Unable to export logs from AKS cluster to kibana for specific pods

sanjeevsharma-1 · March 15, 2021, 2:35pm

We are using filebeat.yaml configuration(which is similar to beats/filebeat-daemonset.yaml at master · elastic/beats · GitHub) to migrate or export all the logs from AKS cluster to Kibana and till date everything works fine for React, Node, Python and .NET Core applications.
We have recently started using Lenses SQL processor, which is gives us the logs in AKS cluster but this logs are not getting exported to Kibana.

Is there any configuration which enables/disables few kind of pod logs to be not exported into kibana?

Elks2020 · March 16, 2021, 12:53am

Did you try to use a separate index for this log? I think the problem is with the log parsing

sanjeevsharma-1 · March 16, 2021, 7:09am

I'm assuming by index, you meant creating new index pattern in Kibana cluster.

We couldn't find the matching index pattern, while defining the index pattern.

This pod of SQL Processor would be a deployment pod created at runtime by Lenses, the deployment pod name would be a GUID, something like shown below

Elks2020 · March 16, 2021, 7:02pm

You may have to built one using Grok and enrichment technic.
However, you have to confirm the pod is reachable to your sensor and interface by doing traffic capture

system · April 13, 2021, 9:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.