Container Service for Kubernetes:Enable SLS on Knative

Install LoongCollector

LoongCollector-based data collection: LoongCollector is a new-generation log collection agent that is provided by Simple Log Service. LoongCollector is an upgraded version of Logtail. LoongCollector is expected to integrate the capabilities of specific collection agents of Application Real-Time Monitoring Service (ARMS), such as Managed Service for Prometheus-based data collection and Extended Berkeley Packet Filter (eBPF) technology-based non-intrusive data collection.

After the LoongCollector components are installed, Simple Log Service automatically generates a project named k8s-log-${your_k8s_cluster_id} and resources in the project. You can log on to the Simple Log Service console to view the resources. The following table describes the resources.

Install Logtail

Logtail-based data collection: Logtail is a log collection agent that is provided by Simple Log Service. You can use Logtail to collect logs from multiple data sources, such as Alibaba Cloud Elastic Compute Service (ECS) instances, servers in data centers, and servers from third-party cloud service providers. Logtail supports non-intrusive log collection based on log files. You do not need to modify your application code, and log collection does not affect the operation of your applications.

After the Logtail components are installed, Simple Log Service automatically generates a project named k8s-log-<YOUR_CLUSTER_ID> and resources in the project. You can log on to the Simple Log Service console to view the resources. The following table describes the resources.

(Recommended) CRD - AliyunPipelineConfig

Create a Logtail configuration

To create a Logtail configuration, you need to only create a CR from the AliyunPipelineConfig CRD. After the Logtail configuration is created, it is automatically applied. If you want to modify a Logtail configuration that is created based on a CR, you must modify the CR.

1. Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.

2. Run the following command to create a YAML file.

   In the following command, cube.yaml is a sample file name. You can specify a different file name based on your business requirements.

   vim cube.yaml

3. Enter the following script in the YAML file and configure the parameters based on your business requirements.

   Important

   • The value of the configName parameter must be unique in the Simple Log Service project that you use to install the Logtail components.

   • You must configure a CR for each Logtail configuration. If multiple CRs are associated with the same Logtail configuration, the CRs other than the first CR do not take effect.

   • For more information about the parameters related to the AliyunPipelineConfig CRD, see (Recommended) Use AliyunPipelineConfig to manage a Logtail configuration. In this example, the Logtail configuration includes settings for text log collection. For more information, see CreateLogtailPipelineConfig.

   • Make sure that the Logstore specified by the config.flushers.Logstore parameter exists. You can configure the spec.logstore parameter to automatically create a Logstore.

   • For the values of the Endpoint and Region parameters, see Endpoints. The Region parameter indicates the region ID, such as cn-hangzhou.

   Collect single-line text logs from specific containers

   In this example, a Logtail configuration named example-k8s-file is created to collect single-line text logs from the containers whose names contain app in a cluster. The file is test.LOG, and the path is /data/logs/app_1.

   The collected logs are stored in a Logstore named k8s-file, which belongs to a project named k8s-log-test.

   apiVersion: telemetry.alibabacloud.com/v1alpha1
   # Create a CR from the ClusterAliyunPipelineConfig CRD.
   kind: ClusterAliyunPipelineConfig
   metadata:
     # Specify the name of the resource. The name must be unique in the current Kubernetes cluster. The name is the same as the name of the Logtail configuration that is created.
     name: example-k8s-file
   spec:
     # Specify the project to which logs are collected.
     project:
       name: k8s-log-test
     # Create a Logstore to store logs.
     logstores:
       - name: k8s-file
     # Configure the parameters for the Logtail configuration.
     config:
       # Configure the Logtail input plug-ins.
       inputs:
         # Use the input_file plug-in to collect text logs from containers.
         - Type: input_file
           # Specify the file path in the containers.
           FilePaths:
             - /data/logs/app_1/**/test.LOG
           # Enable the container discovery feature. 
           EnableContainerDiscovery: true
           # Add conditions to filter containers. Multiple conditions are evaluated by using a logical AND. 
           ContainerFilters:
             # Specify the namespace of the pod to which the required containers belong. Regular expression matching is supported. 
             K8sNamespaceRegex: default
             # Specify the name of the required containers. Regular expression matching is supported. 
             K8sContainerRegex: ^(.*app.*)$
       # Configure the Logtail output plug-ins.
       flushers:
         # Use the flusher_sls plug-in to send logs to a specific Logstore. 
         - Type: flusher_sls
           # Make sure that the Logstore exists.
           Logstore: k8s-file
           # Make sure that the endpoint is valid. For the Region field, enter the region ID.
           Endpoint: cn-hangzhou.log.aliyuncs.com
           Region: cn-hangzhou
           TelemetryType: logs

