Skip to content

Instantly share code, notes, and snippets.

@foxutech
Created September 21, 2018 06:45
Show Gist options
  • Save foxutech/7e116238a871c95be8f462d05b875588 to your computer and use it in GitHub Desktop.
Save foxutech/7e116238a871c95be8f462d05b875588 to your computer and use it in GitHub Desktop.
apiVersion: v1
kind: ConfigMap
metadata:
name: logging-configmap
namespace: logging
data:
logstash.yml: |
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
## Disable X-Pack
xpack.monitoring.enabled: false
logstash.conf: |
input {
beats {
port => 5044
}
}
filter {
if [type] == "kube-logs" {
mutate {
rename => ["log", "message"]
add_tag => [ "<<anyname>>", "kubernetes" ]
}
date {
match => ["time", "ISO8601"]
remove_field => ["time"]
}
# all standard container logs files match a common pattern
grok {
match => { "source" => "/var/log/containers/%{kubernetes.pod}_%{kubernetes.namespace}_%{container_file_ext}".log" }
remove_field => ["source"]
}
# system services have a simpler log filename format that does not include namespace, pod names, or container ids
grok {
match => { "source" => "/var/log/hostlogs/%{DATA:container_name}.log" }
add_field => { "namespace" => "kube-system" }
remove_field => ["source"]
}
}
}
output {
elasticsearch {
hosts => [ "logstash-elasticsearch-service:9200" ]
}
}
filebeat.yml: |
filebeat.registry_file: /var/tmp/filebeat/filebeat_registry
filebeat.prospectors:
- input_type: log
symlinks: true
json.message_key: log
json.keys_under_root: true
json.add_error_key: true
multiline.pattern: '^\s'
multiline.match: after
fields:
host: ${FILEBEAT_HOST:${HOSTNAME}}
type: kube-logs
fields_under_root: true
paths:
- /var/log/containers/*.log
# process system logs, such as kube-apiserver, kube-controller-manager, etc
- input_type: log
fields:
host: ${FILEBEAT_HOST:${HOSTNAME}}
type: kube-logs
fields_under_root: true
paths:
- /var/log/hostlogs/kube*.log
output.logstash:
hosts: ["logstash-service:5044"]
kibana.yml: |
elasticsearch.url: http://logstash-elasticsearch-service:9200
xpack.security.enabled: false
xpack.monitoring.enabled: false
xpack.ml.enabled: false
xpack.graph.enabled: false
xpack.reporting.enabled: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment