I've got a stack that consists of Kubernetes deployment, Fluent-bit, Elasticsearch, and Kibana. I'm having trouble aggregating incoming logs in Kibana, and it seems crucial to visualize them. They're currently in string format.
Here are the details - deployment spec and logs:
spec:
containers:
- name: cont
image: busybox:latest
command: ['sh', '-c', 'while true; do traceroute 192.168.122.1|grep legion |cut -d " " -f 7 && sleep 7; done']
$ kubectl logs deploy/ngin -n monitoring
0.090
0.194
0.397
[..]
Fluent-bit config:
fluent-bit.conf: |
[SERVICE]
Flush 5
Log_Level error
Daemon off
Parsers_File parsers.conf
@INCLUDE input.conf
@INCLUDE output.conf
input.conf: |
[INPUT]
Name tail
Tag kube.*
Path /var/log/containers/*ngi*.log
Parser docker
Refresh_Interval 5
output.conf: |
[OUTPUT]
Name es
Match *
Host elasticsearch
Index test
Generate_ID On
parsers.conf: |
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
CSV_Field value:number
Logs coming to Kibana and info:
Log cannot be aggregated.