From 9bca7bf26e3835df64c54947a3da2aa03bbd1b90 Mon Sep 17 00:00:00 2001
From: Greg Smith <65406958+gsmith-sas@users.noreply.github.com>
Date: Mon, 1 Apr 2024 13:20:51 -0400
Subject: [PATCH] Improvements in log message processing (#622)

* [FIX] Parser for consul messages
* [CHANGE] Add support for REDIS log messages
* [CHANGE] Add support for Calico log messages
---
 CHANGELOG.md                                  |  7 +++++
 ...luent-bit_config.configmap_opensearch.yaml | 28 +++++++++++++++----
 logging/fb/viya-parsers.conf                  | 21 ++++++++++++--
 3 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4353c82a..488cfa42 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # SAS Viya Monitoring for Kubernetes
 
+## unreleased
+* **Logging**
+  * [FIX] Corrected parser definition for Consul messages to eliminate ERROR/WARNING messages in Fluent Bit pod logs
+  * [CHANGE] Added parser/processing for Redis log messsages
+  * [CHANGE] Added parser/processing for Calico (CNI) log messsages
+
+
 ## Version 1.2.23 (19MAR2024)
 * **Overall**
   * [CHANGE] Drop support for OpenShift 4.11; the minimum supported version of OpenShift is now 4.12.
diff --git a/logging/fb/fluent-bit_config.configmap_opensearch.yaml b/logging/fb/fluent-bit_config.configmap_opensearch.yaml
index f508f23c..1a0c39a8 100644
--- a/logging/fb/fluent-bit_config.configmap_opensearch.yaml
+++ b/logging/fb/fluent-bit_config.configmap_opensearch.yaml
@@ -6,7 +6,7 @@ data:
     [FILTER]
        Name modify
        Match *
-       Set  fb_configMap_version 0.2.25
+       Set  fb_configMap_version 0.2.26J
        #Set clusterID NOT_SET
        # initialized to N to force level standardization
        Set  __temp_level_fixed   N
@@ -718,7 +718,24 @@ data:
        Condition       Key_value_matches  flagged4parsing s2operator
        Rename          source      PROPS__source
        Rename          component   PROPS__component
-
+    [FILTER]
+       #
+       # Redis
+       #
+       Alias           flag_redis_msgs
+       Name            modify
+       Match           kube.*
+       Condition       Key_value_matches   temp_k8sapp_name sas-redis-server|sas-airflow-redis
+       Copy            message   redis_message
+       Rename          message   unparsed_message
+       Add             flagged4parsing redis
+    [FILTER]
+       Alias           parse_redis_msgs
+       Name            parser
+       Match           kube.*
+       Key_name        redis_message
+       Parser          redis
+       Reserve_Data    On
     [FILTER]
        #
        # Zalando (Postgres)
@@ -776,6 +793,7 @@ data:
        Parser          misc6
        Parser          misc7
        Parser          misc8
+       Parser          calico
        Parser          collectapiT
        Parser          collectapi
        Parser          haproxy_default
@@ -835,7 +853,7 @@ data:
        Alias          fix_level_debug
        Name           modify
        Match          *
-       Condition      Key_value_matches level (?i:DEBUG)|(?:\AD\z)|(?i:hint)|(?i:fine)|(?i:DBG)|(?i:DETAIL)
+       Condition      Key_value_matches level (?i:DEBUG)|(?:\AD\z)|(?i:hint)|(?i:fine)|(?i:DBG)|(?i:DETAIL)|(\.)
        Set            level DEBUG
        Set            __temp_level_fixed   Y
     [FILTER]
@@ -862,7 +880,7 @@ data:
        Name           modify
        Match          *
        Condition      Key_value_does_not_equal __temp_level_fixed Y
-       Condition      Key_value_matches level (?i:inf\w*)|(?i:note\w*)|(?i:log\w*)|(?:\AI\z)|(?i:Normal)|(?i:notice)
+       Condition      Key_value_matches level (?i:inf\w*)|(?i:note\w*)|(?i:log\w*)|(?:\AI\z)|(?i:Normal)|(?i:notice)|(-)|(\*)
        Set            level INFO
        Set            __temp_level_fixed   Y
     [FILTER]
@@ -889,7 +907,7 @@ data:
        Name           modify
        Match          *
        Condition      Key_value_does_not_equal __temp_level_fixed Y
-       Condition      Key_value_matches level (?i:war\w*)|(?:\AW\z)|(?i:wrn\w*)
+       Condition      Key_value_matches level (?i:war\w*)|(?:\AW\z)|(?i:wrn\w*)|(#)
        Set            level WARNING
        Set            __temp_level_fixed   Y
     [FILTER]
diff --git a/logging/fb/viya-parsers.conf b/logging/fb/viya-parsers.conf
index 1ee434a9..171bf66b 100644
--- a/logging/fb/viya-parsers.conf
+++ b/logging/fb/viya-parsers.conf
@@ -1,4 +1,4 @@
-# Version 1.9.10
+# Version 1.9.11-snapshot3
 [PARSER]
        Name          consul
        Format        regex
@@ -11,7 +11,7 @@
        Format        regex
        Regex (?<timestamp>\d{4}-\d{2}-\d{2}T(\d{2}:?){3}\.\d{3})Z \[(?<level>\w+)\]\s+(?<message>.*)
        Time_Key      timestamp
-       Time_format   %Y-%m-%dT%H:%M:%S.%L%Z
+       Time_format   %Y-%m-%dT%H:%M:%S.%L
 [PARSER]
        Name          consul_telemetry
        Format        regex
@@ -344,3 +344,20 @@
        regex         (?<timestamp>\d{4}(-\d{2}){2} (\d{2}:?){3},\d{3})\s+-\s(?<message>(?<phase>\w+)\s+-\s(?<level>\w+)\s+-\s+.*)
        Time_Key      timestamp
        Time_format   %Y-%m-%d %H:%M:%S,%L
+[PARSER]
+       Name          redis
+       # Redis
+       # Example: 71:S 18 Mar 2024 14:14:11.269 * Background append only file rewriting started by pid 143
+       # NOTE: Redis log messages use special characters to indicate message level
+       Format        regex
+       Regex \S+\s(?<timestamp>\d\d?\s[A-Z][a-z]{2}\s\d{4}\s(\d\d:?){3}\.\d{3})\s(?<level>\S)\s(?<message>.+)
+       Time_Key      timestamp
+       Time_format   %d %b %Y %T.%L
+[PARSER]
+       Name          calico
+       # Calico
+       # Example: 2024-03-21 15:56:07.077 [INFO][78] felix/status_combiner.go 98: Reporting combined status. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"d73310/sas-crunchy-platform-postgres-00-njfn-0", EndpointId:"eth0"} status="up"
+       Format        regex
+       Regex  (?<timestamp>\d{4}(-\d{2}){2} (\d{2}:?){3}\.\d{3})\s\[(?<level>[A-Z]+)\](?<message>.+)
+       Time_Key      timestamp
+       Time_format   %F% %T.%L