   Collect multi-line text logs from all containers and use regular expressions to parse the logs

   In this example, a Logtail configuration named example-k8s-file is created to collect multi-line text logs from all containers in a cluster. The file is test.LOG, and the path is /data/logs/app_1. The collected logs are parsed in JSON mode and stored in a Logstore named k8s-file, which belongs to a project named k8s-log-test.

   The sample log provided in the following example is read by the input_file plug-in in the {"content": "2024-06-19 16:35:00 INFO test log\nline-1\nline-2\nend"} format. Then, the log is parsed based on a regular expression into {"time": "2024-06-19 16:35:00", "level": "INFO", "msg": "test log\nline-1\nline-2\nend"}.

   apiVersion: telemetry.alibabacloud.com/v1alpha1
   # Create a CR from the ClusterAliyunPipelineConfig CRD.
   kind: ClusterAliyunPipelineConfig
   metadata:
     # Specify the name of the resource. The name must be unique in the current Kubernetes cluster. The name is the same as the name of the Logtail configuration that is created.
     name: example-k8s-file
   spec:
     # Specify the project to which logs are collected.
     project:
       name: k8s-log-test
     # Create a Logstore to store logs.
     logstores:
       - name: k8s-file
     # Configure the parameters for the Logtail configuration.
     config:
       # Specify the sample log. You can leave this parameter empty.
       sample: |
         2024-06-19 16:35:00 INFO test log
         line-1
         line-2
         end
       # Configure the Logtail input plug-ins.
       inputs:
         # Use the input_file plug-in to collect multi-line text logs from containers.
         - Type: input_file
           # Specify the file path in the containers.
           FilePaths:
             - /data/logs/app_1/**/test.LOG
           # Enable the container discovery feature. 
           EnableContainerDiscovery: true
           # Enable multi-line log collection.
           Multiline:
             # Specify the custom mode to match the beginning of the first line of a log based on a regular expression.
             Mode: custom
             # Specify the regular expression that is used to match the beginning of the first line of a log.
             StartPattern: \d+-\d+-\d+.*
       # Specify the Logtail processing plug-ins.
       processors:
         # Use the processor_parse_regex_native plug-in to parse logs based on the specified regular expression.
         - Type: processor_parse_regex_native
           # Specify the name of the input field.
           SourceKey: content
           # Specify the regular expression that is used for the parsing. Use capturing groups to extract fields.
           Regex: (\d+-\d+-\d+\s*\d+:\d+:\d+)\s*(\S+)\s*(.*)
           # Specify the fields that you want to extract.
           Keys: ["time", "level", "msg"]
       # Configure the Logtail output plug-ins.
       flushers:
         # Use the flusher_sls plug-in to send logs to a specific Logstore. 
         - Type: flusher_sls
           # Make sure that the Logstore exists.
           Logstore: k8s-file
           # Make sure that the endpoint is valid.
           Endpoint: cn-hangzhou.log.aliyuncs.com
           Region: cn-hangzhou
           TelemetryType: logs

4. Run the following command to apply the Logtail configuration. After the Logtail configuration is applied, Logtail starts to collect text logs from the specified containers and send the logs to Simple Log Service.

   In the following command, cube.yaml is a sample file name. You can specify a different file name based on your business requirements.

   kubectl apply -f cube.yaml

   Important

   After logs are collected, you must create indexes. Then, you can query and analyze the logs in the Logstore. For more information, see Create indexes.

CRD - AliyunLogConfig

To create a Logtail configuration, you need to only create a CR from the AliyunLogConfig CRD. After the Logtail configuration is created, it is automatically applied. If you want to modify a Logtail configuration that is created based on a CR, you must modify the CR.

1. Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.

