search

vincent-zurczak / fluentbit-configuration-for-k8s-and-graylog

A sample configuration to collect logs with Fluentbit in a K8s environement and targeting a Graylog server
50 stars 35 forks source link

Update fluent-bit-configmap.yaml #1

Closed blaggacao closed 5 years ago

blaggacao commented 5 years ago

Taking this lifted, yet unmodifyd log:

  {
    "annotations": {
      "cni.projectcalico.org/podIP": "10.42.4.49/32",
      "prometheus.io/path": "/api/v1/metrics/prometheus",
      "prometheus.io/port": "2020",
      "prometheus.io/scrape": "true"
    },
    "container_name": "fluent-bit",
    "date": 1555797738.084483,
    "docker_id": "a3ee27d003c223037a6b34e9810b49e1588adade71760bdc9220e32a451b5252",
    "host": "165.22.141.35",
    "labels": {
      "controller-revision-hash": "7cffd9d7bc",
      "k8s-app": "fluent-bit-logging",
      "kubernetes.io/cluster-service": "true",
      "pod-template-generation": "1",
      "version": "v1"
    },
    "log": "[2019/04/20 22:02:18] [error] [out_gelf] error encoding to GELF",
    "namespace_name": "logging",
    "pod_id": "f41ca02c-63b7-11e9-a252-be914d40b130",
    "pod_name": "fluent-bit-pppm5",
    "stream": "stderr",
    "time": "2019-04-20T22:02:18.084483069Z"
  },

date is just what GELF 1.1 expects:

timestamp number: Seconds since UNIX epoch with optional decimal places for milliseconds; SHOULD be set by client library. Will be set to the current timestamp (now) by the server if absent.

NO need to keep the time field from the docker parser.

blaggacao commented 5 years ago

I know more now. Almost all keys are handled gracefully by fluent-bit: https://github.com/fluent/fluent-bit/blob/3d769693e2b302c7c4db1ee2255efdb1b68250e8/src/flb_pack.c#L1084-L1379

Or can be configured: https://github.com/fluent/fluent-bit/blob/3d769693e2b302c7c4db1ee2255efdb1b68250e8/plugins/out_gelf/gelf.c#L394-L422

The reason it didn't work, is this: https://github.com/fluent/fluent-bit/issues/1291, probably the . within the key names...

blaggacao commented 5 years ago 

    [OUTPUT]
        Name                    gelf
        Match                   *
        Host                    ${FLUENT_GELF_HOST}
        Port                    ${FLUENT_GELF_PORT}
        Mode                    tcp
        Gelf_Short_Message_Key  log    <-- This need update, too under this paradigm
vincent-zurczak commented 5 years ago

I am a little bit late, but thank you for this contribution. :+1: