This topic describes how to configure Logtail in the Log Service console to collect Kubernetes text logs in DaemonSet mode.
Prerequisites
Features
Logtail can collect and upload container text logs with container metadata to Log
Service. The collection of Kubernetes text logs has the following features:
- Allows you to specify the log path of a container without the need to manually map the path to a path on the host.
- Uses labels to specify containers for log collection.
- Uses labels to exclude containers from log collection.
- Uses environment variables to specify containers for log collection.
- Uses environment variables to exclude containers from log collection.
- Supports multi-line logs such as Java Stack logs.
- Supports automatic labeling for Docker container logs.
- Supports automatic labeling for Kubernetes container logs.
Note
- The preceding labels are retrieved by using the docker inspect command. These labels are not the labels that are specified in a Kubernetes cluster.
- The preceding environment variables are the environment variables that you have specified to start containers.
Limits
- Stop policy: When a container is stopped and Logtail detects the
die
event on the container, Logtail stops collecting logs from the container. In this case, if a collection delay occurs, some logs that are generated before the stop action may be lost. - Docker storage driver: Only overlay and overlay2 are supported. For other storage drivers, you must mount the log directory on the local host.
- Symbolic link: Logtail cannot access the symbolic link of a container. Set the collection directory to an actual path.
Configure log collection
Configuration examples
- Configure environment variables
Collect the logs of the containers that meet the following conditions: The environment variables include
NGINX_PORT_80_TCP_PORT=80
and excludePOD_NAMESPACE=kube-system
, the log file path is/var/log/nginx/access.log
, and logs are parsed in simple mode.The following figure shows the configuration of a data source. For more information about log collection modes, see Use the full regex mode to collect logs, Collect NGINX logs, and Collect DSV formatted logs. - Configure labels
Collect the logs of the containers that meet the following conditions: The container labels include
io.kubernetes.container.name=nginx
, the log file path is/var/log/nginx/access.log
, and logs are parsed in simple mode.The following figure shows the configuration of a data source. For more information about log collection modes, see Use the full regex mode to collect logs, Collect NGINX logs, and Collect DSV formatted logs.
Default fields
The following table lists the fields that are uploaded by default for each log entry.
Field name | Description |
---|---|
_image_name_ | The name of an image. |
_container_name_ | The name of a container. |
_pod_name_ | The name of a pod. |
_namespace_ | The namespace to which a pod belongs. |
_pod_uid_ | The unique identifier of a pod. |
_container_ip_ | The IP address of a pod. |