I'm running a Container Optimized OS container on GCE with Cloud Logging wired up. The service is installed correctly and I'm getting logs, however the structured logs aren't parsed:
How can I get Cloud Logging to parse the log entry correctly?
Asked
Active
Viewed 475 times
2 Answers
0
You can write structured logs to Logging in several ways by following this official documentation.
By using Logging agent google-fluentd you can parse the JSON Message. This is a Cloud Logging-specific packaging of the Fluentd log data collector. The Logging agent comes with the default Fluentd configuration and uses Fluentd input plugins to pull event logs from external sources such as files on disk, or to parse incoming log records. Refer to this logging agent configuration for more information which helps you in parsing the JSON Message.
Refer to this similar SO1 and SO2 issue which gives you more information in resolving your issue.
Hemanth Kumar
- 2,728
- 1
- 4
- 19
-
I am using `google-fluentd`, which is installed on the container optimized OS automatically as documented [here](https://cloud.google.com/container-optimized-os/docs/how-to/logging). It doesn't correctly parse the logs. – kevmo314 Dec 17 '22 at 08:46
-
Refer to this [agent logging doc](https://cloud.google.com/logging/docs/agent/logging) and also check the [cloud agent doc](https://cloud.google.com/logging/docs/agent/logging/install-index) – Hemanth Kumar Dec 17 '22 at 10:46
-
The cloud agent is installed correctly, as you can tell by the screenshot. – kevmo314 Dec 17 '22 at 15:34
0
For anyone that runs into this issue, it appears the problem has to do with the timestamp format in the time field of the JSON. In particular, RFC3399 timestamps are not accepted. Use ISO 8601 timestamps instead.
This seems to contradict the documentation but a Googler friend of mine confirmed this internally and switching to ISO 8601 timestamps did fix the issue for me.
kevmo314
- 4,223
- 4
- 32
- 43