Description of problem: using rsyslog with MERGE_JSON_LOG=true if it gets a record with a message field that is not JSON, it will not revert back to the original message - instead you will get something like this: { "_index" : "project.json1.d99e9fea-b1c6-11e9-99f1-0a1af4e2ab48...", "_type" : "com.redhat.viaq.common", "_id" : "38A308C95C6D4840AB7DA135BAF96401", "_score" : 1.0, "_source" : { "originalmsg" : "2019-07-29T07:44:54.001564645+00:00 stdout F {\"@version\":1,\"@timestamp\":\"2019-07-29T03:44:54.001-0400\",\"sequence\":6013,\"loggerClassName\":\"org.jboss.logmanager.Logger\",\"loggerName\":\"stdout\",\"level\":\"INFO\",\"threadName\":\"EJB default - 5\",\"message\":\"timer: Hello from control: 1564386294001\",\"threadId\":144,\"mdc\":{},\"ndc\":\"\",\"log-handler\":\"CONSOLE\"}", "unparsed-data" : "2019-07-29T07:44:54.001564645+00:00 stdout F {\"@version\":1,\"@timestamp\":\"2019-07-29T03:44:54.001-0400\",\"sequence\":6013,\"loggerClassName\":\"org.jboss.logmanager.Logger\",\"loggerName\":\"stdout\",\"level\":\"INFO\",\"threadName\":\"EJB default - 5\",\"message\":\"timer: Hello from control: 1564386294001\",\"threadId\":144,\"mdc\":{},\"ndc\":\"\",\"log-handler\":\"CONSOLE\"}" } }, The presence of "originalmsg" and "unparsed-data" means the json parsing failed. Another example "originalmsg" : "2019-07-29T07:45:29.015612013+00:00 stderr F 2019/07/29 07:45:29 oauthproxy.go:775: 10.129.2.7:54734 invalid Authorization header Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtbW9uaXRvcmluZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJwcm9tZXRoZXVzLWFkYXB0ZXItdG9rZW4tamZobGgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicHJvbWV0aGV1cy1hZGFwdGVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTQ0YjNmNWMtYjE5YS0xMWU5LTlkMmItMDY2ODM5YmU1MTUwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9wZW5zaGlmdC1tb25pdG9yaW5nOnByb21ldGhldXMtYWRhcHRlciJ9.L8E4M7-5x3T542IUEi2Mi898ABcYpvp-zni_a3nwe-Y1zwxsbgrmsZGNn2dqCTRGmaRl_LYu_p0Lq3Ql9_78FcCSvc5kzfBgULPoBNikKvb_zR6cQjOaiJ6pZk8zpqSi3nqrw_3QwSzdfrgrf-LO0nm8hq6JDpiRBAjaPY2XdXlN1F9orLYzpnP5JFKEoKr9Am0vfa9ue3kIVtiFry28MMZcFOEve9D6ynEWrbAcd11BgLkM8Dx0hF1PpNHLyh8fJcZITBbYolj5pvZutS7aRCnqpYvouol1yVmlun1wDaFkY4aOxsQf6mp3J0eXR2PBGn8CtmOLPMQxb8trRqrAhA", "unparsed-data" : "2019-07-29T07:45:29.015612013+00:00 stderr F 2019/07/29 07:45:29 oauthproxy.go:775: 10.129.2.7:54734 invalid Authorization header Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtbW9uaXRvcmluZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJwcm9tZXRoZXVzLWFkYXB0ZXItdG9rZW4tamZobGgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicHJvbWV0aGV1cy1hZGFwdGVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTQ0YjNmNWMtYjE5YS0xMWU5LTlkMmItMDY2ODM5YmU1MTUwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9wZW5zaGlmdC1tb25pdG9yaW5nOnByb21ldGhldXMtYWRhcHRlciJ9.L8E4M7-5x3T542IUEi2Mi898ABcYpvp-zni_a3nwe-Y1zwxsbgrmsZGNn2dqCTRGmaRl_LYu_p0Lq3Ql9_78FcCSvc5kzfBgULPoBNikKvb_zR6cQjOaiJ6pZk8zpqSi3nqrw_3QwSzdfrgrf-LO0nm8hq6JDpiRBAjaPY2XdXlN1F9orLYzpnP5JFKEoKr9Am0vfa9ue3kIVtiFry28MMZcFOEve9D6ynEWrbAcd11BgLkM8Dx0hF1PpNHLyh8fJcZITBbYolj5pvZutS7aRCnqpYvouol1yVmlun1wDaFkY4aOxsQf6mp3J0eXR2PBGn8CtmOLPMQxb8trRqrAhA" Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Verified with ose-cluster-logging-operator-v4.2.0-201908061819
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922