CAUTION:

The Logging operator documentation has been moved to the kube-logging.github.io/docs/ site. This version is unmaintained and probably outdated.

Rewrite

Rewrite filters can be used to modify record contents. Logging operator currently supports the following rewrite functions:

group_unset
rename
set
substitute
unset

Note: All rewrite functions support an optional condition which has the same syntax as the match filter.

Group unset 🔗︎

The group_unset function removes from the record a group of fields matching a pattern.

  filters:
  - rewrite:
    - group_unset:
        pattern: "json.kubernetes.annotations.*"

Rename 🔗︎

The rename function changes the name of an existing field name.

  filters:
  - rewrite:
    - rename:
        oldName: "json.kubernetes.labels.app"
        newName: "json.kubernetes.labels.app.kubernetes.io/name"

Set 🔗︎

The set function sets the value of a field.

  filters:
  - rewrite:
    - set:
        field: "json.kubernetes.cluster"
        value: "prod-us"

Substitute (subst) 🔗︎

The subst function replaces parts of a field with a replacement value based on a pattern.

  filters:
  - rewrite:
    - subst:
        pattern: "\d\d\d\d-\d\d\d\d-\d\d\d\d-\d\d\d\d"
        replace: "[redacted bank card number]"
        field: "MESSAGE"

The function also supports the type and flags fields for specifying pattern type and flags as described in the match expression regexp function.

Unset 🔗︎

You can unset macros or fields of the message.

Note: Unsetting a field completely deletes any previous value of the field.

  filters:
  - rewrite:
    - unset:
        field: "json.kubernetes.cluster"

Configuration 🔗︎

RewriteConfig 🔗︎

group_unset (*GroupUnsetConfig, optional) 🔗︎

Default: -

rename (*RenameConfig, optional) 🔗︎

Default: -

set (*SetConfig, optional) 🔗︎

Default: -

subst (*SubstituteConfig, optional) 🔗︎

Default: -

unset (*UnsetConfig, optional) 🔗︎

Default: -

RenameConfig 🔗︎

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.37/administration-guide/78#TOPIC-1829213

oldName (string, required) 🔗︎

Default: -

newName (string, required) 🔗︎

Default: -

condition (*MatchExpr, optional) 🔗︎

Default: -

SetConfig 🔗︎

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.37/administration-guide/77#TOPIC-1829207

field (string, required) 🔗︎

Default: -

value (string, required) 🔗︎

Default: -

condition (*MatchExpr, optional) 🔗︎

Default: -

SubstituteConfig 🔗︎

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.37/administration-guide/77#TOPIC-1829206

pattern (string, required) 🔗︎

Default: -

replace (string, required) 🔗︎

Default: -

field (string, required) 🔗︎

Default: -

flags ([]string, optional) 🔗︎

Default: -

type (string, optional) 🔗︎

Default: -

condition (*MatchExpr, optional) 🔗︎

Default: -

UnsetConfig 🔗︎

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.37/administration-guide/78#TOPIC-1829212

field (string, required) 🔗︎

Default: -

condition (*MatchExpr, optional) 🔗︎

Default: -

GroupUnsetConfig 🔗︎

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.37/administration-guide/78#TOPIC-1829212

pattern (string, required) 🔗︎

Default: -

condition (*MatchExpr, optional) 🔗︎

Default: -

Edit this page on GitHub