CODEWITHSUNDEEP
azurelogstash-grokdatadogazure-container-appsdatadog-dashboard
MetaCoder
MetaCoder

Reputation: 478

Datadog - Grok / Pipeline nested JSON

I currently have multiple container app deployed on Azure running Spring Boot and NodeJS api's.

I'm trying to get my api logs (standard out) into Datadog in a readable format via dashboards etc. For context the logs from the api are in JSON format.

I'm at the point now where I have the logs going into Datadog but I need to extract my api logs from the raw container logs.

When I look at the raw logs being ingested they look like so:

{
  "category": "ContainerAppConsoleLogs",
  "location": "eastus",
  "operationName": "Microsoft.App/managedEnvironments/WRITE",
  "properties": {
    "ContainerAppName": "acme-production-us",
    "ContainerGroupId": "22daec34-9810-418f-bbc5-3a51a5539ec9",
    "ContainerGroupName": "acme-production-us--2mzpob1-84468799fd-g7r7g",
    "ContainerId": "71f09ba14016320835833cc215c6705088a3347416e7cad3c05aaee1a4515532",
    "ContainerImage": "acmeCorptechcontainerregistry.azurecr.io/acme:3a109027bf8ac50727fc60965c2d774720ad7d34",
    "ContainerName": "acme-production-us",
    "EnvironmentName": "willowTreeer-0dfe33d8",
    "Log": {
      "@timestamp": "2024-05-31T17:46:52.230392057Z",
      "logLevel": "INFO",
      "service": "",
      "traceId": "665a0d0bf5926fed7b3dfce2f4c7bd38",
      "spanId": "872e279a61c0eeb1",
      "parentSpanId": "",
      "thread": "http-nio-8080-exec-5",
      "logger": "com.acmeCorp.user.service.referral.ReferralService",
      "operation": "",
      "clientId": "",
      "status": "",
      "response_time": "",
      "response_code": "",
      "level": "INFO",
      "logger_name": "com.acmeCorp.user.service.referral.ReferralService",
      "message": "Fetching referral code for client ACBD1234",
      "thread_name": "http-nio-8080-exec-5"
    },
    "RevisionName": "acme-production-us--asd23",
    "Stream": "stdout"
  },
  "resourceId": "/SUBSCRIPTIONS/acme-sub0id/RESOURCEGROUPS/acmeCorp-TECH-US/PROVIDERS/MICROSOFT.APP/MANAGEDENVIRONMENTS/acmeCorp-TECH-APP-ENV-PROD-US",
  "service": "azure",
  "time": "2024-05-31T17:46:52.230511473Z"
}

From this what I'm interested in is getting the "log" field out but when I try a simple Grok in the Datadog pipeline editor the JSON returned is all escaped

rule %{data::keyvalue(":","\\\\\"","\\\"",",")}

result:

{
  "\"logLevel\\": "\"INFO\\",
  "\"service\\": "\"\\",
  "\"logger\\": "\"com.achme-corp.user.service.referral.ReferralService\\",
  "\"response_code\\": "\"\\",
  "\"spanId\\": "\"806b376974bbc168\\",
  "\"operation\\": "\"\\",
  "\"logger_name\\": "\"com.achme-corp.user.service.referral.ReferralService\\",
  "\"parentSpanId\\": "\"\\",
  "\"response_time\\": "\"\\",
  "\"traceId\\": "\"66575a33ec2f6a5d594554be5ffc6da2\\",
  "\"thread\\": "\"http-nio-8080-exec-2\\",
  "\"clientId\\": "\"\\",
  "\"status\\": "\"\\",
  "\"level\\": "\"INFO\\"
}

I should state I'm very new to Datadog so perhaps i'm missing something rather simple.

Any help / guidance would be very helpful!

Upvotes: 0

Views: 164

Answers (0)

Related Questions