Skip to content

conf: parsers: add k8s-nginx-ingress-error parser #11169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

conf: parsers: add k8s-nginx-ingress-error parser #11169

wants to merge 1 commit into from

Conversation

@nip-was-here
Copy link

@nip-was-here nip-was-here commented Nov 16, 2025
edited by coderabbitai bot
Loading

Add parser for error log of nginx as Kubernetes Ingress Controller

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • [N/A] Example configuration file for the change
  • [N/A] Debug log output from testing the change
  • [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • [N/A] Run local packaging test showing all targets (including any new ones) build.
  • [N/A] Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • [N/A] Documentation required for this feature

Backporting

  • [N/A] Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

  • New Features
    • Added a parser for Kubernetes Nginx ingress error logs to capture structured fields from nginx error entries, improving error event visibility.
    • Updated the JSON log parser to use a standardized timestamp key and format (YYYY/MM/DD HH:MM:SS), improving time extraction consistency across logs.

@coderabbitai
Copy link

coderabbitai bot commented Nov 16, 2025
edited
Loading

Walkthrough

Added a new regex-based parser k8s-nginx-ingress-error and set explicit time extraction (Time_Key/Time_Format) for both the new parser and the existing json parser in conf/parsers.conf.

Changes

Cohort / File(s) Summary
Parser configuration
conf/parsers.conf		 Added PARSER k8s-nginx-ingress-error (regex with full capture groups, Time_Key: time_local, Time_Format: %Y/%m/%d %H:%M:%S) and updated existing json parser to set Time_Key: time_local and Time_Format: %Y/%m/%d %H:%M:%S.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Focus review on the new regex correctness and coverage (escaping, capture group names).
  • Verify Time_Key/Time_Format changes don't conflict with other parsers or downstream consumers in conf/parsers.conf.

Poem

🐇 A regex nibble, tidy and clear,
Logs hop in, no need to fear.
Time stamped neat, fields in view,
Nginx whispers, "I’m parsed anew." 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately and concisely describes the primary change: adding a new k8s-nginx-ingress-error parser to the configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 73d20d0 and 21e13ee.

📒 Files selected for processing (1)
  • conf/parsers.conf (1 hunks)
🔇 Additional comments (1)
conf/parsers.conf (1)

35-42: Validate parser with real nginx ingress error logs before deployment.

The parser syntax is correct for Fluent Bit and time formatting is properly aligned. However, the original review's concerns remain valid:

  1. AI Summary Inconsistency Confirmed: The json parser (lines 51-52) was not modified. It still uses Time_Key: time and Time_Format: %d/%b/%Y:%H:%M:%S %z, not the values mentioned in the AI summary.

  2. No Test Coverage Found: The repository has no existing tests for parsers. With a 1281-character regex pattern across 15 capture groups, validation against actual nginx ingress error logs is essential before deployment to ensure:

    • All expected fields parse correctly
    • Edge cases (missing optional fields, special characters, IPv4/IPv6 variety) are handled
    • No performance issues at scale

  3. Regex Complexity: The pattern includes comprehensive IPv4/IPv6 matching. While syntactically sound and properly formatted in PCRE syntax, this complexity warrants real-world validation.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@nip-was-here
conf: parsers: add k8s-nginx-ingress-error parser
21e13ee 
Signed-off-by: nip <182409448+nip-was-here@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@cosmo0920 cosmo0920 Awaiting requested review from cosmo0920 cosmo0920 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

docs-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nip-was-here