Logging only kubelet logs

Mario_Albo_Soria · April 6, 2020, 11:35am

Hi everybody!
I have a Kubernets cluster deployed with RKE. When you deploy using RKE, the kubelet is not deployed as a pod, but it is deployed as a Docker container.
I want to collect logs from kubelet container and ignore the rest of containers logs.
I'm using the following configuratión on my filebeat.yaml but seems to ignore it and getting all containers logs.
Can someone tell me if there is something missing or perhaps I'm not configuring correctly.
Currente FIlebeat version: 7.6.2

filebeat.yml: |-
    filebeat.config: 
      spool_size: 512
    filebeat.inputs: 
      - type: docker 
        containers.ids: 
          - "*"
        fields_under_root: true
        tail_files: true
        processors:
          - add_docker_metadata: ~
          - add_kubernetes_metadata:
              kube_config: ~/.kube/config
          - drop_event:
              when:
                regexp:
                  docker.container.name: "^k8s.*"                 
    filebeat.autodiscover:
      providers:
        - type: docker
          templates:
            - condition:
                contains:
                  docker.container.name: kubelet
              config:
                - type: container
                  paths:
                    - /var/lib/docker/containers/${data.docker.container.id}/*.log
                  exclude_lines: ["^\\s+[\\-`('.|_]"]  # drop asciiart lines
    output.file:
      path: "/tmp/filebeat"
      filename: filebeat

Thanks for helping!

jsoriano · April 6, 2020, 7:00pm

Hey @Mario_Albo_Soria, welcome to discuss

It seems that you are configuring both, a static input configuration with filebeat.inputs, and a dynamic one with autodiscover. If your kubelet is being executed as a docker container, and it contains kubelet on its name, the autodiscover configuration should be enough.

The filebeat.inputs configuration you have there is configured for all containers, could you try to remove it, and use only the configuration in autodiscover?

Mario_Albo_Soria · April 7, 2020, 6:42am

It works!!
I was misunderstanding how the filebeat.inputs works, I thought I needed to add metadata to logs before filtering with the filebeat.autodiscover (I read something similar there [Problem getting autodiscover docker to work with filebeat])

Thank you so much!

system · May 5, 2020, 6:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat white/black list for container logs in kubernetes Beats docker , filebeat	8	2525	June 9, 2020
Filebeat doesn't log anythign with kubernetes autodiscover Beats filebeat	2	1335	September 17, 2018
Filebeat and Kubernetes: excluding log files Beats filebeat	12	13286	March 1, 2018
Can filebeat autodiscover collect logs from k8s emptydir volume? Beats filebeat	1	551	December 22, 2021
Add_kubernetes_metadata : handle logs from containerd and docker Beats docker , filebeat	1	882	July 23, 2021

Logging only kubelet logs

Related Topics