Azure Cloud collect k8s logs

Hey guys!

What is the recommended way to collect logs from Azure Cloud AKS and deliver them to the desired Elastic instance deployed outside Azure Cloud?

I have already checked this page:

and corresponding integration documentation pages, but did not find the direct answer

Specifically, this page: Azure Logs Integration | Elastic integrations

I see 2 scenarios:

1. Enable logs collection for containers with redirect to Event Hub on Azure side and setup function to deliver events from Event Hub to my Elastic. It already works this way for AKS metrics collection and the only thing I am missing is container logs
2. Deploy Elastic Agent on Azure Cloud AKS to directly deliver logs to my Elastic instance

Can you please give a hint here to make it more optimal?

Thanks!

Hey @nnikushkin

I was actually working on this.
So when it comes to AKS, you will want to deploy Elastic Agent and leverage the Kubernetes Integration.

In the documentation, Run Elastic Agent on Azure AKS managed by Fleet | Elastic Docs:

It automatically does collect container logs:

image874×476 33.5 KB

It mentions that you can't capture Audit logs from AKS automatically but you can configure it to send audit logs to an event hub and then set it up via the same K8s integration.

If you see within the integration:

image881×383 34.4 KB

Best approach is to leverage the elastic agent as much as you can, as it will parse expected fields and works with the dashboards provided.

Hey @erikg !

Thank you for the detailed response!

Indeed, I did not find this nice documentation about using Elastic Agent on AKS + Fleet Server

Gonna give it a try!