to CEF.
          • spec.kafka.encoding.cef.deviceProduct
            string

            Default: log-shipper-agent

            Minimal length: 1

          • spec.kafka.encoding.cef.deviceVendor
            string

            Default: Deckhouse

            Minimal length: 1

          • spec.kafka.encoding.cef.deviceVersion
            string

            Default: 1

            Minimal length: 1

        • spec.kafka.encoding.codec
          string
          Available encoding formats.

          Default: JSON

          Allowed values: JSON, CEF

      • spec.kafka.keyField
        string
        Allows to set the key_field.

        Examples: 


        keyField: host

        keyField: node

        keyField: namespace

        keyField: parsed_data.app_info
      • spec.kafka.sasl
        object
        Configuration for SASL authentication when interacting with Kafka.
        • spec.kafka.sasl.mechanism
          string

          Required value

          The SASL mechanism to use. Only PLAIN and SCRAM-based mechanisms are supported.

          Allowed values: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512

        • spec.kafka.sasl.password
          string

          Required value

          The SASL password.

          Example: 


          password: qwerty
        • spec.kafka.sasl.username
          string

          Required value

          The SASL username.

          Example: 


          username: username
      • spec.kafka.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.kafka.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.kafka.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.kafka.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.kafka.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.kafka.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.kafka.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.kafka.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.kafka.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.kafka.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

      • spec.kafka.topic
        string

        Required value

        The Kafka topic name to write events to. This parameter supports template syntax, which enables you to use dynamic per-event values.

        Examples: 


        topic: logs

        topic: logs-{{unit}}-%Y-%m-%d
    • spec.logstash
      object
      • spec.logstash.endpoint
        string

        Required value

        Base URL of the Logstash instance.
      • spec.logstash.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.logstash.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.logstash.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.logstash.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.logstash.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.logstash.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.logstash.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.logstash.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.logstash.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.logstash.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.loki
      object
      • spec.loki.auth
        object
        • spec.loki.auth.password
          string
          Base64-encoded Basic authentication password.
        • spec.loki.auth.strategy
          string
          The authentication strategy to use.

          Default: Basic

          Allowed values: Basic, Bearer

        • spec.loki.auth.token
          string
          The token to use for Bearer authentication.
        • spec.loki.auth.user
          string
          The Basic authentication user name.
      • spec.loki.endpoint
        string

        Required value

        Base URL of the Loki instance.

        Agent automatically adds /loki/api/v1/push into URL during data transmission.

      • spec.loki.tenantID
        string

        ID of a tenant.

        This option is used only for GrafanaCloud. When running Loki locally, a tenant ID is not required.

      • spec.loki.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.loki.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.loki.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.loki.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.loki.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.loki.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.loki.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.loki.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.loki.tls.verifyCertificate
          boolean

          Validate the TLS certificate of the remote host.

          If set to false, the certificate is not checked in the Certificate Revocation Lists.

          Default: true

        • spec.loki.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.rateLimit
      object
      Parameter for limiting the flow of events.
      • spec.rateLimit.excludes
        array of objects

        List of excludes for keyField.

        Only NOT matched log entries would be rate limited.

        Examples: 


        field: tier
operator: Exists

        field: foo
operator: NotIn
values:
- dev
- 42.0
- 'true'
- '3.14'

        field: bar
operator: Regex
values:
- ^abc
- '^\d.+$'
        • spec.rateLimit.excludes.field
          string
          Field name for filtering.
        • spec.rateLimit.excludes.operator
          string

          Operator for log field comparations:

          • In — finds a substring in a string.
          • NotIn — is a negative version of the In operator.
          • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
          • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
          • Exists — drops log event if it contains some fields.
          • DoesNotExist — drops log event if it does not contain some fields.

          Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

        • spec.rateLimit.excludes.values
          array

          Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

          Fields a with float or boolean values will be converted to strings during comparison.

      • spec.rateLimit.keyField
        string
        The name of the log field whose value will be hashed to determine if the event should be rate limited.
      • spec.rateLimit.linesPerMinute
        number

        Required value

        The number of records per minute.
    • spec.socket
      object
      • spec.socket.address
        string

        Required value

        Address of the socket.

        Pattern: ^.*:[1-9][0-9]+$

      • spec.socket.encoding
        object
        How to encode the message.
        • spec.socket.encoding.cef
          object
          CEF-specific configuration fields. Only applicable when codec is set to CEF.
          • spec.socket.encoding.cef.deviceProduct
            string

            Default: log-shipper-agent

            Minimal length: 1

          • spec.socket.encoding.cef.deviceVendor
            string

            Default: Deckhouse

            Minimal length: 1

          • spec.socket.encoding.cef.deviceVersion
            string

            Default: 1

            Minimal length: 1

        • spec.socket.encoding.codec
          string
          Available encoding formats.

          Default: JSON

          Allowed values: Text, JSON, Syslog, CEF, GELF

      • spec.socket.mode
        string

        Required value

        Allowed values: TCP, UDP

      • spec.socket.tcp
        object
        • spec.socket.tcp.tls
          object
          Configures the TLS options for outgoing connections.
          • spec.socket.tcp.tls.caFile
            string
            Base64-encoded CA certificate in PEM format.
          • spec.socket.tcp.tls.clientCrt
            object
            Configures the client certificate for outgoing connections.
            • spec.socket.tcp.tls.clientCrt.crtFile
              string

              Required value

              Base64-encoded certificate in PEM format.

              You must also set the keyFile parameter.

            • spec.socket.tcp.tls.clientCrt.keyFile
              string

              Required value

              Base64-encoded private key in PEM format (PKCS#8).

              You must also set the crtFile parameter.

            • spec.socket.tcp.tls.clientCrt.keyPass
              string
              Base64-encoded pass phrase used to unlock the encrypted key file.
          • spec.socket.tcp.tls.secretRef
            object
            Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
            • spec.socket.tcp.tls.secretRef.name
              string
              Name of the Secret with TLS certificates.
        • spec.socket.tcp.verifyCertificate
          boolean

          Validate the TLS certificate of the remote host.

          If set to false, the certificate is not checked in the Certificate Revocation Lists.

          Default: true

        • spec.socket.tcp.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.splunk
      object
      • spec.splunk.endpoint
        string

        Required value

        Base URL of the Splunk instance.

        Example: 


        endpoint: https://http-inputs-hec.splunkcloud.com
      • spec.splunk.index
        string
        Index name to write events to.
      • spec.splunk.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.splunk.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.splunk.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.splunk.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.splunk.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.splunk.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.splunk.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.splunk.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.splunk.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.splunk.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

      • spec.splunk.token
        string

        Required value

        Default Splunk HEC token. If an event has a token set in its metadata, it will have priority over the one set here.
    • spec.transformations
      array of objects

      Ordered list of transformations applied to each log event before it is sent to the destination. Items are executed in array order.

