[英]Fluent Bit does not send logs from my EKS custom applications
I am using AWS Opensearch to retrieve the logs from all my Kube.netes applications.我正在使用 AWS Opensearch 从我的所有 Kube.netes 应用程序中检索日志。 I have the following pods:
Kube-proxy
, Fluent-bit
, aws-node
, aws-load-balancer-controller
, and all my apps (around 10).我有以下 pod:
Kube-proxy
、 Fluent-bit
、 aws-node
、 aws-load-balancer-controller
和我所有的应用程序(大约 10 个)。
While fluent-bit successfully send all the logs from Kube-proxy
, Fluent-bit
, aws-node
and aws-load-balancer-controller
, none of the logs from my applications are sent.虽然 fluent-bit 成功发送了来自
Kube-proxy
、 Fluent-bit
、 aws-node
和aws-load-balancer-controller
的所有日志,但我的应用程序的日志都没有发送。 My applications had DEBUG
, INFO
, ERROR
logs, and none are sent by fluent bit.我的应用程序有
DEBUG
、 INFO
、 ERROR
日志,但没有一个是通过 fluent bit 发送的。
Here is my fluent bit configuration:这是我的流利位配置:
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-config
namespace: my-namespace
labels:
k8s-app: fluent-bit
data:
# Configuration files: server, input, filters and output
# ======================================================
fluent-bit.conf: |
[SERVICE]
Flush 1
Log_Level info
Daemon off
Parsers_File parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
@INCLUDE input-kubernetes.conf
@INCLUDE filter-kubernetes.conf
@INCLUDE output-elasticsearch.conf
input-kubernetes.conf: |
[INPUT]
Name tail
Tag kube.*
Path /var/log/containers/*.log
Parser docker
DB /var/log/flb_kube.db
Mem_Buf_Limit 50MB
Skip_Long_Lines On
Refresh_Interval 10
filter-kubernetes.conf: |
[FILTER]
Name kubernetes
Match kube.*
Kube_URL https://kubernetes.default.svc:443
Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
Kube_Tag_Prefix kube.var.log.containers.
Merge_Log On
Merge_Log_Key log_processed
K8S-Logging.Parser On
K8S-Logging.Exclude Off
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host my-host.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
AWS_Region ap-southeast-1
Retry_Limit 6
parsers.conf: |
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
I followed this documentation我遵循了这个文档
Thanks a lot for the help.非常感谢您的帮助。
Finally, I did two things that solved my issue:最后,我做了两件事来解决我的问题:
# before
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
AWS_Region ap-southeast-1
Retry_Limit 6
# after
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
Replace_Dots On // added this
AWS_Region ap-southeast-1
Retry_Limit 6
Then, I had to delete the fluent-bit Elastic search index, and re-create it.然后,我不得不删除 fluent-bit Elastic search 索引,然后重新创建它。 Indeed, the index was probably not well suited for my JAVA logs at first, and adjusted to it after re-creation.
事实上,该索引最初可能不太适合我的 JAVA 日志,并在重新创建后对其进行了调整。
have you seen this article from official side?你看过官方的这篇文章吗? Pay attention on Log files overview section.
注意日志文件概述部分。
When deploying Fluent Bit to Kube.netes, there are three log files that you need to pay attention to.
在将 Fluent Bit 部署到 Kube.netes 时,需要注意三个日志文件。 C:\k\kubelet.err.log
C:\k\kubelet.err.log
Also you can find Fluent GitHub Community and create an issue there to have better support from its contributors您还可以找到Fluent GitHub Community并在那里创建一个问题以获得其贡献者的更好支持
There is a Slack channel for Fluent Fluent 有一个Slack 频道
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.