Use CRDs to collect container logs in DaemonSet mode - Log Service

After you install Logtail in DaemonSet mode in a container, you can use a custom resource definition (CRD) to create a Logtail configuration and use the Logtail configuration to collect container logs.

Prerequisites

The Logtail component is installed. For more information, see Install Logtail components in a Kubernetes cluster.
The container from which you want to collect logs continuously generates logs.
Important Logtail collects only incremental logs. If a log file on a server is not updated after the applied Logtail configuration is delivered to the server, Logtail does not collect logs from the file. For more information, see Read log files.

Features

Logtail can collect container text logs or stdout and stderr, and then upload the text logs or stdout and stderr together with container metadata to Log Service. Logtail supports the following features:

Allows you to specify a log file path in a container when you collect text logs. You do not need to manually map the log file path to a path on the host.
Collects stdout and stderr.
Uses the container label whitelist to specify containers from which logs are collected.
Uses the container label blacklist to specify containers from which logs are not collected.
Uses the environment variable whitelist to specify containers from which logs are collected.
Uses the environment variable blacklist to specify containers from which logs are not collected.
Collects multi-line logs. For example, Logtail can collect Java stack logs.
Automatically associates container metadata that needs to be uploaded together with the collected container logs. The metadata includes container names, image names, pod names, namespaces, and environment variables.
If a container runs in a Kubernetes cluster, Logtail also supports the following features:
- Uses Kubernetes namespaces, pod names, and container names to specify containers from which logs are collected.
- Uses the Kubernetes label whitelist to specify containers from which logs are collected.
- Uses the Kubernetes label blacklist to specify containers from which logs are not collected.
- Automatically associates Kubernetes labels that need to be uploaded together with the collected container logs.

Implementation

The following list describes the process in which logs are collected by using a CRD:

The kubectl tool or other tools are used to apply an AliyunLogConfig CRD.
The alibaba-log-controller detects the update in CRD configurations.
The alibaba-log-controller sends requests to Log Service to create a Logstore, create a Logtail configuration, and apply the Logtail configuration to a machine group based on the content of the CRD and the status of Logtail configurations in Log Service.
Logtail periodically sends a request to Log Service to obtain a new or updated Logtail configuration and perform hot reloading.
Logtail collects stdout and stderr or text logs from each container based on the obtained Logtail configuration.
Logtail sends the collected container logs to Log Service.

Limits

Limits on text log collection
- If Logtail detects the die event on a container that is stopped, Logtail no longer collects text logs from the container. If collection latency exists, some text logs that are collected before the container is stopped may be lost.
- Logtail cannot access the symbolic link of a container. You must specify an actual path as the collection directory.
- If a volume is mounted to the data directory of a container, Logtail cannot collect data from the parent directory of the data directory. You must specify the complete path of the data directory as the collection directory.
  For example, if a volume is mounted to the /var/log/service directory and you set the collection directory to /var/log, Logtail cannot collect logs from the /var/log directory. You must specify /var/log/service as the collection directory.
- By default, Kubernetes mounts the root directory of the host to the /logtail_host directory of the Logtail container. If you want to collect text logs from the host, you must specify /logtail_host as the prefix of the log file path.
  For example, if you want to collect logs from the /home/logs/app_log/ directory of the host, you must specify /logtail_host/home/logs/app_log/ as the log file path.
- For Docker containers, only overlay and overlay2 storage drivers are supported. If other storage drivers are used, you must mount a volume to the directory of logs. Then, a temporary directory is generated.
  If an Apsara File Storage NAS (NAS) file system is mounted to the directory of logs by using a PersistentVolumeClaim (PVC), you cannot collect logs in DaemonSet mode. In this case, we recommend that you collect logs in Sidecar mode. For more information, see Use CRDs to collect container text logs in Sidecar mode and Use the Log Service console to collect container text logs in Sidecar mode.
Limits on stdout and stderr collection
The logging driver collects stdout and stderr only in the JSON format from containers that use the Docker engine.
General limits
Logtail collects data from containers that use the Docker engine or containerd engine.
- Docker: Logtail accesses the Docker engine in the /run/docker.sock directory. Make sure that the directory exists and Logtail has the permissions to access the directory.
- containerd: Logtail accesses the containerd engine in the /run/containerd/containerd.sock directory. Make sure that the directory exists and Logtail has the permissions to access the directory.

Create a Logtail configuration

To create a Logtail configuration, you need to only create an AliyunLogConfig CRD. After the Logtail configuration is created, the system automatically applies the Logtail configuration. If you want to delete the Logtail configuration, you need to only delete the CRD.

Log on to your Kubernetes cluster.
Run the following command to create a YAML file.
In this example, the file name is cube.yaml. You can specify a file name based on your business requirements.
```
vim cube.yaml
```

Enter the following script in the YAML file and configure the parameters based on your business requirements.

