K
Q

Fluentd forwarder DaemonSet has wrong logs format

7/13/2021

I use bitnami fluentd chart for Kubernetes and my setup is almost native besides of some changes.

My source section looks like 

            @type tail
            path /var/log/containers/*my-app*.log
            pos_file /opt/bitnami/fluentd/logs/buffers/fluentd-docker.pos
            tag kubernetes.*
            read_from_head true

and my application sends to stdout some more advanced logs information like:

2021-07-13 11:33:49.060 +0000 - [ERROR] - fatal error - play.api.http.DefaultHttpErrorHandler in postman-akka.actor.default-dispatcher-6 play.api.UnexpectedException: Unexpected exception[RuntimeException: java.net.ConnectException: Connection refused (Connection refused)]
	at play.api.http.HttpErrorHandlerExceptions$.throwableToUsefulException(HttpErrorHandler.scala:328)
	at play.api.http.DefaultHttpErrorHandler.onServerError(HttpErrorHandler

and the problem is because in fluentd forwarder I can see (in /var/log/containers/*) that all records are stored in the following format:

{"log":"2021-07-13 19:54:48.523 +0000 - [ERROR] - from akka.io.TcpListener in postman-akka.actor.default-dispatcher-6 New connection accepted \n","stream":"stdout","time":"2021-07-13T19:54:48.523724149Z"}
{"log":"2021-07-13 19:54:48.523 +0000 - [ERROR] -- play.api.http.DefaultHttpErrorHandler in postman-akka.actor.default-dispatcher-6  \n","stream":"stdout","time":"2021-07-13T19:55:10.479279395Z"} 
{"log":"2021-07-13 19:54:48.523 +0000 - [ERROR] - play.api.UnexpectedException: Unexpected exception[RuntimeException: }
{"log":"2021-07-13 19:54:48.523 +0000 - [ERROR] - java.net.ConnectException: Connection refused (Connection refused)] }

and the problem as you can see here is that all those lines are "separated" log record.

I would like to extract entire log message with entire stack trace, I wrote some configuration to fluentd parse section 

              @type regexp
              expression /^(?<time>^(.*?:.*?)):\d\d.\d+\s\+0000 - (?<type>(\[\w+\])).- (?<text>(.*))/m
              time_key time
              time_format %Y-%m-%d %H:%M:%S
            </parse>

but I am pretty sure that this is not problem because from some reason those files in (/var/log/containers/*.log) already storing wrong format of records, how can I configure fluentd forwarder to "take" logs from containers and store logs in format (non-json) ?

-- corey
elasticsearch
fluentd
kubernetes

Similar Questions

Kubernetes creating a deployment but it's never available
Does Kubernetes kubelet support Docker Credential Stores for private registries?
Kubernetes and Prometheus not working together with Grafana
How to use gcloud runtime config from the app engine or kubernetes platforms?
Kubernetes - Using a particular ConfigMap versioning

0 Answers