Ship Kubernetes logs to Logstash

laszlocloud · May 8, 2017, 6:10am

Hello,

would like to know how others solved the question. I have a working solution, but generally interested how you did it.

Here is the result of a day spent reading:

The Kubernetes ecosystem works with Fluentd mostly (so did Openshift in my previous project)
Fluentd has nice container metadata https://github.com/fluent/fluentd-kubernetes-daemonset
Fluentd can’t talk to logstash BUMMER
Filebeat talks to Logstash, Kubernetes is not their main usecase, they don’t have nice defaults like the above linked Fluentd daemonset.
But the only thing the Fluentd daemonset adds as metadata is coming from a plugin, that is essentially slicing up log file names.
Luckily someone did it already: github.com/ApsOps/filebeat-kubernetes

So as of now, I use https://github.com/ApsOps/filebeat-kubernetes on my testing cluster to ship logs to Logstash.

Looking forward to hear other takes.

Take care.
Laszlo

ITBlogger · August 28, 2018, 4:17pm

We are using the official filebeat and metricbeat deployment/daemonset configs with some tweaks.

Also using filebeat hint based autodiscover to properly deal with multiline logs.

Filebeat daemonset pods send logs to logstash, metricbeat pods send data directly to kibana/elasticsearch.

We’re using Elastalert for alerting, currently just to Slack

So far it’s working very well. But that’s really only just now been the case. Metricbeat had issues with changes made to kube-state-metrics that weren’t fixed until Metricbeat 6.4.0, but now that those issues have been fixed, it’s pretty golden.

–Alex

Topic		Replies	Views
Fluentd logs to nfs Rancher 2.x	1	1035	January 10, 2020
Cluster Logging to Elasticsearch target with systemd underlying OS Rancher 2.x	16	5269	August 13, 2020
Using Filebeats in the ELK Stack Rancher 1.x	1	2061	April 7, 2020
Logging with containerD runtime Rancher 2.x	0	451	July 28, 2020
Rancher 2.0 pods rsyslog to file Rancher 2.x	0	452	March 10, 2020

Ship Kubernetes logs to Logstash

Related Topics