Hello,
we have a working environment with Graylog 5.1.3 on Debian GNU Linux on which we added a Kubernetes input (gelf tcp).
Some tool on K8s side puts colour escape characters: is it possible to enable decoding of such characters or to simply remove them?
Example:
[[34m2023-07-20 13:54:06,562e[0m] {e[34mscheduler_job.py:e[0m878} DEBUGe[0m - Next timed event is in 0.146135e[0m
Thanks,
Matteo
You can remove any characters, but not based on their color. What part of that message, specifically, are you wanting to trim?
Are you seeing the colors in the message field in Graylog?
Hi,
I would like to trim escape sequences based colour, that is “[34” and “e[0m” or that Graylog correctly translated them in visual colors like Grafana does for other environments we have.
Currently Graylog does not translate colors and shows them like in the message I posted.
Thanks,
Matteo
I recently had a similar use case and ended up creating a pipeline function to address. You may find it useful. Change to suite your taste.
rule "PARSE - clean up color codes"
when
(
regex(
pattern: "\\[\\d+;\\d+;\\d+m",
value: to_string($message.message)
).matches == true
)
then
let sMsg = to_string($message.message);
let rs_color = regex(
pattern: "(\\[\\d+;\\d+;\\d+m)",
value: sMsg
);
set_field("console_line_color", rs_color["0"]);
let sMsg = regex_replace(
pattern: "\\[\\d+;\\d+;\\d+m",
value: sMsg,
replacement: ""
);
set_field("message", to_string(sMsg));
end
Works perfectly, thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.