Fluent Bit 不从我的 EKS 自定义应用程序发送日志
Fluent Bit does not send logs from my EKS custom applications
我正在使用 AWS Opensearch 从我的所有 Kubernetes 应用程序中检索日志。
我有以下 pods:Kube-proxy、Fluent-bit、aws-node、aws-load-balancer-controller 和我所有的应用程序(大约 10 个)。
虽然 fluent-bit 成功发送了来自我的应用程序日志的 Kube-proxy、Fluent-bit、aws-node 和 aws-load-balancer-controller、none 中的所有日志被发送。我的应用程序有 DEBUG、INFO、ERROR 日志,并且 none 由流利位发送。
这是我的流利位配置:
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-config
namespace: my-namespace
labels:
k8s-app: fluent-bit
data:
# Configuration files: server, input, filters and output
# ======================================================
fluent-bit.conf: |
[SERVICE]
Flush 1
Log_Level info
Daemon off
Parsers_File parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
@INCLUDE input-kubernetes.conf
@INCLUDE filter-kubernetes.conf
@INCLUDE output-elasticsearch.conf
input-kubernetes.conf: |
[INPUT]
Name tail
Tag kube.*
Path /var/log/containers/*.log
Parser docker
DB /var/log/flb_kube.db
Mem_Buf_Limit 50MB
Skip_Long_Lines On
Refresh_Interval 10
filter-kubernetes.conf: |
[FILTER]
Name kubernetes
Match kube.*
Kube_URL https://kubernetes.default.svc:443
Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
Kube_Tag_Prefix kube.var.log.containers.
Merge_Log On
Merge_Log_Key log_processed
K8S-Logging.Parser On
K8S-Logging.Exclude Off
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host my-host.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
AWS_Region ap-southeast-1
Retry_Limit 6
parsers.conf: |
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
非常感谢您的帮助。
你看过this article from official side? Pay attention on Log files overview部分吗
When deploying Fluent Bit to Kubernetes, there are three log files that you need to pay attention to.
C:\k\kubelet.err.log
您还可以找到 Fluent GitHub Community 并在那里创建一个问题以获得贡献者的更好支持
Fluent
有一个Slack channel
最后,我做了两件事解决了我的问题:
- 修改了这个配置:
# before
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
AWS_Region ap-southeast-1
Retry_Limit 6
# after
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
Replace_Dots On // added this
AWS_Region ap-southeast-1
Retry_Limit 6
然后,我不得不删除 fluent-bit 弹性搜索索引,然后 re-create 它。
事实上,该索引可能一开始不太适合我的 JAVA 日志,并在 re-creation.
之后调整到它。
我正在使用 AWS Opensearch 从我的所有 Kubernetes 应用程序中检索日志。
我有以下 pods:Kube-proxy、Fluent-bit、aws-node、aws-load-balancer-controller 和我所有的应用程序(大约 10 个)。
虽然 fluent-bit 成功发送了来自我的应用程序日志的 Kube-proxy、Fluent-bit、aws-node 和 aws-load-balancer-controller、none 中的所有日志被发送。我的应用程序有 DEBUG、INFO、ERROR 日志,并且 none 由流利位发送。
这是我的流利位配置:
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-config
namespace: my-namespace
labels:
k8s-app: fluent-bit
data:
# Configuration files: server, input, filters and output
# ======================================================
fluent-bit.conf: |
[SERVICE]
Flush 1
Log_Level info
Daemon off
Parsers_File parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
@INCLUDE input-kubernetes.conf
@INCLUDE filter-kubernetes.conf
@INCLUDE output-elasticsearch.conf
input-kubernetes.conf: |
[INPUT]
Name tail
Tag kube.*
Path /var/log/containers/*.log
Parser docker
DB /var/log/flb_kube.db
Mem_Buf_Limit 50MB
Skip_Long_Lines On
Refresh_Interval 10
filter-kubernetes.conf: |
[FILTER]
Name kubernetes
Match kube.*
Kube_URL https://kubernetes.default.svc:443
Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
Kube_Tag_Prefix kube.var.log.containers.
Merge_Log On
Merge_Log_Key log_processed
K8S-Logging.Parser On
K8S-Logging.Exclude Off
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host my-host.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
AWS_Region ap-southeast-1
Retry_Limit 6
parsers.conf: |
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
非常感谢您的帮助。
你看过this article from official side? Pay attention on Log files overview部分吗
When deploying Fluent Bit to Kubernetes, there are three log files that you need to pay attention to. C:\k\kubelet.err.log
您还可以找到 Fluent GitHub Community 并在那里创建一个问题以获得贡献者的更好支持
Fluent
有一个Slack channel最后,我做了两件事解决了我的问题:
- 修改了这个配置:
# before
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
AWS_Region ap-southeast-1
Retry_Limit 6
# after
output-elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host search-blacaz-logs-szzq6vokwwm4y5fkfwyngjwjxq.ap-southeast-1.es.amazonaws.com
Port 443
TLS On
AWS_Auth On
Replace_Dots On // added this
AWS_Region ap-southeast-1
Retry_Limit 6
然后,我不得不删除 fluent-bit 弹性搜索索引,然后 re-create 它。 事实上,该索引可能一开始不太适合我的 JAVA 日志,并在 re-creation.
之后调整到它。