Log Service collects Kubernetes cluster logs by using Logtail. After logs are collected, you can preview, query, and analyze logs in real time. You can also publish the query and analysis results on a dashboard through DataV.

Scenario

You need to collect logs from a Kubernetes cluster in Hangzhou by using Log Service, query and analyze the collected access logs, and then display the query and analysis results in charts through DataV.

Prerequisites

  1. Your AccessKey is obtained.
  2. Log Service is activated. A project and a Logstore are created.
  3. DataV is activated.

Configuration process

  1. Deploy a DaemonSet for Logtail and configure a Logtail machine group.

    Create a machine group with a custom ID in the Log Service console. Then, you do not need to worry about log collection if the Kubernetes cluster is scaled up or down in the future.

  2. Create a collection configuration for the server.

    Create a collection configuration in the Log Service console. All the collection configurations are created for the Log Service server. No local configuration is needed.

  3. Import data to DataV.

Step 1: Deploy a DaemonSet for Logtail

  1. Connect to your Kubernetes cluster.
  2. Set relevant parameters.
    1. Download the Log Service YAML file template and open it in the vi editor.
    2. Replace all ${your_xxxx} variables in the env settings of the template with actual values.
      Parameter Description
      `${your_region_name}` The region where the Log Service project you created resides. For more information about available regions, see Set startup parameters.
      Note Do not confuse the hyphen (-) with the underscore (_) in the region name.
      `${your_aliyun_user_id}` The user ID of your Alibaba Cloud account, which is of the string type. For more information about how to view the ID, see Configure AliUids for ECS servers under other Alibaba Cloud accounts or on-premises IDCs.
      `${your_machine_group_name}` The custom ID of the machine group in your cluster. For more information about how to set the custom ID, see Create a server group with a custom identifier.
      Note
      1. You need to obtain an AccessKey of your Alibaba Cloud account. For more information, see Create an AccessKey in Quick Start.
      2. Do not modify the volumeMounts and volumes settings in the template. Otherwise, Logtail may not work properly.
      3. You can customize the startup parameter settings of the Logtail container if the following conditions are met:
        1. The following three environment variables are configured before you start the Logtail container: ALIYUN_LOGTAIL_USER_DEFINED_ID, ALIYUN_LOGTAIL_USER_ID, and ALIYUN_LOGTAIL_CONFIG.
        2. The domain socket of Docker is mounted to /var/run/docker.sock.
        3. The root directory is mounted to the /logtail_host directory of the Logtail container if you need to collect the files of other containers or hosts.
    3. Deploy a DaemonSet for Logtail.

      Use the following sample code:

      [root@iZu kubernetes]# curl http://logtail-release.oss-cn-hangzhou.aliyuncs.com/docker/k8s/logtail-daemonset.yaml > logtail-daemonset.yaml
      [root@iZu kubernetes]# vi logtail-daemonset.yaml
      ...
           env:
               - name: "ALIYUN_LOGTAIL_CONFIG"
                 value: "/etc/ilogtail/conf/cn_hangzhou/ilogtail_config.json"
               - name: "ALIYUN_LOGTAIL_USER_ID"
                 value: "16542189653****"
               - name: "ALIYUN_LOGTAIL_USER_DEFINED_ID"
                 value: "k8s-logtail"
      ...
      [root@iZu kubernetes]# kubectl apply -f logtail-daemonset.yaml
      							

Step 2: Configure a Logtail machine group

  1. Log on to the Log Service console and click the target project.
  2. On the left-side navigation submenu, click the Server Groups icon. The machine group list appears in the left-side navigation pane.
  3. Click the Machine group icon next to Server Groups and select Create Machine Group.
  4. In the Create Machine Group dialog box, select Custom ID from the Identifier drop-down list. Enter the value of ALIYUN_LOGTAIL_USER_DEFINED_ID set in the previous step in the Custom Identifier field.
    Create a machine group

    After configuring the machine group, wait for 1 minute, and then click the machine group name to view the heartbeat status of nodes where a DaemonSet for Logtail is deployed. For more information, see View status in Manage server groups.

Step 3: Create a collection configuration for the server

  1. On the Overview page of the target project, click Import Data to start the configuration process.
  2. Select a data type.

    In the Import Data dialog box, select Docker Standard Output - Container.

  3. Select a Logstore.

    If you start the collection configuration process by clicking the plus sign (+) next to Data Import under a Logstore, the system skips this step.

  4. Create a machine group.
    Before creating a machine group, ensure that Logtail is installed.
    • Servers of Alibaba Group: By default, Logtail is installed on these servers. If Logtail is not installed on a server, contact Alibaba Cloud as prompted.
    • Elastic Compute Service (ECS) instances: Select ECS instances and click Install. ECS instances that are running in Windows do not support one-click installation of Logtail. In this case, you need to manually install Logtail. For more information, see Install Logtail in Windows.
    • On-premises servers: Install Logtail as prompted. For more information about how to install Logtail, see Install Logtail in Linux or Install Logtail in Windows based on your operating system.
    After installing Logtail, click Complete Installation to create a machine group. If you have created a machine group, click Use Existing Server Groups.
  5. Configure the machine group.

    Select a machine group and move it from Source Server Groups to Applied Server Groups.

  6. Configure the data source.

    In the Specify Data Source step, enter your collection configuration. The following configuration is an example. For more information about configuration items, see Container standard output.

    {
     "inputs": [
         {
             "type": "service_docker_stdout",
             "detail": {
                 "Stdout": true,
                 "Stderr": true,
                 "IncludeLabel": {
                     "app": "monitor"
                 },
                 "ExcludeLabel": {
                     "type": "pre"
                 }
             }
         }
     ]
    }
    					
  7. Configure query and analysis.

    An index is created by default. You can modify it as needed.

Step 4: Import data to DataV

  1. Log on to the DataV console. On the Data Sources tab, click Add Source. In the Add Data Source dialog box, enter required information such as the data type and your AccessKey, and then click OK.
  2. Create an area chart and set Area Chart parameters.

    Enter the following code in the Query field:

    {
     "projectName": "sls-zc-test-hz-pub",
     "logStoreName": "nginx_access",
     "topic": "",
     "from": 1518332000,
     "to": 1518352301,
     "query": "*| select count(1) as pv, date_format(from_unixtime(__time__ - __time__%3600) ,'%Y/%m/%d %H:%i:%s')   as time group by time  order by time limit 1000" ,
     "line": 100,
     "offset": 0
    }
    					

Important notes

During the test, you can enter the UNIX time for the from and to fields in the sample code, for example, 1509897600. After you publish the chart, you can set the from and to parameters in the URL of the chart to specify the start time and end time of data to be queried. For example, when you preview a chart, the URL is http://datav.aliyun.com/screen/86312. If you open the URL http://datav.aliyun.com/screen/86312?from=1510796077&to=1510798877, the chart can query and display data within the specified time range.

After configuring the chart, click the Preview and Publish icons. A dashboard is created.