Feature request
- The following Splunk query parameters or Splunk fields should be configurable to ensure compatibility with every Splunk environment:
- "pipelineRunUIDKey" and "taskRunUIDKey"
Currently, the field names for these values are hard-coded. This leads to incompatibility with Splunk environments that have different field definitions.
See:
|
pipelineRunUIDKey = "kubernetes.labels.tekton_dev_pipelineRunUID" |
|
taskRunUIDKey = "kubernetes.labels.tekton_dev_taskRunUID" |
The logs can also be forwarded to Splunk using various tools, although the field names might not match exactly.
They should support a simple parameter with placeholders like "index=FOO kubernetes.labels.tekton_dev_taskRunUID="{taskRunUID}".
In the implementation, you should then simply overwrite the placeholders {taskRunUID} with their values.
- Specify parameters earliest_time and latest_time to Query
The current implementation just sends "alltime" search, which can significantly reduce performance on large Splunk deployments.
(For the Loki LOGS_TYPE you do specify the parameters for specifying time range of the search...)
Use case
The logs can also be forwarded to Splunk using various tools, although the field names might not match exactly.
The logs can also be forwarded to large Splunk deployments. The Current Query Implementation would significantly reduce performance.
Feature request
Currently, the field names for these values are hard-coded. This leads to incompatibility with Splunk environments that have different field definitions.
See:
results/pkg/api/server/v1alpha2/plugin/plugin_logs.go
Line 59 in a4c7489
results/pkg/api/server/v1alpha2/plugin/plugin_logs.go
Line 60 in a4c7489
The logs can also be forwarded to Splunk using various tools, although the field names might not match exactly.
They should support a simple parameter with placeholders like "index=FOO kubernetes.labels.tekton_dev_taskRunUID="{taskRunUID}".
In the implementation, you should then simply overwrite the placeholders {taskRunUID} with their values.
Same for the filed message.
See: https://github.com/tektoncd/results/blob/a4c7489d33e1c68b4b702d0b418e702743d35742/pkg/api/server/v1alpha2/plugin/plugin_logs.go#L506C62-L506C76
The logs can also be forwarded to Splunk using various tools, although the field names might not match exactly.
Setting or overwriting this field name should be possible.
The current implementation just sends "alltime" search, which can significantly reduce performance on large Splunk deployments.
(For the Loki LOGS_TYPE you do specify the parameters for specifying time range of the search...)
Use case
The logs can also be forwarded to Splunk using various tools, although the field names might not match exactly.
The logs can also be forwarded to large Splunk deployments. The Current Query Implementation would significantly reduce performance.