2. Run the following command to create a YAML file.

   In the following command, cube.yaml is a sample file name. You can specify a different file name based on your business requirements.

   vim cube.yaml

3. Enter the following script in the YAML file and configure the parameters based on your business requirements.

   Important

   • The value of the configName parameter must be unique in the Simple Log Service project that you use to install the Logtail components.

   • If multiple CRs are associated with the same Logtail configuration, the Logtail configuration is affected when you delete or modify one of the CRs. After a CR is deleted or modified, the status of other associated CRs becomes inconsistent with the status of the Logtail configuration in Simple Log Service.

   • For more information about CR parameters, see Use AliyunLogConfig to manage a Logtail configuration. In this example, the Logtail configuration includes settings for text log collection. For more information, see CreateConfig.

   Collect single-line text logs from specific containers

   In this example, a Logtail configuration named example-k8s-file is created to collect single-line text logs from the containers of all the pods whose names begin with app in the cluster. The file is test.LOG, and the path is /data/logs/app_1. The collected logs are stored in a Logstore named k8s-file, which belongs to a project named k8s-log-test.

   apiVersion: log.alibabacloud.com/v1alpha1
   kind: AliyunLogConfig
   metadata:
     # Specify the name of the resource. The name must be unique in the current Kubernetes cluster. 
     name: example-k8s-file
     namespace: kube-system
   spec:
     # Specify the name of the project. If you leave this parameter empty, the project named k8s-log-<your_cluster_id> is used.
     project: k8s-log-test
     # Specify the name of the Logstore. If the specified Logstore does not exist, Simple Log Service automatically creates a Logstore. 
     logstore: k8s-file
     # Configure the parameters for the Logtail configuration. 
     logtailConfig:
       # Specify the type of the data source. If you want to collect text logs, set the value to file. 
       inputType: file
       # Specify the name of the Logtail configuration. 
       configName: example-k8s-file
       inputDetail:
         # Specify the simple mode to collect text logs. 
         logType: common_reg_log
         # Specify the log file path. 
         logPath: /data/logs/app_1
         # Specify the log file name. You can use wildcard characters (* and ?) when you specify the log file name. Example: log_*.log. 
         filePattern: test.LOG
         # Set the value to true if you want to collect text logs from containers. 
         dockerFile: true
         # Specify conditions to filter containers.
         advanced:
           k8s:
             K8sPodRegex: '^(app.*)$'

4. Run the following command to apply the Logtail configuration. After the Logtail configuration is applied, Logtail starts to collect text logs from the specified containers and send the logs to Simple Log Service.

   In the following command, cube.yaml is a sample file name. You can specify a different file name based on your business requirements.

   kubectl apply -f cube.yaml

   Important

   After logs are collected, you must create indexes. Then, you can query and analyze the logs in the Logstore. For more information, see Create indexes.

Console

1. Log on to the Simple Log Service console.

2. In the Quick Data Import section, click Import Data. In the Import Data dialog box, click the Kubernetes - File card.

   

3. Select the required project and Logstore. Then, click Next. In this example, select the project that you use to install the Logtail components and the Logstore that you create.

4. In the Machine Group Configurations step, perform the following operations. For more information, see Machine groups.

   1. Use one of the following settings based on your business requirements:

      • Kubernetes Clusters > ACK Daemonset

      • Kubernetes Clusters > Self-managed Cluster in DaemonSet Mode

        Important

        Subsequent settings vary based on the preceding settings.

   2. Confirm that the required machine groups are added to the Applied Server Groups section. Then, click Next. After you install Logtail components in a Container Service for Kubernetes (ACK) cluster, Simple Log Service automatically creates a machine group named k8s-group-${your_k8s_cluster_id}. You can directly use this machine group.

      Important

      • If you want to create a machine group, click Create Machine Group. In the panel that appears, configure the parameters to create a machine group. For more information, see Collect container logs from ACK clusters.

      • If the heartbeat status of a machine group is FAIL, click Automatic Retry. If the issue persists, see How do I troubleshoot an error that is related to a Logtail machine group in a host environment?

5. Create a Logtail configuration and click Next. Simple Log Service starts to collect logs after the Logtail configuration is created.

   Note

   A Logtail configuration requires up to 3 minutes to take effect.

   Global Configurations

   Parameter	Description
   Configuration Name	Enter a name for the Logtail configuration. The name must be unique in a project, and cannot be changed later.
   Log Topic Type	Select a method to generate log topics. For more information, see Log topics. Machine Group Topic: The topics of the machine groups are used as log topics. Select this option to distinguish the logs from different machine groups. File Path Extraction: Specify a custom regular expression. A part of the file path that matches the regular expression is used as the log topic. Select this option to distinguish the logs from different sources. Custom: Specify a custom log topic.
   Advanced Parameters	Optional. Configure the advanced parameters that are related to global configurations. For more information, see CreateLogtailPipelineConfig.

   Input Configurations

   Parameter	Description
   Logtail Deployment Mode	Select the deployment mode of Logtail. In this example, Daemonset is selected.
   File Path Type	Select the type of the file path that you want to use to collect logs. Valid values: Path in Container and Host Path. If a hostPath volume is mounted to a container and you want to collect logs from files based on the mapped file path on the container host, set this parameter to Host Path. In other scenarios, set this parameter to Path in Container.
   File Path	If the required container runs on a Linux host, specify a path that starts with a forward slash (/). Example: /apsara/nuwa/**/app.Log. If the required container runs on a Windows host, specify a path that starts with a drive letter. Example: C:\Program Files\Intel\**\*.Log. You can specify an exact directory and an exact name. You can also use wildcard characters to specify the directory and name. For more information, see Wildcard matching. When you configure this parameter, use only asterisks (*) or question marks (?) as wildcard characters. Simple Log Service scans all levels of the specified directory for the log files that match specified conditions. Examples: If you specify /apsara/nuwa/**/*.log, Simple Log Service collects logs from the log files whose names are suffixed by .log in the /apsara/nuwa directory and the recursive subdirectories of the directory. If you specify /var/logs/app_*/**/*.log, Simple Log Service collects logs from the log files that meet the following conditions: The file name is suffixed by .log. The file is stored in a subdirectory under the /var/logs directory or in a recursive subdirectory of the subdirectory. The name of the subdirectory matches the app_* pattern. If you specify /var/log/nginx/**/access*, Simple Log Service collects logs from the log files whose names start with access in the /var/log/nginx directory and the recursive subdirectories of the directory.
   Maximum Directory Monitoring Depth	Specify the maximum number of levels of subdirectories that you want to monitor. The subdirectories are in the log file directory that you specify. This parameter specifies the levels of subdirectories that can be matched for the wildcard characters ** included in the value of File Path. A value of 0 specifies that only the log file directory that you specify is monitored. Warning We recommend that you configure this parameter based on the minimum requirement. If you specify a large value, Logtail may consume more monitoring resources and cause collection latency.
   Enable Container Metadata Preview	If you turn on Enable Container Metadata Preview, you can view the container metadata after you create the Logtail configuration, including the matched container information and full container information.
   Container Filtering	Logtail version If the version of Logtail is earlier than 1.0.34, you can use only environment variables and container labels to filter containers. If the version of Logtail is 1.0.34 or later, we recommend that you use different levels of Kubernetes information to filter containers. The information includes K8s Pod Name Regular Matching, K8s Namespace Regular Matching, K8s Container Name Regular Matching, and Kubernetes Pod Label Whitelist. Filter conditions Important Container labels are retrieved by running the docker inspect command. Container labels are different from Kubernetes labels. For more information, see Obtain labels. Environment variables are the same as the environment variables that are configured to start containers. For more information, see Obtain environment variables. Kubernetes namespaces and container names can be mapped to container labels. The label for a namespace is io.kubernetes.pod.namespace. The label for a container name is io.kubernetes.container.name. We recommend that you use the two labels to filter containers. For example, the namespace of a pod is backend-prod, and the name of a container in the pod is worker-server. If you want to collect the logs of the worker-server container, you can specify io.kubernetes.pod.namespace : backend-prod or io.kubernetes.container.name : worker-server in the container label whitelist. If the two labels do not meet your business requirements, you can use the environment variable whitelist or the environment variable blacklist to filter containers. K8s Pod Name Regular Matching Enter the pod name. The pod name specifies the containers from which text logs are collected. Regular expression matching is supported. For example, if you specify ^(nginx-log-demo.