Important

The value of the configName parameter must be unique in the Log Service project that you use.
If multiple CRDs are associated with the same Logtail configuration, the Logtail configuration is affected when you delete or modify one of the CRDs. After the deletion or modification, the status of the other CRDs that are associated with the Logtail configuration becomes inconsistent with the status of the Logtail configuration in Log Service.

apiVersion: log.alibabacloud.com/v1alpha1      # The default value is used. You do not need to modify this parameter. 
kind: AliyunLogConfig                          # The default value is used. You do not need to modify this parameter. 
metadata:
  name: simple-stdout-example                  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
spec:
  project: k8s-my-project                      # Optional. The name of the project. The default value is the name of the project that you use to install the Logtail components. 
  logstore: k8s-stdout                         # The name of the Logstore. If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstoreMode: standard                       # Optional. The type of the Logstore. The value of this parameter takes effect only if you configure the parameter when you create the Logstore. 
  shardCount: 2                                # Optional. The number of shards. Valid values: 1 to 10. Default value: 2. 
  lifeCycle: 90                                # The data retention period of the Logstore. The value of this parameter takes effect only if you configure the parameter when you create the Logstore. Valid values: 1 to 3650. Unit: days. Default value: 90. A value of 3650 specifies that log data is permanently stored in the Logstore. 
  logtailConfig:                               # The Logtail configuration. 
    inputType: plugin                          # The type of the data source. Valid values: file and plugin. A value of file specifies text logs. A value of plugin specifies stdout and stderr. 
    configName: simple-stdout-example          # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    inputDetail:                               # The detailed settings of the Logtail configuration. For more information, see the following configuration examples. 
      ...


Parameter	Type	Required	Description
project	string	No	The name of the project. The default value is the name of the project that you use to install the Logtail components.
logstore	string	Yes	The name of the Logstore. If the Logstore that you specify does not exist, Log Service automatically creates a Logstore.
logstoreMode	string	No	The type of the Logstore. For more information, see Manage a Logstore. Valid values: query: Query Logstore standard: Standard Logstore Important The value of this parameter takes effect only if you configure the parameter when you create the Logstore. If you change the value of this parameter for an existing Logstore that is specified by the logstore parameter, the new value does not take effect. The value of this parameter takes effect only in alibaba-log-controller V0.3.3 and later.
shardCount	int	No	The number of shards. Valid values: 1 to 10. Default value: 2.
lifeCycle	int	No	The data retention period of the Logstore. Valid values: 1 to 3650. Unit: days. Default value: 90. A value of 3650 specifies that log data is permanently stored in the Logstore. Important The value of this parameter takes effect only if you configure the parameter when you create the Logstore. If you change the value of this parameter for an existing Logstore that is specified by the logstore parameter, the new value does not take effect.
machineGroups	array	No	The machine group to which the Logtail configuration is applied. The default value is the machine group named `k8s-group-${your_k8s_cluster_id}`. This machine group is automatically created by Log Service when you install the Logtail components.
logtailConfig	object	Yes	The detailed settings of the Logtail configuration. In most cases, you need to only configure the inputType, configName, and inputDetail parameters. You can configure items such as the log filtering, data write mode, data masking, and log topic in the inputDetail parameter. For more information about the parameters, see Logtail configurations. For more information about the configuration examples of logtailConfig, see Examples of Logtail configurations that are used to collect stdout and stderr and Examples of Logtail configurations that are used to collect text logs.

Run the following command to apply the Logtail configuration.
In this example, the file name is cube.yaml. You can specify a file name based on your business requirements.
```
kubectl apply -f cube.yaml
```
After the Logtail configuration is applied, Logtail collects stdout and stderr or text logs from each container, and then sends the collected logs to Log Service.
Important After logs are collected, you must create indexes. Then, you can query and analyze the logs in the Logstore. For more information, see Create indexes.

View Logtail configurations

You can view Logtail configurations in the Log Service console or by using CRDs. For more information about how to view Logtail configurations in the Log Service console, see View Logtail configurations.

Important If you modify the settings of a Logtail configuration in the Log Service console and you view the Logtail configuration by using a CRD, the modification is not displayed in the returned result of the CRD. If you modify the settings of a Logtail configuration by using a CRD and you view the Logtail configuration in the Log Service console, the modification is displayed in the Log Service console.

View all Logtail configurations in the current Kubernetes cluster

You can run the kubectl get aliyunlogconfigs command to view all Logtail configurations. The following figure shows the result. View Logtail configurations

View the details and status of a Logtail configuration

You can run the kubectl get aliyunlogconfigs config_name -o yaml command to view the details and status of a Logtail configuration. The config_name parameter in the command specifies the name of the Logtail configuration that you want to view. You can specify a name based on your business requirements. The following figure shows the result.

The status and statusCode parameters in the result indicate the status of the Logtail configuration.

If the value of the statusCode parameter is 200, the Logtail configuration is applied.
If the value of the statusCode parameter is not 200, the Logtail configuration fails to be applied.