      AddLabels runs after extraLabels when both are configured.

      Available actions:

      • ReplaceKeys — recursively replace matches of the source pattern with target in the given paths.
      • ParseMessage — parse the message field using sourceFormat and write the result to targetLabel (default .message; the lone . merges into the event root). On parse failure the original message is left unchanged.
      • DropLabels — remove the value at each label path, or if keepKeys is set on an item, keep only those child key names inside the object at label.
      • AddLabels — add labels (literals, {{ .path }} templates, optional when). Runs after extraLabels; on key name conflicts AddLabels wins.
      • ReplaceValue — replace substrings in scalar string fields using the source regex; target may reference named groups as {{ group_name }}.

      Examples: 


      action: ReplaceKeys
replaceKeys:
  labels:
  - .pod_labels
  source: .
  target: _

      action: ParseMessage
parseMessage:
  sourceFormat: String
  string:
    regex: ^(?P<msg>.*)$
    setLabels:
      msg: '{{ msg }}'

      action: ParseMessage
parseMessage:
  sourceFormat: Klog

      action: ParseMessage
parseMessage:
  json:
    depth: 1
  sourceFormat: JSON

      action: DropLabels
dropLabels:
  labels:
  - label: .first
  - label: .second
  - keepKeys:
    - app
    - team
    label: .pod_labels

      action: AddLabels
addLabels:
  setLabels:
    .env: prod
    .source_app: '{{ .pod_labels.app }}'
  when:
  - .namespace == "production"

      action: ReplaceValue
replaceValue:
  labels:
  - .message
  source: '\d+'
  target: REDACTED
      • spec.transformations.action
        string
        Transformation type; selects which parameter block is used.

        Allowed values: ReplaceKeys, ParseMessage, DropLabels, AddLabels, ReplaceValue

      • spec.transformations.addLabels
        object
        Adds fields to the event from setLabels (literals and {{ .path }} templates). Runs after extraLabels when both are set; on path conflicts values from this transform win. Optional when filter.
        • spec.transformations.addLabels.setLabels
          object

          Required value

          Keys are destination label paths in Vector notation: each key starts with . relative to the event root (e.g. .env, .source_app). Values are literals or {{ .path }} templates where path in the template is a source field path with a leading ..

          Examples: 


          .tier: backend

          .source_app: '{{ .pod_labels.app }}'
        • spec.transformations.addLabels.when
          array of strings
          Optional list of conditions combined with logical AND. In comparisons, the field path is a leading dot and dot-separated segments (e.g. .namespace, .pod_labels.app). Each item is either: a comparison path ==|!=|=~|!=~ value (regular expression for =~ / !=~), a path with no operator or right-hand side (field exists), or !.path (field does not exist).

          Examples: 


          when: .namespace == "production"

          when: .pod_labels.app =~ "^api-"

          when: .level != "debug"

          when: .pod_labels.team

          when: '!.pod_labels.legacy'
          • spec.transformations.addLabels.when.Element of the array
            string

            Pattern: ^[a-zA-Z0-9_\s\\\[\](){}?*+.^$\-=!:,'"|<>~#/@]+$

      • spec.transformations.dropLabels
        object
        Removes field paths, or narrows objects by keeping only selected child keys at each label when keepKeys is set.
        • spec.transformations.dropLabels.labels
          array of objects

          Required value

          Each item has a required Vector path label and optional keepKeys. If keepKeys is omitted, the subtree at label is removed. If keepKeys is set, only those child key names are kept in the object at label.
          • spec.transformations.dropLabels.labels.keepKeys
            array of strings
            Child key names (no leading dot) to keep inside the object at label; all other child keys are removed.
            • spec.transformations.dropLabels.labels.keepKeys.Element of the array
              string

              Pattern: ^[a-zA-Z0-9_.\-/]+$

          • spec.transformations.dropLabels.labels.label
            string
            Vector path to a field or subtree; when keepKeys is set, must resolve to an object.

            Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-"/:]+$

      • spec.transformations.parseMessage
        object
        Parses the string in the message field (format from sourceFormat) and writes the result to targetLabel as a Vector path with a leading . (default .message; the lone . merges the parsed object into the event root). On parse failure the original message field is left unchanged.
        • spec.transformations.parseMessage.json
          object
          • spec.transformations.parseMessage.json.depth
            integer
            Depth for JSON parsing.

            Allowed values: 1 <= X <= 128

        • spec.transformations.parseMessage.sourceFormat
          string

          Required value

          Message format for converting into an object.

          Allowed values: String, JSON, Klog, SysLog, CLF, Logfmt

        • spec.transformations.parseMessage.string
          object
          Settings for sourceFormat: String. regex and setLabels are required.
          • spec.transformations.parseMessage.string.regex
            string

            Required value

            Regular expression with named capture groups; requires setLabels.

            Pattern: ^[a-zA-Z0-9_\s\\\[\](){}?*+.^$\-=!:,'\"|<>~#/@]+$

          • spec.transformations.parseMessage.string.setLabels
            object

            Required value

            Maps output keys to literals or {{ group_name }} templates.
        • spec.transformations.parseMessage.targetLabel
          string
          Destination path for the parsed value (default .message). The lone value . merges into the event root. Must not be .parsed_data.

          Default: .message

          Pattern: ^(\.|\.[a-zA-Z0-9_\[\]\\\.\-"/:']+)$

          Examples: 


          targetLabel: .message

          targetLabel: .

          targetLabel: .tmp
      • spec.transformations.replaceKeys
        object
        Recursively replaces matches of the source pattern with the target value in the listed paths (labels). Paths use Vector notation with a leading . on each list item.
        • spec.transformations.replaceKeys.labels
          array of strings

          Required value

          Label paths where the replacement runs. Each item must start with . (Vector field path notation, e.g. .pod_labels, .parsed_data).

          Examples: 


          labels: .pod_labels

          labels: .annotations
          • spec.transformations.replaceKeys.labels.Element of the array
            string

            Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-"/:']+$

        • spec.transformations.replaceKeys.source
          string

          Required value

          Pattern used to find matches. Can be a static string or a regular expression (same character set as other regex fields in transformations).

          Pattern: ^[a-zA-Z0-9_\s\\\[\](){}?*+.^$\-=!:,'"|<>~#/@]+$

          Examples: 


          source: .

          source: '^old\.'
        • spec.transformations.replaceKeys.target
          string
          Literal replacement string for matched substrings (not a regex).

