K
Q

How can I index application JSON log on kubernetes with fluentd and elasticsearc

11/5/2020

I am struggling with my EFK configuration / setup on Kubernetes. Basically, the stack is working but I am not able to search for application specific logs fields as it's apperently not properly indexed.

My application produces JSON log which is something like:

{"level":"info","message":"My log entry"}

In Kibana I get this log string for the 'log' field, but I can search for or filter on message for example:

kubernetes.namespace_name: development
kubernetes.pod_id: 1bed9caa-685c-400e-ad06-b03ab5155c15
kubernetes.pod_name: my-app-6ffd8fd688-8f5cf
log: {"level":"info","message":"Processing request /"}

EFK Versions:

  1. ElasticSearch: elasticsearch:7.9.2
  2. Fluentd: fluentd-kubernetes-daemonset:v1.11.4-debian-elasticsearch7-1.0
  3. Kibana: kibana:7.9.2

Thanks in advance!

-- veote
elasticsearch
fluentd
kibana
kubernetes
logging

Similar Questions

Could not authenticate you from Ldapmain because "Invalid credentials for <username>" - Gitlab Community Edition installed via Helm Chart
default container CPU limits in Kubernetes?
How does the rewrite annotation in ingress work in k8s?
How to make more master nodes on kubernetes cluster
More default named port in kubernetes?

0 Answers