堆栈内存溢出
  简体   繁体   English

Fluent Bit 不从我的 EKS 自定义应用程序发送日志

[英]Fluent Bit does not send logs from my EKS custom applications

 原文  2022-02-25 07:33:22       elasticsearch/ kubernetes/ amazon-eks/ fluentd/ fluent-bit

问题描述

I am using AWS Opensearch to retrieve the logs from all my Kube.netes applications.我正在使用 AWS Opensearch 从我的所有 Kube.netes 应用程序中检索日志。 I have the following pods: Kube-proxy , Fluent-bit , aws-node , aws-load-balancer-controller , and all my apps (around 10).我有以下 pod: Kube-proxyFluent-bitaws-nodeaws-load-balancer-controller和我所有的应用程序(大约 10 个)。

While fluent-bit successfully send all the logs from Kube-proxy , Fluent-bit , aws-node and aws-load-balancer-controller , none of the logs from my applications are sent.虽然 fluent-bit 成功发送了来自Kube-proxyFluent-bitaws-nodeaws-load-balancer-controller的所有日志,但我的应用程序的日志都没有发送。 My applications had DEBUG , INFO , ERROR logs, and none are sent by fluent bit.我的应用程序有DEBUGINFOERROR日志,但没有一个是通过 fluent bit 发送的。

Here is my fluent bit configuration:这是我的流利位配置:

apiVersion: v1
kind: ConfigMap
metadata:
  name: fluent-bit-config
  namespace: my-namespace
  labels:
    k8s-app: fluent-bit
data:
  # Configuration files: server, input, filters and output
  # ======================================================
  fluent-bit.conf: |
    [SERVICE]
        Flush         1
        Log_Level     info
        Daemon        off
        Parsers_File  parsers.conf
        HTTP_Server   On
        HTTP_Listen   0.0.0.0
        HTTP_Port     2020

    @INCLUDE input-kubernetes.conf
    @INCLUDE filter-kubernetes.conf
    @INCLUDE output-elasticsearch.conf

  input-kubernetes.conf: |
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/*.log
        Parser            docker
        DB                /var/log/flb_kube.db
        Mem_Buf_Limit     50MB
        Skip_Long_Lines   On
        Refresh_Interval  10

  filter-kubernetes.conf: |
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc:443
        Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
        Kube_Tag_Prefix     kube.var.log.containers.
        Merge_Log           On
        Merge_Log_Key       log_processed
        K8S-Logging.Parser  On
        K8S-Logging.Exclude Off

  output-elasticsearch.conf: |
    [OUTPUT]
        Name            es
        Match           *
        Host            my-host.es.amazonaws.com
        Port            443
        TLS             On
        AWS_Auth        On
        AWS_Region      ap-southeast-1
        Retry_Limit     6

  parsers.conf: |
    [PARSER]
        Name   apache
        Format regex
        Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   apache2
        Format regex
        Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   apache_error
        Format regex
        Regex  ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$

    [PARSER]
        Name   nginx
        Format regex
        Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name   json
        Format json
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z

    [PARSER]
        Name        docker
        Format      json
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep   On

    [PARSER]
        Name        syslog
        Format      regex
        Regex       ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
        Time_Key    time
        Time_Format %b %d %H:%M:%S

I followed this documentation我遵循了这个文档

Thanks a lot for the help.非常感谢您的帮助。

2 个解决方案

解决方案1
 3 已采纳  2022-02-26 09:40:36

Finally, I did two things that solved my issue:最后,我做了两件事来解决我的问题:

  1. Modified this configuration:修改了这个配置:
# before
 output-elasticsearch.conf: |
    [OUTPUT]
        Name            es
        Match           *
        Host            search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
        Port            443
        TLS             On
        AWS_Auth        On
        AWS_Region      ap-southeast-1
        Retry_Limit     6

# after
 output-elasticsearch.conf: |
    [OUTPUT]
        Name            es
        Match           *
        Host            search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
        Port            443
        TLS             On
        AWS_Auth        On
        Replace_Dots    On // added this
        AWS_Region      ap-southeast-1
        Retry_Limit     6

Then, I had to delete the fluent-bit Elastic search index, and re-create it.然后,我不得不删除 fluent-bit Elastic search 索引,然后重新创建它。 Indeed, the index was probably not well suited for my JAVA logs at first, and adjusted to it after re-creation.事实上,该索引最初可能不太适合我的 JAVA 日志,并在重新创建后对其进行了调整。

解决方案2
 -1  2022-02-25 15:15:27

have you seen this article from official side?你看过官方的这篇文章吗? Pay attention on Log files overview section.注意日志文件概述部分。

When deploying Fluent Bit to Kube.netes, there are three log files that you need to pay attention to.在将 Fluent Bit 部署到 Kube.netes 时,需要注意三个日志文件。 C:\k\kubelet.err.log C:\k\kubelet.err.log

Also you can find Fluent GitHub Community and create an issue there to have better support from its contributors您还可以找到Fluent GitHub Community并在那里创建一个问题以获得其贡献者的更好支持

There is a Slack channel for Fluent Fluent 有一个Slack 频道

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么 EKS 说我的 fluent-bit.conf 无效 - Why does EKS say my fluent-bit.conf is not valid EKS - Fluent-bit,CloudWatch 无法从日志条目中删除 Kube.netes 数据 - EKS - Fluent-bit, to CloudWatch unable to remove Kubernetes data from log entries EC2 是否默认将日志发送到 CloudWatch? - Does EC2 send logs to CloudWatch by default? 如何查看 EKS Fargate FluentBit 日志以进行调试? - How to see EKS Fargate FluentBit logs for debugging? 无法将日志从 kinesis firehose 发送到 opensearch - Unable to send logs from kinesis firehose to opensearch 在 Amazon eks 中 - 如何查看 eks fargate 节点创建之前的日志以及 pod 启动时的日志 - In amazon eks - how to view logs which are prior to eks fargate node creation and logs while pods is starting up 如何使用 cdk 升级我的自定义 eks 节点组版本? - how do i upgrade my custom eks nodegroup version using cdk? 如何将请求从作为客户端运行在 EKS 集群上的服务发送到在网络外部运行的不同服务 - How to send request from a service running on EKS cluster as a client to a differnt service running outside the network 如何从 TypeScript 中的可调用 Firebase Cloud Function 向我的 Unity 应用程序发送自定义 object? - How can I send custom object from my callable Firebase Cloud Function in TypeScript to my Unity app? 如何从数据流作业发送和过滤结构化日志 - How to send and filter structured logs from dataflow job
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM