Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Kloudfuse UI allows you to filter log events based on log labels/tags. You’ll find the label selectors and filter on the left nav bar of the UI. To get a seamless experience with Kloudfuse while using Fluent Bit agent, we recommend the following configuration(s) or customization(s). Note that the fluent bit agent needs to be restarted for these to take effect.

Kubernetes Labels

Fluent Bit has a filter called kubernetes which will enrich the log event with Kubernetes metadata. Refer to the documentation on this filter here. If you have application deployed in a Kubernetes environment, we highly recommend enabling this filter for all those applications. Here’s an example configuration for this filter:

...

Code Block
    [FILTER]
        Name aws
        Match *      # Match everything
        az true
        account_id true
        ec2_instance_type true

...

Note that the key, cluster_name in the above filter is configurable too. If you use a key name other than cluster_name or clusterName, then add the following section under logs-parser section in your custom Kloudfuse’s values.yaml

Code Block
extraApplicationConfigskf_parsing_config:
  config: |-
    - remap:
        args:
          kf_cloud_cluster_name:
            - "$.<KEY_FOR_CLUSTER_NAME>" # must be JSONPath
        conditions:
          - matcher: agent.properties.fluent-bit.user_defined_overrides.cloud.cluster_name = [<YOUR_CUSTOM_CLUSTER_NAME_KEY>]"__kf_agent"
            value: "fluent-bit"
            op: "=="

Static custom labels

To add static custom labels, use the modify filter. The example below adds a static custom label called tenant_name:

Code Block
    [FILTER]
        Name modify
        Match *     # Match everything
        Add tenant_name <TENANT_NAME>

By default, any new static labels that you add here show up as log facets. If you want to make them a label/tag on Kloudfuse platform, add the following config under logs-parser section in your custom values.yaml.

Code Block
 kf_parsing_config:
  config: |-
    - remap:
        args:
          kf_additional_tags:
            - "$.tenant_name" # must be JSONPath
        conditions:
          - matcher: "__kf_agent"
            value: "fluent-bit"
            op: "=="

Log source

By default, Kloudfuse stack looks for container_name in the Fluent Bit payload as the log source. However, this will only be populated if the Fluent Bit agent is configured with kubernetes filter. If you want to Kloudfuse stack to use a different key as the log source, then include the following section under logs-parser section in your custom Kloudfuse’s values.yaml

Code Block
extraApplicationConfigskf_parsing_config:
  config: |-
    - remap:
        args:
          kf_source:
    agent.properties.fluent-bit.user_defined_overrides.log_source = [<YOUR_CUSTOM_LOG_SOURCE_KEY>]        - "$.<KEY_FOR_LOG_SOURCE>" # must be JSONPath
        conditions:
          - matcher: "__kf_agent"
            value: "fluent-bit"
            op: "=="

Log message

Fluent Bit agent includes the log event message in log key in the payload. However this can be overriden in the agent configuration. You can customize key which Kloudfuse stack should look for to get the log event message. To customize this setting, include the following section under logs-parser section in your custom Kloudfuse’s values.yaml

Code Block
extraApplicationConfigskf_parsing_config:
  config: |-
    agent.properties.fluent-bit.user_defined_overrides.message = [<YOUR_CUSTOM_LOG_MESSAGE_KEY>]- remap:
        args:
          kf_msg:
            - "$.<MSG_KEY_FROM_AGENT_CONFIG>" # must be JSONPath
        conditions:
          - matcher: "__kf_agent"
            value: "fluent-bit"
            op: "=="
Info

Kloudfuse stack already looks for log message with these key names in the payload: "log", "LOG", "Log", "message", "msg", "MSG", "Message"

...

Fluent Bit supports various parsers to extract key value pairs from an unstructured log. For a full list of parsers, refer to the documentation here. By default, Kloudfuse will add all these key-value pairs to log facets, which can be filtered on the UI. Note that Kloudfuse cannot differentiate between these key-value pairs and any metadata fields, added by any filter other than kubernetes and aws. However, you can customize Kloudfuse stack by adding a list of prefix labelsinstruct Kloudfuse to track these key-value pairs as labels instead of log facets. To customize this setting, include the following section under logs-parser section in your custom Kloudfuse’s values.yaml

Code Block
extraApplicationConfigskf_parsing_config:
  config: |-
    agent.properties.fluent-bit.tags_append_list = [<LIST_OF_CANDIDATE_TAG_KEY_PREFIXES>]
Info
tags_append_list
- remap:
        args:
          kf_additional_tags:
            - "$.<PREFIX_KEY_FOR_AGENT_KV>" # must be JSONPath
        conditions:
          - matcher: "__kf_agent"
            value: "fluent-bit"
            op: "=="
Info

kf_additional_tags is a list of key prefixes. So, any key that is a prefix match at the top level json will be included as a log label/tag, and not included as a log facet.

...