Fluent Bit Filter for by PODs (calico-pod) in kubernetes?

JDev · February 19, 2019, 9:25am

Hi, I installed fluentbit with default settings. I like that the fluent bit adds additional information (the name of the container).
But he writes in the index everything. How do I do better? How to add a filter so that it takes all the logs, except for example the logs from the calico pod.

Here is the default Filter.

fluent-bit-filter.conf:
[FILTER]
    Name                kubernetes
    Match               kube.*
    Kube_URL            https://kubernetes.default.svc:443
    Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
    Merge_Log           On
    K8S-Logging.Parser  On
    K8S-Logging.Exclude On

Thanks.

weltenwort · February 19, 2019, 9:32am

Hi @JDev,

these are the support forums for the Elastic Stack. Unfortunately we can't offer support for other products. The Fluent Bit community might be a better place to ask for support regarding Fluent Bit filter plugin configuration.

If you are looking for advice about the index mapping when writing to Elasticsearch in order for the log entries to show up in the Logs UI, I'd be happy to assist.

JDev · February 19, 2019, 10:31am

I understood you. Thanks for the link.

system · March 19, 2019, 10:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.