Read containerlogs, flag it and fromat it and send it to els

title: “Read containerlogs, flag it and fromat it and send it to els”
date: 2020-11-27T08:34:26
slug: read-containerlogs-flag-it-and-fromat-it-and-send-it-to-els

# Container Logs

 @type tail
 path /var/log/containers/\*.log
 exclude\_path ["/var/log/containers/fluentd-\*\_openshift-logging\_\*.log"]
 pos\_file /tmp/containers.log.pos
 refresh\_interval 5
 rotate\_wait 5
 tag kubernetes.\*
 format json
 read\_from\_head true

 @type multi\_format

 format json
 time\_format '%Y-%m-%dT%H:%M:%S.%N%Z'
 keep\_time\_key true


 format regexp
 expression /^(?.+) (?stdout|stderr)( (?.))? (?.\*)$/
 time\_format '%Y-%m-%dT%H:%M:%S.%N%:z'
 keep\_time\_key true



 type kubernetes\_metadata

 @type copy

 @type elasticsearch
 @type elasticsearch\_dynamic
 # @id default
 @log\_level "info"
 include\_tag\_key true
 host "opendistro"
 port 9200
 scheme https
 ssl\_verify false
 ssl\_version TLSv1\_2
 client\_cert /etc/fluent/cert/cert\_pem
 client\_key /etc/fluent/cert/cert\_key
 client\_cert\_auth true
 reload\_connections false
 reconnect\_on\_error true
 reload\_on\_failure true
 log\_es\_400\_reason false
 #ogstash\_prefix "containers"
 logstash\_prefix logstash-${record['kubernetes']['namespace\_name']}
 logstash\_format true
 index\_name "containers"
 type\_name "fluentd"

 flush\_thread\_count 1
 flush\_interval 5s
 chunk\_limit\_size 2M
 queue\_limit\_length 4
 retry\_max\_interval 30
 retry\_forever true
Print Friendly, PDF & Email