*)$, all containers in the pod whose name starts with nginx-log-demo are matched. K8s Namespace Regular Matching Enter the namespace name. The namespace name specifies the containers from which text logs are collected. Regular expression matching is supported. For example, if you specify ^(default|nginx)$, all containers in the nginx and default namespaces are matched. K8s Container Name Regular Matching Enter the container name. The container name specifies the containers from which text logs are collected. Regular expression matching is supported. Kubernetes container names are defined in spec.containers. For example, if you specify ^(container-test)$, all containers whose name is container-test are matched. Container Label Whitelist Configure a container label whitelist. The whitelist specifies the containers from which text logs are collected. Note Do not specify duplicate values for the Label Name parameter. If you specify duplicate values, only one value takes effect. If you specify a value for the Label Name parameter but do not specify a value for the Label Value parameter, containers whose container labels contain the specified label name are matched. If you specify a value for the Label Name and Label Value parameters, containers whose container labels contain the specified Label Name:Label Value are matched. By default, string matching is performed for the values of the Label Value parameter. Containers are matched only if the values of the container labels are the same as the values of the Label Value parameter. If you specify a value that starts with a caret (^) and ends with a dollar sign ($) for the Label Value parameter, regular expression matching is performed. For example, if you set the Label Name parameter to app and set the Label Value parameter to ^(test1|test2)$, containers whose container labels contain app:test1 or app:test2 are matched. Key-value pairs are evaluated by using the OR operator. If a container has a container label that consists of one of the specified key-value pairs, the container is matched. Container Label Blacklist Configure a container label blacklist. The blacklist specifies the containers from which text logs are not collected. Note Do not specify duplicate values for the Label Name parameter. If you specify duplicate values, only one value takes effect. If you specify a value for the Label Name parameter but do not specify a value for the Label Value parameter, containers whose container labels contain the specified label name are filtered out. If you specify a value for the Label Name and Label Value parameters, containers whose container labels contain the specified Label Name:Label Value are filtered out. By default, string matching is performed for the values of the Label Value parameter. Containers are filtered out only if the values of the container labels are the same as the values of the Label Value parameter. If you specify a value that starts with a caret (^) and ends with a dollar sign ($) for the Label Value parameter, regular expression matching is performed. For example, if you set the Label Name parameter to app and set the Label Value parameter to ^(test1|test2)$, containers whose container labels contain app:test1 or app:test2 are filtered out. Key-value pairs are evaluated by using the OR operator. If a container has a container label that consists of one of the specified key-value pairs, the container is filtered out. Environment Variable Whitelist Configure an environment variable whitelist. The whitelist specifies the containers from which text logs are collected. If you specify a value for the Environment Variable Name parameter but do not specify a value for the Environment Variable Value parameter, containers whose environment variables contain the specified environment variable name are matched. If you specify a value for the Environment Variable Name and Environment Variable Value parameters, containers whose environment variables contain the specified Environment Variable Name:Environment Variable Value are matched. By default, string matching is performed for the values of the Environment Variable Value parameter. Containers are matched only if the values of the environment variables are the same as the values of the Environment Variable Value parameter. If you specify a value that starts with a caret (^) and ends with a dollar sign ($) for the Environment Variable Value parameter, regular expression matching is performed. For example, if you set the Environment Variable Name parameter to NGINX_SERVICE_PORT and set the Environment Variable Value parameter to ^(80|6379)$, containers whose port number is 80 or 6379 are matched. Key-value pairs are evaluated by using the OR operator. If a container has an environment variable that consists of one of the specified key-value pairs, the container is matched. Environment Variable Blacklist Configure an environment variable blacklist. The blacklist specifies the containers from which text logs are not collected. If you specify a value for the Environment Variable Name parameter but do not specify a value for the Environment Variable Value parameter, containers whose environment variables contain the specified environment variable name are filtered out. If you specify a value for the Environment Variable Name and Environment Variable Value parameters, containers whose environment variables contain the specified Environment Variable Name:Environment Variable Value are filtered out. By default, string matching is performed for the values of the Environment Variable Value parameter. Containers are filtered out only if the values of the environment variables are the same as the values of the Environment Variable Value parameter. If you specify a value that starts with a caret (^) and ends with a dollar sign ($) for the Environment Variable Value parameter, regular expression matching is performed. For example, if you set the Environment Variable Name parameter to NGINX_SERVICE_PORT and set the Environment Variable Value parameter to ^(80|6379)$, containers whose port number is 80 or 6379 are filtered out. Key-value pairs are evaluated by using the OR operator. If a container has an environment variable that consists of one of the specified key-value pairs, the container is filtered out. Kubernetes Pod Label Whitelist Configure a Kubernetes pod label whitelist. The whitelist specifies the containers from which text logs are collected. If you specify a value for the Label Name parameter but do not specify a value for the Label Value parameter, containers whose