K
Q

kubernetes log management via filebeat to logstash

7/31/2018

Im in the process of migrating some services to kubernetes and Im looking into a solution for logfile management. Said services can be rather noisy (log-speaking) and as they will be in various containers I plan to centralize the logs using logstash->elasticsearch.

If these were VMs id probably setup filebeat to grab logs and set logrotate to be pretty firm about not letting any files get more than a day old. Is this the appropriate mechanism for kubernetes? I don't want to cause problems on the kube hosts by filling up disks.

In essence: Each container would have a service + filebeat + strict logrotate policy. Logs would be forwarded to a central logstash instance.

Is that reasonable?

-- ethrbunny
filebeat
kubernetes
logstash

Similar Questions

Google Cloud: Cannot get the VM to use 96 CPUs
Unable to install Kubernetes Latest version following the official installation guide on CentOS 7 on a VM
What is the architecture for recover logs from a storage account to a Elasticsearch deployed on KUBERNETES?
Spring cloud config with kubernetes
Openshift Job exists, but doesn't get scheduled and can't be deleted

1 Answer

8/1/2018

There are no restriction to use any kind of log aggregators. You can use service + filebeat + strict logrotate policy if it is applicable for you. Also, as an alternative you can use fluend-bit as a log aggregator and than send it to ELK.

In official documentation you could find good how to how to use ELK + fluend.

-- Nick Rak
Source: StackOverflow