Hi. I’m trying to use built in FluentD app in Rancher to collect logs for Splunk. Nothink is comming to Splunk so far. I checked the logs in rancher-logging-fluentd-linux workloads and I can see messages [warn] /var/log/containers/****.log unreadable. I found that logs in /var/logs/containers are just links to /opt/docker-data/containers. However I can’t access logs from fluentd pod. I guess I need to mount them. Can you advice me, how to do that?
Tahnk you
I had a similar problem and the root cause was that we had relocated the docker root from /var/lib. Fluentd can’t find the logs without some reconfiguration. Have you moved the docker root?
It seem, that this is the root cause. According to result of docker info command:
Docker Root Dir: /opt/docker-data
How do you suggest to fix it? Change docker root for cluster?
Have you tested mount /opt/docker to solve the problem?
Hi. Sorry for late reply. I can´t do that on impacted cluster. I guess I need to set up my own FluentD image. Thanks for advice.