          Default: ‘’

          Examples: 


          target: _

          target: ''
      • spec.transformations.replaceValue
        object
        Replace matches of source in each listed scalar string field with target.
        • spec.transformations.replaceValue.labels
          array of strings

          Required value

          Paths to scalar string fields where replacement runs. Each item must start with . (Vector path, e.g. .message, .parsed_data.token).

          Examples: 


          labels: .message

          labels: .parsed_data.line
          • spec.transformations.replaceValue.labels.Element of the array
            string

            Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-"/:']+$

        • spec.transformations.replaceValue.source
          string

          Required value

          Regular expression to search in each scalar field value.

          Pattern: ^[a-zA-Z0-9_\s\\\[\](){}?*+.^$\-=!:,'"|<>~#/@]+$

          Examples: 


          source: '\d+'

          source: '(?P<tok>token=[^\s]+)'
        • spec.transformations.replaceValue.target
          string

          Required value

          Replacement string; may use {{name}} for named capture groups.

          Examples: 


          target: REDACTED

          target: '{{tok}}'
    • spec.type
      string
      Type of a log storage backend.

      Allowed values: Loki, Elasticsearch, Logstash, Vector, Kafka, Splunk, Socket

    • spec.vector
      object
      • spec.vector.endpoint
        string

        Required value

        An address of the Vector instance. API v2 must be used for communication between instances.

        Pattern: ^(.+):([0-9]{1,5})$

      • spec.vector.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.vector.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.vector.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.vector.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.vector.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.vector.tls.clientCrt.keyPass
            string
            Base64-encoded passphrase used to unlock the encrypted key file.
        • spec.vector.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.vector.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.vector.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.vector.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

Describes setting for a log storage, which you can use in many log sources.

metadata.name — is an upstream name, which you should use in custom resource ClusterLoggingConfig.

  • spec
    object
    • spec.buffer
      object
      Buffer parameters.
      • spec.buffer.disk
        object
        Disk buffer parameters.
        • spec.buffer.disk.maxSize
          integer or string

          The maximum size of the buffer on disk. Must be at least ~256MB (268435488 bytes).

          You can express size as a plain integer or as a fixed-point number using one of these quantity suffixes: E, P, T, G, M, k, Ei, Pi, Ti, Gi, Mi, Ki.

          More about resource quantity:

          Pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

          Examples: 


          maxSize: 512Mi

          maxSize: 268435488
      • spec.buffer.memory
        object
        • spec.buffer.memory.maxEvents
          number
          The maximum number of events allowed in the buffer.
      • spec.buffer.type
        string

        Required value

        The type of buffer to use.

        Allowed values: Disk, Memory

      • spec.buffer.whenFull
        string
        Event handling behavior when a buffer is full.

        Default: Block

        Allowed values: DropNewest, Block

    • spec.elasticsearch
      object
      • spec.elasticsearch.auth
        object
        • spec.elasticsearch.auth.awsAccessKey
          string
          Base64-encoded AWS ACCESS_KEY.
        • spec.elasticsearch.auth.awsAssumeRole
          string
          The ARN of an IAM role to assume at startup.
        • spec.elasticsearch.auth.awsRegion
          string
          AWS region for authentication.
        • spec.elasticsearch.auth.awsSecretKey
          string
          Base64-encoded AWS SECRET_KEY.
        • spec.elasticsearch.auth.password
          string
          Base64-encoded Basic authentication password.
        • spec.elasticsearch.auth.strategy
          string
          The authentication strategy to use.

          Default: Basic

          Allowed values: Basic, AWS

        • spec.elasticsearch.auth.user
          string
          The Basic authentication user name.
      • spec.elasticsearch.dataStreamEnabled
        boolean

        Use for storage indexes or datastreams (https://www.elastic.co/guide/en/elasticsearch/reference/master/data-streams.html).

        Datastream usage is better for logs and metrics storage but they works only for Elasticsearch >= 7.16.X.

        Default: false

      • spec.elasticsearch.docType
        string

        The doc_type for your index data. This is only relevant for Elasticsearch <= 6.X.

        • For Elasticsearch >= 7.X you do not need this option since this version has removed doc_type mapping;
        • For Elasticsearch >= 6.X the recommended value is _doc, because using it will make it easy to upgrade to 7.X;
        • For Elasticsearch < 6.X you can’t use a value starting with _ or empty string. Use, for example, values like logs.
      • spec.elasticsearch.endpoint
        string

        Required value

        Base URL of the Elasticsearch instance.
      • spec.elasticsearch.index
        string
        Index name to write events to.
      • spec.elasticsearch.pipeline
        string
        Name of the pipeline to apply.
      • spec.elasticsearch.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.elasticsearch.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.elasticsearch.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.elasticsearch.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.elasticsearch.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.elasticsearch.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.elasticsearch.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.elasticsearch.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.elasticsearch.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host. Specifically the issuer is checked but not CRLs (Certificate Revocation Lists).

          Default: true

        • spec.elasticsearch.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.extraLabels
      object

      A set of labels that will be attached to each batch of events.

      You can use simple templating here: {{ app }}.

      There are some reserved keys:

      • parsed_data
      • pod
      • pod_labels_*
      • pod_ip
      • namespace
      • image
      • container
      • node
      • pod_owner

      More about field path notation…

      Example: 


      app_info: '{{ app }}'
array_member: '{{ array[0] }}'
forwarder: vector
key: value
symbol_escating_value: '{{ pay\.day }}'
    • spec.kafka
      object
      • spec.kafka.bootstrapServers
        array of strings

        Required value

        A list of host and port pairs that are the addresses of the Kafka brokers in a “bootstrap” Kafka cluster that a Kafka client connects to initially to bootstrap itself.

        Default: []

        Example: 


        bootstrapServers:
- 10.14.22.123:9092
- 10.14.23.332:9092
        • spec.kafka.bootstrapServers.Element of the array
          string

          Pattern: ^(.+)\:\d{1,5}$

      • spec.kafka.encoding
        object
        How to encode the message.
        • spec.kafka.encoding.cef
          object
          CEF-specific configuration fields. Only applicable when codec is set to CEF.
          • spec.kafka.encoding.cef.deviceProduct
            string

            Default: log-shipper-agent

            Minimal length: 1

          • spec.kafka.encoding.cef.deviceVendor
            string

            Default: Deckhouse

            Minimal length: 1

          • spec.kafka.encoding.cef.deviceVersion
            string

            Default: 1

            Minimal length: 1

        • spec.kafka.encoding.codec
          string
          Available encoding formats.

          Default: JSON

          Allowed values: JSON, CEF

      • spec.kafka.keyField
        string
        Allows to set the key_field.

        Examples: 


        keyField: host

        keyField: node

        keyField: namespace

        keyField: parsed_data.app_info
      • spec.kafka.sasl
        object
        Configuration for SASL authentication when interacting with Kafka.
        • spec.kafka.sasl.mechanism
          string

          Required value

          The SASL mechanism to use. Only PLAIN and SCRAM-based mechanisms are supported.

          Allowed values: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512

        • spec.kafka.sasl.password
          string

          Required value

          The SASL password.

          Example: 


          password: qwerty
        • spec.kafka.sasl.username
          string

          Required value

          The SASL username.

          Example: 


          username: username
      • spec.kafka.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.kafka.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.kafka.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.kafka.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.kafka.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.kafka.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.kafka.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.kafka.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.kafka.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.kafka.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

      • spec.kafka.topic
        string

        Required value

        The Kafka topic name to write events to. This parameter supports template syntax, which enables you to use dynamic per-event values.

        Examples: 


        topic: logs

        topic: logs-{{unit}}-%Y-%m-%d
    • spec.logstash
      object
      • spec.logstash.endpoint
        string

        Required value

        Base URL of the Logstash instance.
      • spec.logstash.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.logstash.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.logstash.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.logstash.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.logstash.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.logstash.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.logstash.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.logstash.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.logstash.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.logstash.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.loki
      object
      • spec.loki.auth
        object
        • spec.loki.auth.password
          string
          Base64-encoded Basic authentication password.
        • spec.loki.auth.strategy
          string
          The authentication strategy to use.

          Default: Basic

          Allowed values: Basic, Bearer

        • spec.loki.auth.token
          string
          The token to use for Bearer authentication.
        • spec.loki.auth.user
          string
          The Basic authentication user name.
      • spec.loki.endpoint
        string

        Required value

        Base URL of the Loki instance.

        Agent automatically adds /loki/api/v1/push into URL during data transmission.

      • spec.loki.tenantID
        string

        ID of a tenant.

        This option is used only for GrafanaCloud. When running Loki locally, a tenant ID is not required.

      • spec.loki.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.loki.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.loki.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.loki.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.loki.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.loki.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.loki.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.loki.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.loki.tls.verifyCertificate
          boolean

          Validate the TLS certificate of the remote host.

          If set to false, the certificate is not checked in the Certificate Revocation Lists.

          Default: true

        • spec.loki.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.rateLimit
      object
      Parameter for limiting the flow of events.
      • spec.rateLimit.excludes
        array of objects

        List of excludes for keyField.

        Only NOT matched log entries would be rate limited.

        Examples: 


        field: tier
operator: Exists

        field: foo
operator: NotIn
values:
- dev
- 42.0
- 'true'
- '3.14'

        field: bar
operator: Regex
values:
- ^abc
- '^\d.+$'
        • spec.rateLimit.excludes.field
          string
          Field name for filtering.
        • spec.rateLimit.excludes.operator
          string

          Operator for log field comparations:

          • In — finds a substring in a string.
          • NotIn — is a negative version of the In operator.
          • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
          • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
          • Exists — drops log event if it contains some fields.
          • DoesNotExist — drops log event if it does not contain some fields.

          Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

        • spec.rateLimit.excludes.values
          array

          Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

          Fields a with float or boolean values will be converted to strings during comparison.

      • spec.rateLimit.keyField
        string
        The name of the log field whose value will be hashed to determine if the event should be rate limited.
      • spec.rateLimit.linesPerMinute
        number

        Required value

        The number of records per minute.
    • spec.socket
      object
      • spec.socket.address
        string

        Required value

        Address of the socket.

        Pattern: ^.*:[1-9][0-9]+$

      • spec.socket.encoding
        object
        How to encode the message.
        • spec.socket.encoding.cef
          object
          CEF-specific configuration fields. Only applicable when codec is set to CEF.
          • spec.socket.encoding.cef.deviceProduct
            string

            Default: log-shipper-agent

            Minimal length: 1

          • spec.socket.encoding.cef.deviceVendor
            string

            Default: Deckhouse

            Minimal length: 1

          • spec.socket.encoding.cef.deviceVersion
            string

            Default: 1

            Minimal length: 1

        • spec.socket.encoding.codec
          string
          Available encoding formats.

          Default: JSON

          Allowed values: Text, JSON, Syslog, CEF, GELF

      • spec.socket.mode
        string

        Required value

        Allowed values: TCP, UDP

      • spec.socket.tcp
        object
        • spec.socket.tcp.tls
          object
          Configures the TLS options for outgoing connections.
          • spec.socket.tcp.tls.caFile
            string
            Base64-encoded CA certificate in PEM format.
          • spec.socket.tcp.tls.clientCrt
            object
            Configures the client certificate for outgoing connections.
            • spec.socket.tcp.tls.clientCrt.crtFile
              string

              Required value

              Base64-encoded certificate in PEM format.

              You must also set the keyFile parameter.

            • spec.socket.tcp.tls.clientCrt.keyFile
              string

              Required value

              Base64-encoded private key in PEM format (PKCS#8).

              You must also set the crtFile parameter.

            • spec.socket.tcp.tls.clientCrt.keyPass
              string
              Base64-encoded pass phrase used to unlock the encrypted key file.
          • spec.socket.tcp.tls.secretRef
            object
            Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
            • spec.socket.tcp.tls.secretRef.name
              string
              Name of the Secret with TLS certificates.
        • spec.socket.tcp.verifyCertificate
          boolean

          Validate the TLS certificate of the remote host.

          If set to false, the certificate is not checked in the Certificate Revocation Lists.

          Default: true

        • spec.socket.tcp.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

    • spec.splunk
      object
      • spec.splunk.endpoint
        string

        Required value

        Base URL of the Splunk instance.

        Example: 


        endpoint: https://http-inputs-hec.splunkcloud.com
      • spec.splunk.index
        string
        Index name to write events to.
      • spec.splunk.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.splunk.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.splunk.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.splunk.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.splunk.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.splunk.tls.clientCrt.keyPass
            string
            Base64-encoded pass phrase used to unlock the encrypted key file.
        • spec.splunk.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.splunk.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.splunk.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.splunk.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

      • spec.splunk.token
        string

        Required value

        Default Splunk HEC token. If an event has a token set in its metadata, it will have priority over the one set here.
    • spec.transformations
      array of objects

      List of transformations that can be applied to logs before sending them to the destination.

