Reputation: 73
kubernetes efk: what does fluentd's 'filter' filter?
I'm trying to enable efk in my kubernetes cluster. I find a file about fluentd's config: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/fluentd-elasticsearch/fluentd-es-configmap.yaml
In this file, there's:
<filter kubernetes.**>
@id filter_kubernetes_metadata
@type kubernetes_metadata
</filter>
# Fixes json fields in Elasticsearch
<filter kubernetes.**>
@id filter_parser
@type parser
key_name log
reserve_data true
remove_key_name_field true
<parse>
@type multi_format
<pattern>
format json
</pattern>
<pattern>
format none
</pattern>
</parse>
</filter>
I want to use different parsers for different deployments. So I wonder:
what's 'kubernetes.**' in kubernetes? Is it the name of a deployment or label of a deployment?
In docker-compose file, we can tag on different containers and use the tag in fluentd's 'filter'. In kubernetes, is there any similar way?
Thanks for your help!
Upvotes: 2
Views: 235
Answers (2)
Reputation: 23
I was struggleing with the same issue as you are, but I think i found the solution for you. Kubernetes filter metadata adds a json to your log records with a lot of information, like deployment, container name and namespace name. I did like this to identify the records by namespace_name.container_name:
<filter kubernetes.**>
@type record_modifier
<record>
new_tag ${record['kubernetes']['namespace_name']}_${record['kubernetes']['container_name']}
tag ${tag}
</record>
</filter>
<match kubernetes.**>
@type rewrite_tag_filter
<rule>
key $.new_tag
pattern /^(.+)_(.+)$/
tag $1.$2
</rule>
</match>
<filter *.*>
@type record_transformer
remove_keys new_tag
</filter>
check the documentation of record_modifier if you need more insight https://github.com/repeatedly/fluent-plugin-record-modifier
Hope this serves you :)
Upvotes: 0
Related Questions
- FluentD log unreadable. it is excluded and would be examined next time
- FluentBit doesn't work with multiple tail options for Kubernetes filter
- Log entries lost while using fluent-bit with kubernetes filter and elasticsearch output
- How to update Fluentd daemonset in Kubernetes
- K8S EFK (especially Fluentd) daemonset for docker journald logging driver
- Kubernetes EnvoyFilter description
- Fluentd is not filtering as intended before writing to Elasticsearch
- How to install Fluentd plugins on k8s
- Fluentd Matching tags
- How to customise fluentd config when using the kubernetes fluentd-elasticsearch addon