K
Q

How to exclude namespace from fluent-bit logging

7/14/2019

Is there a way to exclude certain namespaces in fluet-bit? I would like to exclude certain namespaces so that fluent bit doesn't forward all logs created in those namespaces to ELK.

Is there a way to do it besides adding annotation to each pod in that namespace? Im aware that you can update all of the pods annotations in a namespace via kubectl.

kubectl annotate pods --namespace=pks-system --all fluentbit.io/exclude='true'

-- Oren
fluent-bit
kubernetes

Similar Questions

Is normal Traefik generates an `TRAEFIK DEFAULT CERT` for some hours?
IP Blacklisting in Istio
kubernetes fluentd how to exclude liveness, readiness /health check and fluent.trace?
How to reference a custom value file for sub-charts in helm?
Unable to relabel Prometheus pod scrape label __address__ if pod doesn't declare containerport
Worker node joining error - error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
Kubernetes - Deployment/replicaSet
GKE pod replica count in cluster
Spring boot logback can not logging to file on kubernetes multiple pods
Why when i refresh an angular application results to 404 Not Found?
What value should I use for host in a kubernetes ingress manifest?

4 Answers

5/13/2020

I think the following input plugin configuration can do this:

 [INPUT]
        Name              tail
        Path              /var/log/containers/*.log
        Exclude_Path      /var/log/containers/*_<myappnamespace>_*.log
        Tag               kube.infra.<namespace_name>.<pod_name>.<container_name>
        Tag_Regex         (?<pod_name>[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-
        Parser            cri
        DB                /var/log/flb_kube_infra.db
        Mem_Buf_Limit     500KB
        Skip_Long_Lines   On
        Refresh_Interval  10

Found it here: https://github.com/fluent/fluent-bit/issues/758

The Exclude_Path property defines the name of the namespace for which logs will be ignored.

-- iamabhishek
Source: StackOverflow
5/20/2020

You have achieve namespace exclusion with a combination of the three filters kubernetes, nest and grep

[FILTER]
Name                kubernetes
Match               kube.*
Kube_URL            https://kubernetes.default.svc:443
Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
Kube_Tag_Prefix     kube.var.log.containers.
Merge_Log           Off
Merge_Log_Key       log_processed
K8S-Logging.Parser  On
K8S-Logging.Exclude On

[FILTER]
Name                nest
Match               *
Wildcard            pod_name
Operation lift
Nested_under kubernetes
Add_prefix   kubernetes_

[FILTER]
Name                grep
Match               kube.*
Exclude             kubernetes_namespace_name kube-system
-- LoganMzz
Source: StackOverflow
7/16/2019

According to official Fluent Bit documentation, for the moment it is actually the unique way of requesting that the log processor skips the logs from certain Pods. I searched through it and found nothing but this fragment.

In addition to that, there is even a feature request raised on their GitHub project so for now we can hope it will be available in a future release.

In documentation there is only example of a separate Pod definition but for sure you should be able to apply it to Pod template in Deployment definition so you don't have to apply it to each Pod separately or to every Pod in certain namespace using the kubectl command you provided.

-- mario
Source: StackOverflow
12/10/2019

You must read this: https://docs.fluentbit.io/manual/filter/kubernetes#kubernetes-annotations At documentation: "Request to Fluent Bit to exclude or not the logs generated by the Pod. This option will only be processed if Fluent Bit configuration (Kubernetes Filter) have enabled the option K8S-Logging.Exclude."

-- Zarathon Maia
Source: StackOverflow