Hi,
I want to monitor multiple Kubernetes Clusters to one ES cluster using Filebeats.
Are there any best practices on how to separate the monitored clusters?
Can I add custom field to Beats per cluster? So it'll send something like "cluster_name" so I can filter by it?
Thanks!
Excatly. You can add a custom field to your filebeat.yml of a cluster.
fields:
cluster_name: my_cluster
Or to collect the logs of a cluster in the same index in ES, you can set a unique index name:
index: "filebeat-%{[beat-version]}-my-cluster-id-%{[+yyyy.MM.dd]}"
setup.template.name: "filebeat-%{[beat-version]}-my-cluster-id"
setup.template.pattern: "filebeat-%{[beat-version]}-my-cluster-id-*"
Followup question, now that I have all the cluster logs in the elasticsearch, separated with cluster_name tag - how can I take specific logs coming from 3 specific kubernetes apps and parse them into separate indexes?
Currently I have both "system" logs for the VPN, Calico and all other logs combined with the application logs.
Thanks
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.