pod labels contain the specified label name are matched. If you specify a value for the Label Name and Label Value parameters, containers whose pod labels contain the specified Label Name:Label Value are matched. By default, string matching is performed for the values of the Label Value parameter. Containers are matched only if the values of the pod labels are the same as the values of the Label Value parameter. If you specify a value that starts with a caret (^) and ends with a dollar sign ($), regular expression matching is performed. For example, if you set the Label Name parameter to environment and set the Label Value parameter to ^(dev|pre)$, containers whose pod labels contain environment:dev or environment:pre are matched. Key-value pairs are evaluated by using the OR operator. If a container has a pod label that consists of one of the specified key-value pairs, the container is matched. Kubernetes Pod Label Blacklist Configure a Kubernetes pod label blacklist. The blacklist specifies the containers from which text logs are not collected. If you specify a value for the Label Name parameter but do not specify a value for the Label Value parameter, containers whose pod labels contain the specified label name are filtered out. If you specify a value for the Label Name and Label Value parameters, containers whose pod labels contain the specified Label Name:Label Value are filtered out. By default, string matching is performed for the values of the Label Value parameter. Containers are filtered out only if the values of the pod labels are the same as the values of the Label Value parameter. If you specify a value that starts with a caret (^) and ends with a dollar sign ($) for the Label Value parameter, regular expression matching is performed. For example, if you set the Label Name parameter to environment and set the Label Value parameter to ^(dev|pre)$, containers whose pod labels contain environment:dev or environment:pre are filtered out. Key-value pairs are evaluated by using the OR operator. If a container has a pod label that consists of one of the specified key-value pairs, the container is filtered out.
   Log Tag Enrichment	Specify log tags by using environment variables and pod labels.
   File Encoding	Select the encoding format of log files.
   First Collection Size	Specify the size of data that Logtail can collect from a log file the first time Logtail collects logs from the file. The default value of First Collection Size is 1024. Unit: KB. If the file size is less than 1,024 KB, Logtail collects data from the beginning of the file. If the file size is greater than 1,024 KB, Logtail collects the last 1,024 KB of data in the file. You can specify First Collection Size based on your business requirements. Valid values: 0 to 10485760. Unit: KB.
   Collection Blacklist	If you turn on Collection Blacklist, you must configure a blacklist to specify the directories or files that you want Simple Log Service to skip when it collects logs. You can specify exact directories and file names. You can also use wildcard characters to specify directories and file names. When you configure this parameter, use only asterisks (*) or question marks (?) as wildcard characters. Important If you use wildcard characters to configure File Path and you want to skip some directories in the specified directory, you must configure Collection Blacklist and enter a complete directory. For example, if you set File Path to /home/admin/app*/log/*.log and you want to skip all subdirectories in the /home/admin/app1* directory, you must select Directory Blacklist and enter /home/admin/app1*/** in the Directory Name field. If you enter /home/admin/app1*, the blacklist does not take effect. When a blacklist is in use, computational overhead is generated. We recommend that you add up to 10 entries to the blacklist. You cannot specify a directory path that ends with a forward slash (/). For example, if you set the path to /home/admin/dir1/, the directory blacklist does not take effect. The following types of blacklists are supported: File Path Blacklist, File Blacklist, and Directory Blacklist. File Path Blacklist If you select File Path Blacklist and enter /home/admin/private*.log in the File Path Name field, all files whose names are prefixed by private and suffixed by .log in the /home/admin/ directory are skipped. If you select File Path Blacklist and enter /home/admin/private*/*_inner.log in the File Path Name field, all files whose names are suffixed by _inner.log in the subdirectories whose names are prefixed by private in the /home/admin/ directory are skipped. For example, the /home/admin/private/app_inner.log file is skipped, but the /home/admin/private/app.log file is not. File Blacklist If you select File Blacklist and enter app_inner.log in the File Name field, all files whose names are app_inner.log are skipped. Directory Blacklist If you select Directory Blacklist and enter /home/admin/dir1 in the Directory Name field, all files in the /home/admin/dir1 directory are skipped. If you select Directory Blacklist and enter /home/admin/dir* in the Directory Name field, the files in all subdirectories whose names are prefixed by dir in the /home/admin/ directory are skipped. If you select Directory Blacklist and enter /home/admin/*/dir in the Directory Name field, all files in the dir subdirectory in each second-level subdirectory of the /home/admin/ directory are skipped. For example, the files in the /home/admin/a/dir directory are skipped, but the files in the /home/admin/a/b/dir directory are not.
   Allow File to Be Collected for Multiple Times	By default, you can use only one Logtail configuration to collect logs from a log file. To use multiple Logtail configurations to collect logs from a log file, turn on Allow File to Be Collected Multiple Times.
   Advanced Parameters	You must manually configure specific parameters of a Logtail configuration. For more information, see Create a Logtail pipeline configuration.

