-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EKS][Fargate]: Kubernetes filter support in fluentbit logging #1203
Comments
@mikestef9 This should be classified as a bug, as the docs state that parser is a supported filter. |
Hey @visit1985 this has been resolved for new clusters created as of last week. The fix is rolling out to existing clusters over the next few weeks. |
Hi @mikestef9 Would this fix be available performing a Kubernetes cluster version upgrade (e.g. from 1.16 to 1.17), or we just need to wait for this fix to be rolled out to our cluster? Thanks for the fix 😃 |
Yes, upgrading a minor version, ie 1.16 to 1.17, will pick up the fix. If you are already on 1.18, we will be releasing 1.19 support in near future, and upgrading to 1.19 will also pick up the fix |
@mikestef9 thanks! The following config gives a good result now.
I'm just wondering if we can prettify the log-stream name somehow. |
@visit1985 You are probably looking for #1197 to solve your last issue. I'm facing exactly the same issues (although we are not outputting to CloudWatch but Kinesis but this is unrelated). I will create a new cluster tomorrow to test if this issue also solves our problems! |
@mikestef9
Hence, CloudWatch doesn't recognise logs from my containers as JSON-formatted logs but sees them as string
My parser config is pretty simple:
I wonder if you can point me in the right direction please. |
@wunzeco, you need to use a regex parser and the Decode_Field_As parameter as shown in my comment above. |
@visit1985 Interestingly, I noticed a difference in the output plugin in your config i.e. Next, I tried the working config (#1203 (comment)) with I have no idea why |
Anyone was able to reach AWS ElasticSearch from EKS Fargate pod?
And next configmap I have
On the pod annotations I also see that logging is enabled
What am I missing ? |
I am using EKS on AWS Fargate. I configured logging for the containers running on fargate using the built in log router. I configured it exactly as mentioned in the document
the configuration works fine initially, I see the log group created and logs are being pushed to cloudwatch . After a few hours it stops sending the logs to cloudwatch. I can see the container logs getting generated but events are not updated on the cloudwatch log stream. This happens every time , once i restart the pods new log streams are created and again the logging stops in a few hours . |
I'm having the same issue as @Ankit05012019 . I also opened #1450 for this. |
Same issue as @flomsk . I wish I could get a fargate node fluentbit log 😢 |
hey @andreiseceavsp i was able to get around this issue by changing the output plugin for fluentbit . Earlier i was using cloudwatch_logs plugin and now i have switched to cloudwatch plugin. Basically the configuration is now same as mention in this post - #1203 (comment) hope that helps!! |
I changed today to cloudwatch plugin. It will take few days up until it reproduces sometimes. I appreciate the suggestion. I’ll come back with a feedback |
@flomsk If you use a Fine-grained access control for your es, make sure you add the pod execution role as the backend role for proper access. (for testing purpose, all_access could be a good start) |
We're facing similar issues on AWS EKS with Kubernetes 1.20 :( |
Amazon EKS on AWS Fargate now Supports the Fluent Bit Kubernetes Filter: You can find the technical documentation here: https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html#fargate-logging-kubernetes-filter |
hi all, is there any best practices config example? |
@bellondr conseguiu descobrir algo sobre isso? ainda estou esperando algo, pois os logs vêm sem metadados. |
Community Note
Tell us about your request
Usage of Parser filter to enrich logs in Fargate logging
Which service(s) is this request for?
Fargate on EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We are collecting logs from Fargate pods to CloudWatch Logs using fluentbit provided by AWS EKS.
It is mentioned in the documentation that Parser is a supported filter in filters.conf (in fact it is possible to define parsers) but we are not being able to send enriched logs with this filter to CloudWatch.
We are trying to use the following ConfigMap to send logs to CloudWatch (the parser is the same as the Container Runtime Interface one provided by FluentBit):
With this configuration, logs are not sent to CloudWatch.
However, if the
[FILTER]
section with the parser is removed (only grep filter is kept), logs like the following one are received by CloudWatch:If we try the same configuration in a docker container running FluentBit with Docker Compose (as recommended in FluentBit documentation to test a local pipeline):
docker-compose.yaml:
fluent-bit.conf:
parsersTest.conf:
The expected output is achieved:
So, it seems that something is not working with the parser filter in Fargate logging. A fix should be expected here, or if the problem is some misconfiguration, a reference in the documentation about how to configure parser filter (or if parser filter is not supported ,to specifiy it clearly in the docs).
Are you currently working around this issue?
Currently, we are using sidecar containers with fluentd to send logs to CloudWatch. But getting rid of them is the main purpose of the Fargate built-in logging feature.
Additional context
None
The text was updated successfully, but these errors were encountered: