parse ingress logs towards opensearch
this manifest deploys as daemonset so every node gets one
get into the nodes which hold the ingress and check what files you wanna grab
docker exec -ti minikube bash
#cd /var/log/containers/
cd /var/log/pods/
ls -lF *ingress-nginx*/controller/
tail *ingress-nginx*/controller/0.og
^D
git clone https://github.com/fluent/helm-charts.git cd helm-charts/charts/fluent-bit/ ls -lF values.yaml
grab and tune our jinja2 sample
cd ../ wget https://pub.nethence.com/logging/fluentbit/templates/flb-values.yaml.j2 vi flb-values.yaml.j2 cd fluent-bit/
proceed with the chart values generation
export log_host=... export log_port=9200 export log_http_user=... export log_http_passwd=... export priclass=... j2 -e log_host -e log_port -e log_http_user -e log_http_passwd -e priclass ../flb-values.yaml.j2 > flb-values.yaml
deploy the pods
helm template test-flb ./ --values=flb-values.yaml | grep image:
helm template test-flb ./ --values=flb-values.yaml | less # check indentation
# --debug
kubectx
kubens -c
helm template test-flb ./ --values=flb-values.yaml | grep namespace
# --namespace ...
#helm uninstall test-flb
helm install test-flb ./ --values=flb-values.yaml --dry-run
helm install test-flb ./ --values=flb-values.yaml
#helm upgrade test-flb ./ --values=flb-values.yaml
kubectl get ds
kubectl describe ds test-flb | less
watch -n1 "kubectl get pods | grep ^test-flb"
for pod in `kubectl get pods | grep ^test-flb | awk '{print $1}'`; do
kubectl logs $pod --tail=1
done; unset pod
see k8s-ingress-logs-acceptance
get into the first listed test-flb pod
kubectl exec -ti `kubectl get pods | grep ^test-flb | head -1 | awk '{print $1}'` -- bash
happens with elastic
object mapping for [host] tried to parse field [host] as object, but found a concrete value
==> rename field host to something else – apparently it’s already in use somehow
https://docs.fluentbit.io/manual/installation/kubernetes
https://fluentbit.io/blog/2020/12/29/5-minute-guide-to-deploying-fluent-bit-on-kubernetes/
https://docs.fluentbit.io/manual/pipeline/inputs
https://docs.fluentbit.io/manual/pipeline/parsers
https://github.com/fluent/fluent-bit/blob/master/conf/parsers.conf
https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression
https://docs.fluentbit.io/manual/pipeline/filters
https://docs.fluentbit.io/manual/pipeline/filters/parser
https://docs.fluentbit.io/manual/pipeline/filters/modify
https://docs.fluentbit.io/manual/pipeline/outputs
https://docs.fluentbit.io/manual/pipeline/outputs/opensearch
https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch
https://docs.fluentbit.io/manual/administration/scheduling-and-retries
==> Retry_Limit
https://stackoverflow.com/questions/40686151/kubernetes-pod-gets-recreated-when-deleted
https://discuss.elastic.co/t/where-is-the-object-mapping-for-host-defined/281541
https://hub.docker.com/r/fluent/fluent-bit/
https://devopscube.com/setup-efk-stack-on-kubernetes/
https://github.com/scriptcamp/kubernetes-efk
https://github.com/scriptcamp/kubernetes-efk/tree/main/fluentd
https://stackoverflow.com/questions/74443276/fluentbit-where-does-field-in-logs-for-pod-come-from
https://stackoverflow.com/questions/36649113/what-does-the-type-mean-in-elasticsearch
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/mapping-type-field.html
https://docs.fluentbit.io/manual/pipeline/inputs/systemd