Fluent-bit: Get logs only from specific k8s pods

Created on 4 Apr 2019  路  4Comments  路  Source: fluent/fluent-bit

Well, not really a bug, I just don't know how todo this. I install fluent-bit using https://github.com/helm/charts/tree/master/stable/fluent-bit. Now, by default, it will scan all the pods and will get all the logs. But, is there a way to exclude all the pods, except the ones which I need to get logs from? Note that I start the k8s using DigitalOcean and there are already some pods started by default and I can't influence and set fluentbit.io/exclude. I guess I can edit after and set this annotation, but it's harder to automate this process. I guess there is a way to get logs only from specific pods?

Thx a lot!

fixed question
Source
picture botzill
👍3

Most helpful comment

@singhjagmohan1000 Thanks for the comment.

For others, config like this in input tail works

Exclude_Path /var/log/containers/*_kube-system_*.log 
````
here `_kube-system_` is namespace, I had to add this to avoid it fluent-bit fetching logs of  `canal` networking service which makes lots of load and noise. 

@botzill  PR for the helm seems unnecessary.  
You could add this in `extraEnties.input` https://github.com/helm/charts/blob/master/stable/fluent-bit/values.yaml#L166

I did like this

extraEntries:
# Ignore logs from containers in kube-system namespace
input: |-
Exclude_Path /var/log/containers/_kube-system_.log
````
It worked for me.

picture pshanoop on 11 Feb 2020
👍3

All 4 comments

in input tail plugin, the path parameter is giving the path from where to extract the logs. As you are using helm templates, so default values for that if you see in values.yml is "/var/log/containers/*.log". Either you can change that.
Or you can define a parameter called Exclude_Path https://docs.fluentbit.io/manual/input/tail#config to exclude the specific logs you do not want to be extracted by fluent-bit.
If you need any help, let me know.

singhjagmohan1000 picture singhjagmohan1000 on 4 Apr 2019
👍3

Thx @singhjagmohan1000, That's a good solution. Made PR for that option as it's not present in helm chart.

botzill picture botzill on 5 Apr 2019
👍1

there should be something controlled from pod and namespace annotations which will give flexibility to the end user to control sending logs.

eg.

  1. to stop sending logs from any pod within a namespace:

    • set annotation "fluentd.org/exclude : true" to the namespace

  2. to send pod logs i.e. override namespace level annotation

    • set "fluentd.org/exclude : true" to a pod

  3. if none of above is set then send all pod's logs to elasticsearch

sumologic does similar, check here https://github.com/SumoLogic/fluentd-kubernetes-sumologic#exclude-data-using-annotations

infa-ddeore picture infa-ddeore on 22 Jan 2020
👍2

@singhjagmohan1000 Thanks for the comment.

For others, config like this in input tail works

Exclude_Path /var/log/containers/*_kube-system_*.log 
````
here `_kube-system_` is namespace, I had to add this to avoid it fluent-bit fetching logs of  `canal` networking service which makes lots of load and noise. 

@botzill  PR for the helm seems unnecessary.  
You could add this in `extraEnties.input` https://github.com/helm/charts/blob/master/stable/fluent-bit/values.yaml#L166

I did like this

extraEntries:
# Ignore logs from containers in kube-system namespace
input: |-
Exclude_Path /var/log/containers/_kube-system_.log
````
It worked for me.

pshanoop picture pshanoop on 11 Feb 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Barbazoo picture Barbazoo  路  3Comments
tarokkk picture tarokkk  路  3Comments
thrift24 picture thrift24  路  4Comments
dbluxo picture dbluxo  路  4Comments
huanggze picture huanggze  路  3Comments