How to exclude istios side-car container logs from fluentbit

3/22/2021

I need to exclude the logs generated by istio's sidecar from fluentbit. In the official documentation the only thing I managed to find regarding excluding logs from the fluentbit was an annotations in the metadata section I don't think will fit in here:

https://docs.fluentbit.io/manual/pipeline/filters/kubernetes#kubernetes-annotations

apiVersion: v1
kind: Pod
metadata:
  name: apache-logs
  labels:
    app: apache-logs
  annotations:
    fluentbit.io/exclude: "true"
spec:
  containers:
  - name: apache
    image: edsiper/apache_logs

Does anyone already did that?

-- Joao Braga
amazon-cloudwatch
amazon-eks
istio
istio-sidecar
kubernetes

1 Answer

5/16/2021

If you're getting the logs from the files by using the tail input, you may want to rely on the Exclude_Path option for this: https://docs.fluentbit.io/manual/pipeline/inputs/tail .

In particular, if you look at the log files name, it should look like the following:

/path-to-logs/${POD_NAME}_${NAMESPACE}_${CONTAINER_NAME}-${SOME_HASH}

You can probably play around with that part which has the container name. I would try something like the following:

[INPUT]
     Name             tail
     Path             /var/log/containers/*
     Exclude_Path     /var/log/containers/*_istio-proxy*,/var/log/containers/*_istio-init*
     Parser           docker
     Tag              kube.*
     Mem_Buf_Limit    5MB
     Skip_Long_Lines  On
-- Mark
Source: StackOverflow