Getting logs from pods via filebeat

ethrbunny · September 28, 2018, 1:15am

Im hoping to get logs from my k8 pods (which are writing to stdout/stderr) via filebeat. At this point all Im seeing are what's being written to /var/log/messages on the k8 host.

Ive started the daemonset sample from https://www.elastic.co/guide/en/beats/filebeat/current/running-on-kubernetes.html (with the a change to write to logstash and not elasticsearch). I added these lines in hopes of getting some annotations:

  templates:
    - config:
        - type: docker
          containers.ids:
            - "${data.kubernetes.container.id}"

I have a test container that writes a simple datetime string every second.

In any event - Im missing some steps here or not understanding what's supposed to be happening.

does this system require that filebeat is running on the k8 host?
should I be seeing annotations? is the above sufficient to add them?

ethrbunny · September 28, 2018, 2:19pm

Answer: for whatever reason my system was setup to write to journald. As a result filebeat didn't have any logs to work with. I updated /etc/sysconfig/docker on the k8 hosts to write json logs and this fixed the problem.

system · October 26, 2018, 2:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
K8 pod -> stdout ->? Beats filebeat	6	4202	January 24, 2019
Filebeat stoped to write logs after K8S upgrade to 1.14.1 ver Beats filebeat	5	812	July 5, 2019
Collect selected container logs from Kubernetes Beats filebeat	3	431	October 9, 2018
Can't get logs from some pods Beats filebeat	1	1146	February 7, 2020
Using Filebeat on K8s - Trying to obtain App logs inside Pods Beats filebeat	2	2419	April 21, 2020

Getting logs from pods via filebeat

Related topics