foxutech/k8s-logging-configmap.yaml

## k8s-logging-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: logging-configmap
  namespace: logging
data:
  logstash.yml: |
    http.host: "0.0.0.0"
    path.config: /usr/share/logstash/pipeline
    ## Disable X-Pack
    xpack.monitoring.enabled: false
  logstash.conf: |
    input {
      beats {
        port => 5044
      }
    }

    filter {
      if [type] == "kube-logs" {
        mutate {
          rename => ["log", "message"]
          add_tag => [ "<<anyname>>", "kubernetes" ]
        }
        date {
          match => ["time", "ISO8601"]
          remove_field => ["time"]
        }
        # all standard container logs files match a common pattern
        grok {
            match => { "source" => "/var/log/containers/%{kubernetes.pod}_%{kubernetes.namespace}_%{container_file_ext}".log" }
            remove_field => ["source"]
        }
        # system services have a simpler log filename format that does not include namespace, pod names, or container ids
        grok {
            match => { "source" => "/var/log/hostlogs/%{DATA:container_name}.log" }
            add_field => { "namespace" => "kube-system" }
            remove_field => ["source"]
        }
      }
    }
    output {
        elasticsearch {
            hosts => [ "logstash-elasticsearch-service:9200" ]
        }
    }
  filebeat.yml: |
    filebeat.registry_file: /var/tmp/filebeat/filebeat_registry
    filebeat.prospectors:
    - input_type: log
      symlinks: true
      json.message_key: log
      json.keys_under_root: true
      json.add_error_key: true
      multiline.pattern: '^\s'
      multiline.match: after
      fields:
          host: ${FILEBEAT_HOST:${HOSTNAME}}
          type: kube-logs
      fields_under_root: true
      paths:
        - /var/log/containers/*.log
    # process system logs, such as kube-apiserver, kube-controller-manager, etc
    - input_type: log
      fields:
          host: ${FILEBEAT_HOST:${HOSTNAME}}
          type: kube-logs
      fields_under_root: true
      paths:
        - /var/log/hostlogs/kube*.log
    output.logstash:
      hosts: ["logstash-service:5044"]

  kibana.yml: |

    elasticsearch.url: http://logstash-elasticsearch-service:9200

    xpack.security.enabled: false
    xpack.monitoring.enabled: false
    xpack.ml.enabled: false
    xpack.graph.enabled: false
    xpack.reporting.enabled: false
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: logging-configmap
	namespace: logging
	data:
	logstash.yml: \|
	http.host: "0.0.0.0"
	path.config: /usr/share/logstash/pipeline
	## Disable X-Pack
	xpack.monitoring.enabled: false
	logstash.conf: \|
	input {
	beats {
	port => 5044
	}
	}

	filter {
	if [type] == "kube-logs" {
	mutate {
	rename => ["log", "message"]
	add_tag => [ "<<anyname>>", "kubernetes" ]
	}
	date {
	match => ["time", "ISO8601"]
	remove_field => ["time"]
	}
	# all standard container logs files match a common pattern
	grok {
	match => { "source" => "/var/log/containers/%{kubernetes.pod}_%{kubernetes.namespace}_%{container_file_ext}".log" }
	remove_field => ["source"]
	}
	# system services have a simpler log filename format that does not include namespace, pod names, or container ids
	grok {
	match => { "source" => "/var/log/hostlogs/%{DATA:container_name}.log" }
	add_field => { "namespace" => "kube-system" }
	remove_field => ["source"]
	}
	}
	}
	output {
	elasticsearch {
	hosts => [ "logstash-elasticsearch-service:9200" ]
	}
	}
	filebeat.yml: \|
	filebeat.registry_file: /var/tmp/filebeat/filebeat_registry
	filebeat.prospectors:
	- input_type: log
	symlinks: true
	json.message_key: log
	json.keys_under_root: true
	json.add_error_key: true
	multiline.pattern: '^\s'
	multiline.match: after
	fields:
	host: ${FILEBEAT_HOST:${HOSTNAME}}
	type: kube-logs
	fields_under_root: true
	paths:
	- /var/log/containers/*.log
	# process system logs, such as kube-apiserver, kube-controller-manager, etc
	- input_type: log
	fields:
	host: ${FILEBEAT_HOST:${HOSTNAME}}
	type: kube-logs
	fields_under_root: true
	paths:
	- /var/log/hostlogs/kube*.log
	output.logstash:
	hosts: ["logstash-service:5044"]

	kibana.yml: \|

	elasticsearch.url: http://logstash-elasticsearch-service:9200

	xpack.security.enabled: false
	xpack.monitoring.enabled: false
	xpack.ml.enabled: false
	xpack.graph.enabled: false
	xpack.reporting.enabled: false