kfirfer
commented
1 year ago Nevermind successed with this configuration:
<source>
@id fluentd-containers.log
@type tail
path /var/log/containers/*.log
pos_file /var/log/containers.log.pos
tag raw.kubernetes.*
#read_from_head true
<parse>
@type multi_format
<pattern>
format json
time_key time
time_format %Y-%m-%dT%H:%M:%S.%NZ
</pattern>
<pattern>
format /^(?<time>.+) (?<stream>stdout|stderr) [^ ]* (?<log>.*)$/
time_format %Y-%m-%dT%H:%M:%S.%N%:z
</pattern>
</parse>
</source>
# Detect exceptions in the log output and forward them as one log entry.
<match raw.kubernetes.**>
@id raw.kubernetes
@type detect_exceptions
remove_tag_prefix raw
message log
stream stream
multiline_flush_interval 5
max_bytes 500000
max_lines 1000
</match>
## Concatenate multi-line logs
#<filter **>
# @id filter_concat
# @type concat
# key log
# use_first_timestamp true
# multiline_end_regexp /\n$/
# separator ""
# timeout_label @NORMAL
# flush_interval 5
#</filter>
# Enriches records with Kubernetes metadata
<filter kubernetes.**>
@id filter_kubernetes_metadata
@type kubernetes_metadata
skip_labels true
</filter>
# Fixes json fields in Elasticsearch
<filter kubernetes.**>
@id filter_parser
@type parser
key_name log
reserve_time true
reserve_data true
remove_key_name_field true
<parse>
@type multi_format
<pattern>
format json
</pattern>
<pattern>
format none
</pattern>
</parse>
</filter>
Hello
fluentd-elasticsearch chart is supporting docker log formar while the /var/log/containers/*.log are in json's In containerd the logs seems like a plain text format and parsed as "log" single field in elastc
How do I use the chart to use it for containerd logs format ?
This is the
containers.input.confcontent:Thanks !