1
2--[[
3process_logs is the starting function that fluent-bit calls
4 - return codes : -1 record must be deleted
5 0 record not modified, keep the original
6 1 record was modified, replace timestamp and record
7 2 record was modified, replace record and keep timestamp
8]]
9
10function process_logs(tag, timestamp, record)
11 local new_record = {}
12 new_record = record
13
14 -- bypass severity filtering by setting log_class=replay
15 new_record["log_class"] = "replay"
16
17 if record["original-log"] then
18 new_record["message"] = record["original-log"]
19 new_record["original-log"] = nil
20
21 -- In the event a replay severity isn't added
22 if record["replay_severity"] == nil then
23 new_record["replay_severity"] = "info"
24 end
25 end
26
27 -- when the logreplay container dumps the original log messages for a pod it also sets an
28 -- "original-time" field which is the time that the original log message was written.
29 -- So we need to take this and set it as the "timestamp" field so that it shows up in
30 -- GCP as the time the log originally occurred rather than the time the log was replayed.
31 if record["original-time"] then
32 return 1, record["original-time"], new_record
33 else
34 return 2, timestamp, new_record
35 end
36end
37
38--[[
39 return a table of functions here so we can import them in unit tests
40 ]]
41 return {
42 process_logs = process_logs,
43 }
44 View as plain text