   Processor Configurations

   Parameter	Description
   Log Sample	Add a sample log collected from an actual scenario. You can use the sample log to easily configure parameters related to log processing. You can add multiple sample logs. Make sure that the total length of the logs does not exceed 1,500 characters. [2023-10-01T10:30:01,000] [INFO] java.lang.Exception: exception happened at TestPrintStackTrace.f(TestPrintStackTrace.java:3) at TestPrintStackTrace.g(TestPrintStackTrace.java:7) at TestPrintStackTrace.main(TestPrintStackTrace.java:16)
   Multi-line Mode	Specify the type of multi-line logs. A multi-line log spans multiple consecutive lines. You can configure this parameter to identify each multi-line log in a log file. Custom: A multi-line log is identified based on the value of Regex to Match First Line. Multi-line JSON: Each JSON object is expanded into multiple lines. Example: { "name": "John Doe", "age": 30, "address": { "city": "New York", "country": "USA" } } Configure Processing Method If Splitting Fails. Exception in thread "main" java.lang.NullPointerException at com.example.MyClass.methodA(MyClass.java:12) at com.example.MyClass.methodB(MyClass.java:34) at com.example.MyClass.main(MyClass.java:½0) For the preceding sample log, Simple Log Service can discard the log or retain each single line as a log if it fails to split it. Discard: The log is discarded. Retain Single Line: Each line of log text is retained as a log. A total of four logs are retained.
   Processing Method	Add processors as needed. You can add native and extended processors for data processing. Important Refer to the console page prompts for usage restrictions on the processors. Logtail V2.0 You can arbitrarily combine native processors for data processing. You can combine native and extended processors. Extended processors must follow native processors in the sequence. Logtail earlier than V2.0 You cannot add native and extended processors at the same time. You can use native processors only to collect text logs. When you add them, note the following: You must first add one of the following Logtail processors: Data Parsing (Regex Mode), Data Parsing (Delimiter Mode), Data Parsing (JSON Mode), Data Parsing (NGINX Mode), Data Parsing (Apache Mode), and Data Parsing (IIS Mode). After you add the first processor, you can add a Time Parsing processor, a Data Filtering processor, and multiple Data Masking processors. When you configure the Retain Original Field if Parsing Fails and Retain Original Field if Parsing Succeeds parameters, you can use only the following parameter combinations. For others, Simple Log Service does not ensure configuration effects. Upload logs that are parsed. Upload logs that are obtained after successful parsing, and raw ones if the parsing fails. Upload logs obtained after parsing. Add a raw log field to the logs if the parsing succeeds, and raw logs if it fails. For example, if a raw log is "content": "{"request_method":"GET", "request_time":"200"}" and it's successfully parsed, the system adds a raw log field, which is specified by the New Name of Original Field parameter. If you do not configure the parameter, the original field name is used. The field value is {"request_method":"GET", "request_time":"200"}.

6. Create indexes and preview data. Then, click Next. By default, full-text indexing is enabled in Simple Log Service. You can also configure field indexes based on collected logs in manual mode or automatic mode. To configure field indexes in automatic mode, click Automatic Index Generation. This way, Simple Log Service automatically creates field indexes. For more information, see Create indexes.

