K
Q

Fluentd logs is full of backslash and kibana doesn't show k8s pods logs

8/5/2019

I set up an EFK stack for gathering my different k8s pods logs based on this tutorial on a Microk8s single node cluster. Everything is up and working and I can connect kibanna to elasticsearch and see the indexes but in the discovery section of kibana there is no log related to my pods and there are kubelete logs.

When I checked the logs of fluentd I saw that it is full of backslashes:

2019-08-05 15:23:17 +0000 [warn]: #0 [in_tail_container_logs] pattern not match: "2019-08-05T17:23:10.167379794+02:00 stdout P 2019-08-05 15:23:10 +0000 [warn]: #0 [in_tail_container_logs] pattern not match: \"2019-08-05T17:23:07.09726655+02:00 stdout P 2019-08-05 15:23:07 +0000 [warn]: #0 [in_tail_container_logs] pattern not match: \\\"2019-08-05T17:23:04.433817307+02:00 stdout P 2019-08-05 15:23:04 +0000 [warn]: #0 [in_tail_container_logs] pattern not match: \\\\\\\"2019-08-05T17:22:52.546188522+02:00 stdout P 2019-08-05 15:22:52 +0000 [warn]: #0 [in_tail_container_logs] pattern not match: \\\\\\\\\\\\\\\"2019-08-05T17:22:46.694679863+02:00 stdout F 
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Can someone please tell me what I am doing wrong and where all those backslashes are coming from?

-- AVarf
elasticsearch
fluentd
kibana
kubernetes
logging

Similar Questions

HPA using Kafka Exporter in on premise Kubernetes cluster
Serve one path internally and a different one externally
How to handle secrets in ConfigMaps?
Reduce Cloud Run on GKE costs

1 Answer

8/7/2019

There are few things you should check/try:

  1. Check how your patterns are configured (ex: td-agent.conf, fluent.conf).

  2. Test your format regex matching with Fluentular to see if there are any potential mistakes.

  3. Consider using fluent-plugin-multi-format-parser:

  4. For more information about resolving similar pattern not match issue, you can see this answer.

Please let me know if any of the above helped.

-- OhHiMark
Source: StackOverflow