      Available options:

      • ReplaceKeys: Replaces source with target in the specified label keys.

        Example:

        transformations:
- action: ReplaceKeys
  replaceKeys:
    source: "."
    target: "_"
    labels:
      - .pod_labels

      • ParseMessage: Converts the message field from the format specified in sourceFormat into an object. If conversion fails, the message field remains unchanged.

        Examples:

        transformations:
- action: ParseMessage
  parseMessage:
    sourceFormat: String
    string:
      regex: "^(?P&lt;msg&gt;.*)$"
      setLabels:
        msg: "{{ msg }}"
        transformations:
- action: ParseMessage
  parseMessage:
    sourceFormat: Klog
- action: ParseMessage
  parseMessage:
    sourceFormat: JSON
    json:
      depth: 1
- action: ParseMessage
  parseMessage:
    sourceFormat: String
    string:
      regex: "^(?P&lt;msg&gt;.*)$"
      setLabels:
        msg: "{{ msg }}"

      • DropLabels: Removes the specified labels.

        Example:

        transformations:
- action: DropLabels
  dropLabels:
    labels:
      - .first
      - .second
      • spec.transformations.action
        string
        Type of a transformation.

        Allowed values: ReplaceKeys, ParseMessage, DropLabels, AddLabels, ReplaceValue

      • spec.transformations.addLabels
        object
        • spec.transformations.addLabels.setLabels
          object

          Required value

        • spec.transformations.addLabels.when
          array of strings
          • spec.transformations.addLabels.when.Element of the array
            string

            Pattern: ^[a-zA-Z0-9_\s\\\[\](){}?*+.^$\-=!:,'"|<>~#/@]+$

      • spec.transformations.dropLabels
        object
        Removes the specified labels.
        • spec.transformations.dropLabels.labels
          array of strings
          List of labels to remove.
          • spec.transformations.dropLabels.labels.Element of the array
            string

            Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-]+$

        • spec.transformations.dropLabels.paths
          array of objects
          List of path entries matching v1alpha2 dropLabels.labels.
          • spec.transformations.dropLabels.paths.keepKeys
            array of strings
            • spec.transformations.dropLabels.paths.keepKeys.Element of the array
              string

              Pattern: ^[a-zA-Z0-9_.\-/]+$

          • spec.transformations.dropLabels.paths.label
            string

            Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-]+$

      • spec.transformations.parseMessage
        object
        Converts the message field into an object.
        • spec.transformations.parseMessage.json
          object
          • spec.transformations.parseMessage.json.depth
            integer
            Depth for JSON parsing.

            Allowed values: 1 <= X <= 128

        • spec.transformations.parseMessage.sourceFormat
          string

          Required value

          Message format for converting into an object.

          Allowed values: String, JSON, Klog, SysLog, CLF, Logfmt

        • spec.transformations.parseMessage.string
          object
          • spec.transformations.parseMessage.string.regex
            string
            Regular expression with named capture groups.

            Pattern: ^[a-zA-Z0-9_\s\\\[\](){}?*+.^$\-=!:,'\"|<>~#/@]+$

          • spec.transformations.parseMessage.string.setLabels
            object
            Maps output keys to literals or {{ group_name }} templates.
          • spec.transformations.parseMessage.string.targetField
            string
            Target field where the structured message is placed.

            Pattern: ^[a-zA-Z0-9_\\\.\-]+$

        • spec.transformations.parseMessage.targetLabel
          string
          Destination path for the parsed value.

          Default: .message

          Pattern: ^(\.|\.[a-zA-Z0-9_\[\]\\\.\-"/:']+)$

      • spec.transformations.replaceKeys
        object
        Recursive replacement of all matches of the source pattern with the target value in the specified labels.
        • spec.transformations.replaceKeys.labels
          array of strings

          Required value

          List of labels in which the recursive replacement will be performed.
          • spec.transformations.replaceKeys.labels.Element of the array
            string

            Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-]+$

        • spec.transformations.replaceKeys.source
          string

          Required value

          Pattern used to find matches. Can be a static string or a regular expression.
        • spec.transformations.replaceKeys.target
          string
          Value that replaces all matches of the pattern.

          Default: ‘’

      • spec.transformations.replaceValue
        object
        • spec.transformations.replaceValue.labels
          array of strings

          Required value

          • spec.transformations.replaceValue.labels.Element of the array
            string

            Pattern: ^\.[a-zA-Z0-9_\[\]\\\.\-"/:']+$

        • spec.transformations.replaceValue.source
          string

          Required value

          Pattern: ^[a-zA-Z0-9_\s\\\[\](){}?*+.^$\-=!:,'"|<>~#/@]+$

        • spec.transformations.replaceValue.target
          string

          Required value

    • spec.type
      string
      Type of a log storage backend.

      Allowed values: Loki, Elasticsearch, Logstash, Vector, Kafka, Splunk, Socket

    • spec.vector
      object
      • spec.vector.endpoint
        string

        Required value

        An address of the Vector instance. API v2 must be used for communication between instances.

        Pattern: ^(.+):([0-9]{1,5})$

      • spec.vector.tls
        object
        Configures the TLS options for outgoing connections.
        • spec.vector.tls.caFile
          string
          Base64-encoded CA certificate in PEM format.
        • spec.vector.tls.clientCrt
          object
          Configures the client certificate for outgoing connections.
          • spec.vector.tls.clientCrt.crtFile
            string

            Required value

            Base64-encoded certificate in PEM format.

            You must also set the keyFile parameter.

          • spec.vector.tls.clientCrt.keyFile
            string

            Required value

            Base64-encoded private key in PEM format (PKCS#8).

            You must also set the crtFile parameter.

          • spec.vector.tls.clientCrt.keyPass
            string
            Base64-encoded passphrase used to unlock the encrypted key file.
        • spec.vector.tls.secretRef
          object
          Reference to a Kubernetes Secret containing the CA certificate (ca.pem), client certificate (crt.pem), private key (key.pem) and key pass (keyPass) in Base64-encoded PEM format. If specified, TLS settings are overridden with values from the secret. Secret should be located in d8-log-shipper namespace and have log-shipper.deckhouse.io/watch-secret: true label.
          • spec.vector.tls.secretRef.name
            string
            Name of the Secret with TLS certificates.
        • spec.vector.tls.verifyCertificate
          boolean
          Validate the TLS certificate of the remote host.

          Default: true

        • spec.vector.tls.verifyHostname
          boolean
          Verifies that the name of the remote host matches the name specified in the remote host’s TLS certificate.

          Default: true

ClusterLoggingConfig

Scope: Cluster

v1alpha2 v1alpha1

Describes a log source in log-pipeline.

