Difference between revisions of "Fluent Bit Kubernetes Filter"

Kubernetes Filter depends on either tail or Systemd input plugins to process and enrich records with Kubernetes metadata

https://docs.fluentbit.io/manual/pipeline/filters/kubernetes#workflow-of-tail-+-kubernetes-filter

[INPUT]
    Name    tail
    Tag     kube.*
    Path    /var/log/containers/*.log
    Parser  docker

[FILTER]
    Name             kubernetes
    Match            kube.*
    Kube_URL         https://kubernetes.default.svc:443
    Kube_CA_File     /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    Kube_Token_File  /var/run/secrets/kubernetes.io/serviceaccount/token
    Kube_Tag_Prefix  kube.var.log.containers.
    Merge_Log        On
    Merge_Log_Key    log_processed

Default

• https://github.com/fluent/helm-charts/blob/main/charts/fluent-bit/values.yaml
• https://docs.fluentbit.io/manual/pipeline/filters/kubernetes

 ## https://docs.fluentbit.io/manual/pipeline/filters
 filters: |
   [FILTER]
       Name kubernetes
       Match kube.*
       Merge_Log On             # When enabled, it checks if the log field content is a JSON string map, if so, it append the map fields as part of the log structure.
       Keep_Log Off             # When Keep_Log is disabled, the log field is removed from the incoming message once it has been successfully merged (Merge_Log must be enabled as well).
       K8S-Logging.Parser On    # Allow Kubernetes Pods to suggest a pre-defined Parser 
       K8S-Logging.Exclude On   # Allow Kubernetes Pods to exclude logs

Other INPUT examples

• [INPUT]

       Name tail
       Path /var/log/containers/*.log
       multiline.parser docker, cri
       Tag kube.*
       Mem_Buf_Limit 5MB
       Skip_Long_Lines On

Related

[warn] [filter] NO match rule for kubernetes.0 filter instance, unloading

See also

• Fluent Bit, Installation, values.yml, Input, Output, Filter