Created
April 26, 2017 07:45
-
-
Save chancez/b79f7c1d94008eb46ad949480c85fe97 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Capture Kubernetes pod logs | |
| # The kubelet creates symlinks that capture the pod name, namespace, | |
| # container name & Docker container ID to the docker logs for pods in the | |
| # /var/log/containers directory on the host. | |
| <source> | |
| type tail | |
| path /var/log/containers/*.log | |
| pos_file /var/log/fluentd-containers.log.pos | |
| time_format %Y-%m-%dT%H:%M:%S.%NZ | |
| tag kubernetes.* | |
| format json | |
| read_from_head true | |
| </source> | |
| # Query the API for extra metadata. | |
| <filter kubernetes.**> | |
| type kubernetes_metadata | |
| # If the logs begin with '{' and end with '}' then it's JSON so merge | |
| # the JSON log field into the log event | |
| merge_json_log true | |
| preserve_json_log true | |
| </filter> | |
| # rewrite_tag_filter does not support nested fields like | |
| # kubernetes.container_name, so this exists to flatten the fields | |
| # so we can use them in our rewrite_tag_filter | |
| <filter kubernetes.**> | |
| @type record_transformer | |
| enable_ruby true | |
| <record> | |
| kubernetes_namespace_container_name ${record["kubernetes"]["namespace_name"]}.${record["kubernetes"]["container_name"]} | |
| </record> | |
| </filter> | |
| # retag based on the container name of the log message | |
| <match kubernetes.**> | |
| @type rewrite_tag_filter | |
| rewriterule1 kubernetes_namespace_container_name ^(.+)$ kube.$1 | |
| </match> | |
| # Remove the unnecessary field as the information is already available on | |
| # other fields. | |
| <filter kube.**> | |
| @type record_transformer | |
| remove_keys kubernetes_namespace_container_name | |
| </filter> | |
| <filter kube.kube-system.**> | |
| type parser | |
| format kubernetes | |
| reserve_data true | |
| key_name log | |
| suppress_parse_error_log true | |
| ignore_key_not_exist true | |
| </filter> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment