Discussion on: How to classify log status on DataDog

[Lucien Boix]

Great, thank you Patrick that's exactly what I needed!

If that could help someone else I use the following pipeline to process logs coming from kube-dns pod (following docs.datadoghq.com/logs/processing...) :

• one Grok Parser with two following rules (put them is step 2 "Define parsing rules") :

kube_dns %{regex("\\w"):level}%{date("MMdd HH:mm:ss.SSSSSS"):timestamp}\s+%{number:logger.thread_id} %{notSpace:logger.name}:%{number:logger.lineno}\] %{data:msg}

kube_dns_no_msg %{regex("\\w"):level}%{date("MMdd HH:mm:ss.SSSSSS"):timestamp}\s+%{number:logger.thread_id} %{notSpace:logger.name}:%{number:logger.lineno}\]

• one Status Remapper with the attribute "level"

And here you go :

If anyone need more details on this (pushing kube-dns logs to Datadog then parse them correctly), feel free to reach me.

Have a great day!