This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

JSON logs from OneAgent on K8S vs from Log Ingest API

Aymeric_M
Participant

‎03 Jun 2025 05:05 PM - last edited on ‎04 Jun 2025 07:48 AM by Community Team

Hi,

There is a weird difference in Logs New (and also in Classic) between logs in JSON format received from K8S by OneAgent and logs in JSON format received from the Log Ingest API.

The logs from the API seem to be pre-parsed and all the attributes are available as fields for filtering whereas logs from OneAgent are not and we have to switch to DQL query mode and add JSON parsing commands.

Is there a way to have the logs coming from OneAgent pre-parsed ?

Note that I already checked if we have a preprocessing rule that would apply on logs from the API and it is not the case.

I read the documentation ^^
Labels:
0 Kudos
Reply
2 REPLIES 2

AntonPineiro
DynaMight Guru
DynaMight Guru

‎03 Jun 2025 05:34 PM

Hi,

You can use for OpenPipeline processing and parse your logs.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
0 Kudos
Reply

Aymeric_M
Participant
In response to AntonPineiro

‎04 Jun 2025 09:56 AM - edited ‎04 Jun 2025 09:57 AM

Yeah, I know that, but I don't know the content of the logs in advance.
Is there a DQL or DPL command that will extract all the attributes into fileds without the need to declare each and every one ?
So far all the examples in the documentation presuppose that we know the name of the attributes that we want to put into fields.

I read the documentation ^^
0 Kudos
Reply
Ask a question

Featured Posts