Each custom resource ClusterLoggingConfig describes rules for log fetching from cluster.

  • spec
    object
    • spec.destinationRefs
      array of strings

      Required value

      Array of ClusterLogDestination custom resource names which this source will output with.

      Fields with float or boolean values will be converted to strings.

    • spec.file
      object
      Describes a rule for collecting logs from files on a node.
      • spec.file.exclude
        array of strings

        Array of file patterns to exclude when collecting logs.

        Wildcards are supported.

        Examples: 


        exclude: /var/log/nginx/error.log

        exclude: /var/log/audit.log
      • spec.file.include
        array of strings

        Array of file patterns to include.

        Wildcards are supported

        Examples: 


        include: /var/log/*.log

        include: /var/log/nginx/*.log
      • spec.file.lineDelimiter
        string
        String sequence used to separate one file line from another.

        Example: 


        lineDelimiter: '\r\n'
    • spec.kubernetesPods
      object
      Describes a rule for collecting logs from the cluster’s pods.
      • spec.kubernetesPods.keepDeletedFilesOpenedFor
        string

        Specifies the time to keep deleted files opened for reading. Vector will keep pods metadata for this time as well to read logs from deleted pods. This option is useful in cases of a log storage unavailability or a network partition. Vector will keep log files opened until finally sending them to the destination.

        Enabling this option may affect the resource consumption of the Vector and also flood a disk with deleted logs. Use it with caution.

        The format is a string containing the time unit in hours and minutes: 30m, 1h, 2h30m, 24h.

        Pattern: ^([0-9]+h([0-9]+m)?|[0-9]+m)$

      • spec.kubernetesPods.labelSelector
        object

        Specifies the label selector to filter Pods with.

        You can get more into here.

        • spec.kubernetesPods.labelSelector.matchExpressions
          array of objects
          List of label expressions for Pods.

          Example: 


          matchExpressions:
- key: tier
  operator: In
  values:
  - production
  - staging
- key: tier
  operator: NotIn
  values:
  - production
          • spec.kubernetesPods.labelSelector.matchExpressions.key
            string
            A label name.
          • spec.kubernetesPods.labelSelector.matchExpressions.operator
            string
            A comparison operator.

            Allowed values: In, NotIn, Exists, DoesNotExist

          • spec.kubernetesPods.labelSelector.matchExpressions.values
            array of strings
            A label value.
            • spec.kubernetesPods.labelSelector.matchExpressions.values.Element of the array
              string

              Length: 1..63

              Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

        • spec.kubernetesPods.labelSelector.matchLabels
          object
          List of labels which Pod should have.

          Example: 


          baz: who
foo: bar
      • spec.kubernetesPods.namespaceSelector
        object

        Specifies the namespace selector to filter Pods with.

        The filter uses the labelSelector parameter to determine the namespaces from which logs should be collected.

        • spec.kubernetesPods.namespaceSelector.labelSelector
          object

          Specifies the label selector to filter namespaces from which logs should be collected.

          You can get more into here.

          • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions
            array of objects
            List of label expressions that a namespace should have to qualify for the filter condition.

            Example: 


            matchExpressions:
- key: tier
  operator: In
  values:
  - production
  - staging
            • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.key
              string
              A label name.
            • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.operator
              string
              A comparison operator.

              Allowed values: In, NotIn, Exists, DoesNotExist

            • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.values
              array of strings
              A label value.
              • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.values.Element of the array
                string

                Length: 1..63

                Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

          • spec.kubernetesPods.namespaceSelector.labelSelector.matchLabels
            object
            List of labels that a namespace should have to qualify for the filter condition.

            Example: 


            baz: who
foo: bar
    • spec.labelFilter
      array of objects
      Rules to filter log lines by their metadata labels.

      Example: 


      labelFilter:
- field: container
  operator: In
  values:
  - nginx
- field: pod_labels.tier
  operator: Regex
  values:
  - prod-.+
  - stage-.+
      • spec.labelFilter.field
        string

        Label name for filtering.

        Must not be empty.

        Pattern: .+

      • spec.labelFilter.operator
        string

        Operator for log field comparations:

        • In — finds a substring in a string.
        • NotIn — is a negative version of the In operator.
        • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
        • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
        • Exists — drops log event if it contains some fields.
        • DoesNotExist — drops log event if it does not contain some fields.

        Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

      • spec.labelFilter.values
        array

        Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

        Fields a with float or boolean values will be converted to strings during comparison.

    • spec.logFilter
      array of objects

      A list of filters for logs that are applied to messages in JSON format.

      Only matched lines would be stored to log destination.

      Example: 


      logFilter:
- field: tier
  operator: Exists
- field: foo
  operator: NotIn
  values:
  - dev
  - 42
  - 'true'
  - '3.14'
- field: bar
  operator: Regex
  values:
  - ^abc
  - '^\d.+$'
      • spec.logFilter.field
        string
        Field name for filtering. It should be empty for non-JSON messages.
      • spec.logFilter.operator
        string

        Operator for log field comparations:

        • In — finds a substring in a string.
        • NotIn — is a negative version of the In operator.
        • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
        • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
        • Exists — drops log event if it contains some fields.
        • DoesNotExist — drops log event if it does not contain some fields.

        Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

      • spec.logFilter.values
        array

        Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

        Fields a with float or boolean values will be converted to strings during comparison.

    • spec.multilineParser
      object
      Multiline parser for different patterns.
      • spec.multilineParser.custom
        object
        Multiline parser custom regex rules.
        • spec.multilineParser.custom.endsWhen
          object
          It’s a condition to distinguish the last log line of multiline log.
          • spec.multilineParser.custom.endsWhen.notRegex
            string
            Regex string, which treats as match only strings that DOESN’T match regex.
          • spec.multilineParser.custom.endsWhen.regex
            string
            Regex string, which treats as match only strings that match regex.
        • spec.multilineParser.custom.startsWhen
          object
          It’s a condition to distinguish the first log line of multiline log.
          • spec.multilineParser.custom.startsWhen.notRegex
            string
            Regex string, which treats as match only strings that DOESN’T match regex.
          • spec.multilineParser.custom.startsWhen.regex
            string
            Regex string, which treats as match only strings that match regex.
      • spec.multilineParser.type
        string

        Required value

        Parser types:

        • None — do not parse logs.
        • General — tries to match general multiline logs with space or tabulation on extra lines.
        • Backslash — tries to match bash style logs with backslash on all lines except the last event line.
        • LogWithTime — tries to detect events by timestamp.
        • MultilineJSON — tries to match JSON logs, assuming the event starts with the { symbol.
        • Custom - tries to match logs with the user provided regex in spec.multilineParser.custom field.

