data-prepper icon indicating copy to clipboard operation
data-prepper copied to clipboard
verified publisher icon opensearch-project

An option to insert invalid parsed log into OpenSearch as it is

Open JoeShi opened this issue 3 years ago • 2 comments

Is your feature request related to a problem? Please describe.

The customer is using a log framework/method to write logs to local files, it may export a function called logFramework.log(level, message), and the log framework will format the log message automatically. However, some new team members forget to use the log framework to output logs and just use the native method to output logs such as console.log(xxxx). So this will result some invalid records in the log files.

{ "time": "XXXX", "msg": "xxxxx", "level": "INFO"}
{ "time": "XXXX", "msg": "yyyyy", "level": "ERROR"}
xxxxx
{ "time": "XXXX", "msg": "xxxxx", "level": "WARNING"}
{ "time": "XXXX", "msg": "zzzzz", "level": "DEBUG"}

I wish the xxxxx can also ben saved to OpenSearch as {"time": "system-time", "message":"xxxxx"} . I can then filter level=NONE to find out all invalid records.

Describe the solution you'd like Offer an option to ingest invalid records as it is.

Describe alternatives you've considered (Optional) A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

JoeShi avatar Jun 08 '22 11:06 JoeShi

@JoeShi , Thank you for the feedback. To clarify, this this for ND-JSON?

dlvenable avatar Jun 08 '22 19:06 dlvenable

Yes.

JoeShi avatar Jun 09 '22 02:06 JoeShi