Hello community!
We need to ship RKE cluster logs to Elasticsearch including deployment failures, pods problems, invalid API requests etc. and excluding containers’ internal logs.
I’m trying to follow https://rancher.com/docs/rancher/v2.x/en/cluster-admin/tools/logging/#enabling-cluster-logging, item 4 (Edit as File). I’ve investigated default Fluentd configuration when cluster logging is enabled and I think simpliest “raw fluentd configuration for any logging service” in my case should look like this:
<match rke.**>
@type elasticsearch
host elasticsearch.host.tld
index_name rancher
</match>
However when I press “Dry Run” I get “Something’s not quite right. Check your inputs.”. I’ve tried to put * in match clause and put whole raw Fluentd config (same as default but without cluster and project sources) but with same result.
So, my questions are:
- Am I thinking in correct direction in general?
- Could anyone share a working custom Fluentd configuration which one should put into file editor mentioned in the manual?
TIA