        Default: None

        Allowed values: None, General, Backslash, LogWithTime, MultilineJSON, Custom

    • spec.type
      string

      Required value

      Set on of possible input sources.

      KubernetesPods source reads logs from Kubernetes Pods.

      File source reads local file from node filesystem.

      Allowed values: KubernetesPods, File

Describes a log source in log-pipeline.

Each custom resource ClusterLoggingConfig describes rules for log fetching from cluster.

  • spec
    object
    • spec.destinationRefs
      array of strings

      Required value

      Array of ClusterLogDestination custom resource names which this source will output with.

      Fields with float or boolean values will be converted to strings.

    • spec.file
      object
      Describes a rule for collecting logs from files on a node.
      • spec.file.exclude
        array of strings

        Array of file patterns to exclude when collecting logs.

        Wildcards are supported.

        Examples: 


        exclude: /var/log/nginx/error.log

        exclude: /var/log/audit.log
      • spec.file.include
        array of strings

        Array of file patterns to include.

        Wildcards are supported

        Examples: 


        include: /var/log/*.log

        include: /var/log/nginx/*.log
      • spec.file.lineDelimiter
        string
        String sequence used to separate one file line from another.

        Example: 


        lineDelimiter: '\r\n'
    • spec.kubernetesPods
      object
      Describes a rule for collecting logs from the cluster’s pods.
      • spec.kubernetesPods.keepDeletedFilesOpenedFor
        string

        Specifies the time to keep deleted files opened for reading. Vector will keep pods metadata for this time as well to read logs from deleted pods. This option is useful in cases of a log storage unavailability or a network partition. Vector will keep log files opened until finally sending them to the destination.

        Enabling this option may affect the resource consumption of the Vector and also flood a disk with deleted logs. Use it with caution.

        The format is a string containing the time unit in hours and minutes: 30m, 1h, 2h30m, 24h.

        Pattern: ^([0-9]+h([0-9]+m)?|[0-9]+m)$

      • spec.kubernetesPods.labelSelector
        object

        Specifies the label selector to filter Pods with.

        You can get more into here.

        • spec.kubernetesPods.labelSelector.matchExpressions
          array of objects
          List of label expressions for Pods.

          Example: 


          matchExpressions:
- key: tier
  operator: In
  values:
  - production
  - staging
- key: tier
  operator: NotIn
  values:
  - production
          • spec.kubernetesPods.labelSelector.matchExpressions.key
            string
            A label name.
          • spec.kubernetesPods.labelSelector.matchExpressions.operator
            string
            A comparison operator.

            Allowed values: In, NotIn, Exists, DoesNotExist

          • spec.kubernetesPods.labelSelector.matchExpressions.values
            array of strings
            A label value.
            • spec.kubernetesPods.labelSelector.matchExpressions.values.Element of the array
              string

              Length: 1..63

              Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

        • spec.kubernetesPods.labelSelector.matchLabels
          object
          List of labels which Pod should have.

          Example: 


          baz: who
foo: bar
      • spec.kubernetesPods.namespaceSelector
        object

        Specifies the namespace selector to filter Pods with.

        The filter can use one of the three available ways to set the condition (parameters matchNames, excludeNames, labelSelector)

        • spec.kubernetesPods.namespaceSelector.excludeNames
          array of strings
          A list of namespaces, from the pods of which you need to exclude the collection of logs, but collect from the rest.
        • spec.kubernetesPods.namespaceSelector.labelSelector
          object

          Specifies the label selector to filter namespaces from which logs should be collected.

          You can get more into here.

          • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions
            array of objects
            List of label expressions that a namespace should have to qualify for the filter condition.

            Example: 


            matchExpressions:
- key: tier
  operator: In
  values:
  - production
  - staging
            • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.key
              string
              A label name.
            • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.operator
              string
              A comparison operator.

              Allowed values: In, NotIn, Exists, DoesNotExist

            • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.values
              array of strings
              A label value.
              • spec.kubernetesPods.namespaceSelector.labelSelector.matchExpressions.values.Element of the array
                string

                Length: 1..63

                Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

          • spec.kubernetesPods.namespaceSelector.labelSelector.matchLabels
            object
            List of labels that a namespace should have to qualify for the filter condition.

            Example: 


            baz: who
foo: bar
        • spec.kubernetesPods.namespaceSelector.matchNames
          array of strings
          A list of namespaces from whose pods logs should be collected.
    • spec.labelFilter
      array of objects
      Rules to filter log lines by their metadata labels.

      Example: 


      labelFilter:
- field: container
  operator: In
  values:
  - nginx
- field: pod_labels.tier
  operator: Regex
  values:
  - prod-.+
  - stage-.+
      • spec.labelFilter.field
        string

        Label name for filtering.

        Must not be empty.

        Pattern: .+

      • spec.labelFilter.operator
        string

        Operator for log field comparations:

        • In — finds a substring in a string.
        • NotIn — is a negative version of the In operator.
        • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
        • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
        • Exists — drops log event if it contains some fields.
        • DoesNotExist — drops log event if it does not contain some fields.

        Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

      • spec.labelFilter.values
        array

        Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

        Fields a with float or boolean values will be converted to strings during comparison.

    • spec.logFilter
      array of objects

      A list of filters for logs that are applied to messages in JSON format.

      Only matched lines would be stored to log destination.

      Example: 


      logFilter:
- field: tier
  operator: Exists
- field: foo
  operator: NotIn
  values:
  - dev
  - 42
  - 'true'
  - '3.14'
- field: bar
  operator: Regex
  values:
  - ^abc
  - '^\d.+$'
      • spec.logFilter.field
        string
        Field name for filtering. It should be empty for non-JSON messages.
      • spec.logFilter.operator
        string

        Operator for log field comparations:

        • In — finds a substring in a string.
        • NotIn — is a negative version of the In operator.
        • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
        • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
        • Exists — drops log event if it contains some fields.
        • DoesNotExist — drops log event if it does not contain some fields.

        Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

      • spec.logFilter.values
        array

        Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

        Fields a with float or boolean values will be converted to strings during comparison.

