K
Q

Separate access logs from application logs with FluentD

5/8/2020

I have a Kong container in my k8s cluster which outputs all logs to stdout, so I have in stdout all logs mixed. Is there a way to tag the access logs based on a regex without excluding the other ones?

I've used:

<match kubernetes.var.log.containers.kong**>
  @type rewrite_tag_filter
  <rule>
    key log
    pattern /.*HTTP.*/
    tag access.log
  </rule>
</match>

But that seems to exclude any logs without HTTP in it, which leaves me without my application logs. I would like to keep these ones too.

-- r1ckr
docker
fluentd
kubernetes
logging

Similar Questions

How does Helm keep track of which Kubernetes cluster it installs to?
Is the Istio metric "istio_requests_total" the number of served requests?
Problems creatings Pods with kubernetes and YAML
How Kubespray provision the /etc/kubernetes/manifests/kube-apiserver.yaml file on k8s master node

1 Answer

5/9/2020

Found it! The way to keep the other ones is to have an extra rule to catch them, like so:

<match kubernetes.var.log.containers.kong**>
  @type rewrite_tag_filter
  <rule>
    key log
    pattern /HTTP/
    tag access.log
  </rule>
  <rule>
    key log
    pattern /.*/
    tag app.log
  </rule>
</match>
-- r1ckr
Source: StackOverflow