K
Q

kubernetes efk: what does fluentd's 'filter' filter?

1/14/2019

I'm trying to enable efk in my kubernetes cluster. I find a file about fluentd's config: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/fluentd-elasticsearch/fluentd-es-configmap.yaml

In this file, there's:

<filter kubernetes.**>
  @id filter_kubernetes_metadata
  @type kubernetes_metadata
</filter>
# Fixes json fields in Elasticsearch
<filter kubernetes.**>
  @id filter_parser
  @type parser
  key_name log
  reserve_data true
  remove_key_name_field true
  <parse>
    @type multi_format
    <pattern>
      format json
    </pattern>
    <pattern>
      format none
    </pattern>
  </parse>
</filter>

I want to use different parsers for different deployments. So I wonder:

  1. what's 'kubernetes.**' in kubernetes? Is it the name of a deployment or label of a deployment?

  2. In docker-compose file, we can tag on different containers and use the tag in fluentd's 'filter'. In kubernetes, is there any similar way?

Thanks for your help!

-- user9345277
kubernetes

Similar Questions

What is the use case of setting memory request less than limit in . K8s
How to divide after grouping two different metrics in Prometheus?
do i need kubernertes-cadvisor up to monitor kubernetes
k8s PodSecurityPolicy. Drop all capabilities except one

1 Answer

1/15/2019

It isn't related to kubernetes, or to deployments; it is fluentd syntax that represents the top-level kubernetes "tag" and all its subkeys that are published as an event, as one can see here

-- mdaniel
Source: StackOverflow