K
Q

Kubernetes pod logs using fluentd , with ELK

10/26/2018

We need to separate the pod logs for each k8s namespace to be indexed into separate Elasticsearch index. Currently all the logs are going to just one index pattern logstash-%DATE.

Is there a way on the fluntd side or in the logstash to separate the logs and redirect them to different indices based on the k8s namespace from which the logs are coming , what would be the better option in terms of performance , sacalability and operational ease.

Use case:

Elasticsearch is multi-tenant so we need to send the logs of each namespace to a different index pattern so that we can apply access control.

-- Ijaz Ahmad Khan
elasticsearch
fluentd
kubernetes
security

Similar Questions

Prometheus API returning HTML instead of JSON
Kubernetes add GPU support, does the cpu node need install nvidia driver and nvidia docker?
About kubernetes pods dns parsing problem
Spring Boot Application on Kubernetes How to use external message.properties file for supporting i18n and l10n?
Elastic Search Kubernetes - Disable memory swapping
Canary rollout between two k8s/gke namespaces by DNS cutover?
Failed to install metrics-server on minikube
How do I change the passwords for mysql after the helm chart from bitnami has been used?
GKE with custom vm's node pools isn't scaling down

0 Answers