Fluentd integration
What is Fluentd?
Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data (verbatim from Fluentd documentation). For more information on Fluentd, refer to its documentation here.
Integrating Fluentd with Kloudfuse stack
Refer to installation instructions for Fluentd here. To configure Fluentd to send data to Kloudfuse stack, you can modify the agent’s config or values.yaml (if you’re going to install using helm).
You’ll need to configure HTTP output plugin to forward data to Kloudfuse.
HTTP plugin integration
Add the following configuration to Fluentd agent’s config for HTTP configuration.
<match *> # Match everything
@type http
endpoint http://<KFUSE_INGESTER_IP>:80/ingester/v1/fluentd
open_timeout 2
<format>
@type json
</format>
<buffer>
chunk_limit_size 1048576 # 1MB
flush_interval 10s
</buffer>
</match>The above snippet is an example configuration. You can change the buffer configuration to suit your application needs. However the end-point URI path cannot be changed.
Currently we support json and msgpack as the supported types for fluentd HTTP plugin.
If you have configured external ingress with TLS for Kloudfuse, use https://<KFUSE_INGESTER_IP>:443/ingester/v1/fluentd as the endpoint instead.
Configuration
Kloudfuse UI allows you to filter log events based on log labels/tags. You’ll find the label selectors and filter on the left nav bar of the UI. To get a seamless experience with Kloudfuse while using Fluentd agent, we recommend the following configuration(s) or customization(s).
Kubernetes Labels
Fluentd has a filter called kubernetes which will enrich the log event with Kubernetes metadata. Refer to the documentation on this filter here. If you have application deployed in a Kubernetes environment, we highly recommend enabling this filter for all those applications. Here’s an example configuration for this filter:
<filter *> # Match everything
@type kubernetes_metadata
@id filter_kube_metadata_catalog
skip_labels false
skip_container_metadata false
skip_namespace_metadata false
skip_master_url true
</filter>If you’re going to add any of our recommended filters, ensure that they don’t conflict with the existing filter definitions.
Log source
By default, Kloudfuse stack looks for container_name in the Fluentd payload as the log source. However, this will only be populated if the Fluentd agent is configured with kubernetes filter. If you want to Kloudfuse stack to use a different key as the log source, then include the following section under logs-parser section in your custom Kloudfuse’s values.yaml
Log message
Fluentd agent includes the log event message in log key in the payload. However this can be overriden in the agent configuration. You can customize key which Kloudfuse stack should look for to get the log event message. To customize this setting, include the following section under logs-parser section in your custom Kloudfuse’s values.yaml
Kloudfuse stack already looks for log message with these key names in the payload: "log", "LOG", "Log", "message", "msg", "MSG", "Message"
Agent extracted key-value pairs
Fluentd supports various parsers to extract key value pairs from an unstructured log. For a full list of parsers, refer to the documentation here. By default, Kloudfuse will add all these key-value pairs to log facets, which can be filtered on the UI. Note that Kloudfuse cannot differentiate between these key-value pairs and any metadata fields, added by any filter other than kubernetes. However, you can customize Kloudfuse stack by adding a list of prefix labels. To customize this setting, include the following section under logs-parser section in your custom Kloudfuse’s values.yaml