   Important

   If you want to query all fields in logs, we recommend that you use full-text indexes. If you want to query only specific fields, we recommend that you use field indexes. This helps reduce index traffic. If you want to analyze fields, you must create field indexes. You must include a SELECT statement in your query statement for analysis.

7. Click Query Log. Then, you are redirected to the query and analysis page of your Logstore.

   You must wait approximately 1 minute for the indexes to take effect. Then, you can view the collected logs on the Raw Logs tab. For more information, see Guide to log query and analysis.

Environment variables

1. Enable SLS when you create a Knative Service

You can enable log collection based on the following YAML template when you create a Knative service.

1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose Applications > Knative.

3. Click the Services tab, select a namespace, and then click Create from Template. On the page that appears, select Custom in the Sample Template section. Use the following YAML file and follow the instructions on the page to create a Service.

   YAML templates comply with the Kubernetes syntax. You can use env to define log collection configurations and custom tags. You must also set the volumeMounts and volumes parameters. The following example shows how to configure Log Service in a pod:

   apiVersion: serving.knative.dev/v1
   kind: Service
   metadata:
     name: helloworld-go-log
   spec:
     template:
       spec:
         containers:
         - name: my-demo-app
           image: 'registry.cn-hangzhou.aliyuncs.com/log-service/docker-log-test:latest'
           env:
           # Specify environment variables.
           - name: aliyun_logs_log-stdout
             value: stdout
           - name: aliyun_logs_log-varlog
             value: /var/demo/*.log
           - name: aliyun_logs_mytag1_tags
             value: tag1=v1
           # Configure volume mounting.
           volumeMounts:
           - name: volumn-sls-mydemo
             mountPath: /var/demo
           # If the pod is repetitively restarted, you can add a sleep command to the startup parameters of the pod.
           command: ["sh", "-c"]  # Run commands in the shell.
           args: ["sleep 3600"]   # Set the sleep time to 1 hour (3600 seconds).
         volumes:
         - name: volumn-sls-mydemo
           emptyDir: {}

   Perform the following steps in sequence based on your business requirements:

   Note

   If you have other log collection requirements, see (Optional) 2. Use environment variables to configure advanced settings.

   1. Add log collection configurations and custom tags by using environment variables. All environment variables related to log collection must use aliyun_logs_ as the prefix.

      • Add environment variables in the following format:

        - name: aliyun_logs_log-stdout
          value: stdout
        - name: aliyun_logs_log-varlog
          value: /var/demo/*.log                        

        In the preceding example, two environment variables in the following format are added to the log collection configuration: aliyun_logs_{key}. The {keys} of the environment variables are log-stdout and log-varlog.

        • The aliyun_logs_log-stdout environment variable indicates that a Logstore named log-stdout is created to store the stdout collected from containers. The name of the collection configuration is log-stdout. This way, the stdout of containers is collected to the Logstore named log-stdout.

        • The aliyun_logs_log-varlog environment variable indicates that a Logstore named log-varlog is created to store the /var/demo/*.log files collected from containers. The name of the collection configuration is log-varlog. This way, the /var/demo/*.log files are collected to the Logstore named log-varlog.

      • Add custom tags in the following format:

        - name: aliyun_logs_mytag1_tags
          value: tag1=v1                       

        After a tag is added, the tag is automatically appended to the log data that is collected from the container. mytag1 specifies the tag name without underscores (_).

   2. If you specify a log path to collect log files other than stdout, you must set the volumeMounts parameter.

      In the preceding YAML template, the mountPath field in volumeMounts is set to /var/demo. This allows Logtail to collect log data from the /var/demo*.log file.

4. After you modify the YAML template, click Create to submit the configurations.

(Optional) 2. Use environment variables to configure advanced settings

- name: aliyun_logs_catalina_tags

  value: app=catalina

- name: aliyun_logs_catalina_project

  value: my-k8s-project

- name: aliyun_logs_catalina_logstore

  value: my-logstore

- name: aliyun_logs_catalina_shard

  value: '4'

- name: aliyun_logs_catalina_ttl

  value: '3650'

- name: aliyun_logs_catalina_machinegroup

  value: my-machine-group