    • spec.multilineParser
      object
      Multiline parser for different patterns.
      • spec.multilineParser.custom
        object
        Multiline parser custom regex rules.
        • spec.multilineParser.custom.endsWhen
          object
          It’s a condition to distinguish the last log line of multiline log.
          • spec.multilineParser.custom.endsWhen.notRegex
            string
            Regex string, which treats as match only strings that DOESN’T match regex.
          • spec.multilineParser.custom.endsWhen.regex
            string
            Regex string, which treats as match only strings that match regex.
        • spec.multilineParser.custom.startsWhen
          object
          It’s a condition to distinguish the first log line of multiline log.
          • spec.multilineParser.custom.startsWhen.notRegex
            string
            Regex string, which treats as match only strings that DOESN’T match regex.
          • spec.multilineParser.custom.startsWhen.regex
            string
            Regex string, which treats as match only strings that match regex.
      • spec.multilineParser.type
        string

        Required value

        Parser types:

        • None — do not parse logs.
        • General — tries to match general multiline logs with space or tabulation on extra lines.
        • Backslash — tries to match bash style logs with backslash on all lines except the last event line.
        • LogWithTime — tries to detect events by timestamp.
        • MultilineJSON — tries to match JSON logs, assuming the event starts with the { symbol.
        • Custom - tries to match logs with the user provided regex in spec.multilineParser.custom field.

        Default: None

        Allowed values: None, General, Backslash, LogWithTime, MultilineJSON, Custom

    • spec.type
      string

      Required value

      Set on of possible input sources.

      KubernetesPods source reads logs from Kubernetes Pods.

      File source reads local file from node filesystem.

      Allowed values: KubernetesPods, File

PodLoggingConfig

Scope: Namespaced
Version: v1alpha1

Custom resource for namespaced Kubernetes source.

Each custom resource PodLoggingConfig describes rules for log fetching from specified namespace.

  • spec
    object
    • spec.clusterDestinationRefs
      array of strings

      Required value

      Array of ClusterLogDestination custom resource names which this source will output with.
    • spec.keepDeletedFilesOpenedFor
      string

      Specifies the time to keep deleted files opened for reading. Vector will keep pods metadata for this time as well to read logs from deleted pods. This option is useful in cases of a log storage unavailability or a network partition. Vector will keep log files opened until finally sending them to the destination.

      Enabling this option may affect the resource consumption of the Vector and also flood a disk with deleted logs. Use it with caution.

      The format is a string containing the time unit in hours and minutes: 30m, 1h, 2h30m, 24h.

      Pattern: ^([0-9]+h([0-9]+m)?|[0-9]+m)$

    • spec.labelFilter
      array of objects
      Rules to filter log lines by their metadata labels.

      Example: 


      labelFilter:
- field: container
  operator: In
  values:
  - nginx
- field: pod_labels.tier
  operator: Regex
  values:
  - prod-.+
  - stage-.+
- field: message
  operator: Regex
  values:
  - .*search_text.*
      • spec.labelFilter.field
        string

        Label name for filtering.

        Must not be empty.

        Pattern: .+

      • spec.labelFilter.operator
        string

        Operator for log field comparations:

        • In — finds a substring in a string.
        • NotIn — is a negative version of the In operator.
        • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
        • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
        • Exists — drops log event if it contains some fields.
        • DoesNotExist — drops log event if it does not contain some fields.

        Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

      • spec.labelFilter.values
        array

        Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

        Fields with a float or boolean values will be converted to strings during comparison.

    • spec.labelSelector
      object

      Specifies the label selector to filter Pods.

      You can get more into here.

      • spec.labelSelector.matchExpressions
        array of objects
        List of label expressions for Pods.

        Example: 


        matchExpressions:
- key: tier
  operator: In
  values:
  - production
  - staging
        • spec.labelSelector.matchExpressions.key
          string
          A label name.
        • spec.labelSelector.matchExpressions.operator
          string
          A comparison operator.

          Allowed values: In, NotIn, Exists, DoesNotExist

        • spec.labelSelector.matchExpressions.values
          array of strings
          A label value.
          • spec.labelSelector.matchExpressions.values.Element of the array
            string

            Length: 1..63

            Pattern: [a-z0-9]([-a-z0-9]*[a-z0-9])?

      • spec.labelSelector.matchLabels
        object
        List of labels which Pod should have.

        Example: 


        baz: who
foo: bar
    • spec.logFilter
      array of objects

      A list of filters for logs that are applied to messages in JSON format.

      Only matched lines would be stored to log destination.

      Example: 


      logFilter:
- field: tier
  operator: Exists
- field: foo
  operator: NotIn
  values:
  - dev
  - 42
  - 'true'
  - '3.14'
- field: bar
  operator: Regex
  values:
  - ^abc
  - '^\d.+$'
      • spec.logFilter.field
        string
        Field name for filtering. It should be empty for non-JSON messages.
      • spec.logFilter.operator
        string

        Operator for log field comparations:

        • In — finds a substring in a string.
        • NotIn — is a negative version of the In operator.
        • Regex — is trying to match regexp over the field; only log events with matching fields will pass.
        • NotRegex — is a negative version of the Regex operator; log events without fields or with not matched fields will pass.
        • Exists — drops log event if it contains some fields.
        • DoesNotExist — drops log event if it does not contain some fields.

        Allowed values: In, NotIn, Regex, NotRegex, Exists, DoesNotExist

      • spec.logFilter.values
        array

        Array of values or regexes for corresponding operations. Does not work for Exists and DoesNotExist operations.

        Fields a with float or boolean values will be converted to strings during comparison.

    • spec.multilineParser
      object
      Multiline parser for different patterns.
      • spec.multilineParser.custom
        object
        Multiline parser custom regex rules.
        • spec.multilineParser.custom.endsWhen
          object
          It’s a condition to distinguish the last log line of the multiline log.
          • spec.multilineParser.custom.endsWhen.notRegex
            string
            Regex string, which treats as match only strings that DON’T match the regex.
          • spec.multilineParser.custom.endsWhen.regex
            string
            Regex string, which treats as match only strings that match the regex.
        • spec.multilineParser.custom.startsWhen
          object
          It’s a condition to distinguish the first log line of multiline log.
          • spec.multilineParser.custom.startsWhen.notRegex
            string
            Regex string, which treats as match only strings that DON’T match the regex.
          • spec.multilineParser.custom.startsWhen.regex
            string
            Regex string, which treats as match only strings that match the regex.
      • spec.multilineParser.type
        string

        Required value

        Parser types:

        • None — do not parse logs.
        • General — tries to match general multiline logs with space or tabulation on extra lines.
        • Backslash — tries to match bash style logs with backslash on all lines except the last event line.
        • LogWithTime — tries to detect events by timestamp.
        • MultilineJSON — tries to match JSON logs, assuming the event starts with the { symbol.
        • Custom - tries to match logs with the user provided regex in spec.multilineParser.custom field.

        Default: None

        Allowed values: None, General, Backslash, LogWithTime, MultilineJSON, Custom