I'm using filebeat in my GKE clusters to retrieve all logs for all my kubernetes clusters.
I would like to do a filter / dashboard or visualization (I don't how to say it hehe) that I can filter logs by kubernetes cluster, but I can't.
Because I receive a lot of fields, but not the cluster name, instead I have 4 fields in json log that are the same information, the node of the cluster but not the name.
That data is not available, but you are right, should be something to consider when adding kubernetes metadata. The problem is that this field is hard to get, afaik it is used at the internal DNS and not exposed anywhere. Entering a pod and digging for the DNS doesn't looks like a solution.
Would labeling your nodes and adding the kubernetes metadata to your configuration work?
If not, adding a custom field that contains the cluster id would be a solution for you?
Because now I see the new field in kibana, even I can create a PIE chart with this field, but I'm not able to create a "Control visualization", I mean a dropdown menu.
The error is Filtering occurs on the "gkeclustername" field, which doesn't exist on any documents in the "gke_prod_*" index pattern. Choose a different field or index that contain values for this field
I don't know why I can't. If the field exist, I'm watching the same in kibana search and in other visualization like pie chart, but not in dropdown control.
Do you know why?? is because is a customfield? its a simple string.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
