Application logs from containers are split into several documents

Question

Application logs from containers are split into several documents

Closed this issue 3 years ago · 3 comments

We've installed the cluster logging with EFK stack on OpenShift 4.6, however, the logs that are coming from containers are displayed as split to several documents. How can we configure it to combine those related parts into a single log?

for example:

{ "x": 1 <--- doc 1
,"y": 2} <--- doc 2

to

{"x": 1, "y": 2}

Answer 1 · 2021-04-11T16:20:40.000Z

CRIO splits logs based on its buffer size. The collector makes an effort to recombine them so there is no configuration change to be made. we are currently adding test cases to address the testing gap.

The concat plugin has a flush setting if it does not see a full message in the configured time. It may be that you see this issue do to the volume of logs flowing.

Answer 2 · 2021-04-12T16:13:43.000Z

https://issues.redhat.com/browse/LOG-899

Answer 3 · 2021-04-12T16:14:21.000Z

Closing. Please reopen if there is additional need