Examples of Logtail configurations that are used to collect stdout and stderr

If you want to collect container stdout and stderr, you must set the inputType parameter to plugin and add detailed settings to the plugin field of the inputDetail parameter. For more information about the parameters and the descriptions of the parameters, see Use the Log Service console to collect container stdout and stderr in DaemonSet mode.

Collect container stdout and stderr in simple mode

Description
Collect stdout and stderr from all containers except the containers whose environment variable configurations include COLLECT_STDOUT_FLAG=false. To view the environment variables of a container, you can log on to the host on which the container resides. For more information, see Obtain environment variables.

Configuration example

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: simple-stdout-example
spec:
  # If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-stdout
  # The Logtail configuration. 
  logtailConfig:
    # The type of the data source. If you want to collect stdout and stderr, you must set the value to plugin. 
    inputType: plugin
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: simple-stdout-example
    inputDetail:
      plugin:
        inputs:
          -
            # input type
            type: service_docker_stdout
            detail:
              # The settings that allow Logtail to collect both stdout and stderr. 
              Stdout: true
              Stderr: true
              # The environment variable blacklist. In this example, stdout and stderr are collected from all containers except the containers whose environment variable configurations include COLLECT_STDOUT_FLAG=false. 
              ExcludeEnv:
                COLLECT_STDOUT_FLAG: "false"

Collect container stdout and stderr in simple mode and process the logs by using regular expressions

Description
Collect the access logs of Grafana from containers in simple mode and parse the access logs into structured data by using regular expressions. The environment variable configurations of a container from which the access logs of Grafana can be collected include GF_INSTALL_PLUGINS=grafana-piechart-..... To view the environment variables of a container, you can log on to the host on which the container resides. For more information, see Obtain environment variables.

Sample log

t=2018-03-09T07:14:03+0000 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=172.16.64.154 time_ms=0 size=29 referer=

Configuration example

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: regex-stdout-example
spec:
  # If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-stdout-regex
  # The Logtail configuration. 
  logtailConfig:
    # The type of the data source. If you want to collect stdout and stderr, you must set the value to plugin. 
    inputType: plugin
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: regex-stdout-example
    inputDetail:
      plugin:
        inputs:
          -
            # input type
            type: service_docker_stdout
            detail:
              # The settings that allow Logtail to collect only stdout. 
              Stdout: true
              Stderr: false
              # The environment variable whitelist. In this example, stdout is collected only from containers whose environment variable configurations include a key of GF_INSTALL_PLUGINS. 
              IncludeEnv:
                GF_INSTALL_PLUGINS: ''
        processors:
          -
            # Use the processor_regex plug-in to parse the collected stdout by using a regular expression. 
            type: processor_regex
            detail:
              # The name of the source field. By default, the collected stdout is stored in the content field. 
              SourceKey: content
              # The regular expression that is used to extract log content. 
              Regex: 't=(\d+-\d+-\w+:\d+:\d+\+\d+) lvl=(\w+) msg="([^"]+)" logger=(\w+) userId=(\w+) orgId=(\w+) uname=(\S*) method=(\w+) path=(\S+) status=(\d+) remote_addr=(\S+) time_ms=(\d+) size=(\d+) referer=(\S*).*'
              # The keys that you want to extract from logs. 
              Keys: ['time', 'level', 'message', 'logger', 'userId', 'orgId', 'uname', 'method', 'path', 'status', 'remote_addr', 'time_ms', 'size', 'referer']
              # The settings that allow Logtail to retain the source field. 
              KeepSource: true
              # The settings that allow Logtail to report an error when the specified source field does not exist. 
              NoKeyError: true
              # The settings that allow Logtail to report an error when the specified regular expression does not match the value of the specified source field. 
              NoMatchError: true

New log obtained after parsing

Filter containers by using Kubernetes labels

Description
Collect stdout and stderr from containers whose Kubernetes labels contain the job-name key and a specific value. The value starts with nginx-log-demo.
Note In Logtail V1.0.34 and later, Kubernetes labels are supported to filter containers.

Configuration example

Obtain Kubernetes labels.

Create a Logtail configuration.

The following code shows an example of a Logtail configuration. For more information, see Use the Log Service console to collect container stdout and stderr in DaemonSet mode.

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: simple-stdout-example
spec:
  # If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-stdout
  # The Logtail configuration. 
  logtailConfig:
    # The type of the data source. If you want to collect stdout and stderr, you must set the value to plugin. 
    inputType: plugin
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: k8s-stdout-example
    inputDetail:
      plugin:
        inputs:
          -
            # input type
            type: service_docker_stdout
            detail:
              # The settings that allow Logtail to collect both stdout and stderr. 
              Stdout: true
              Stderr: true
              # The Kubernetes label whitelist. In this example, stdout and stderr are collected only from containers whose Kubernetes labels contain the job-name key and a specific value. The value starts with nginx-log-demo. 
              IncludeK8sLabel:
                job-name: "^(nginx-log-demo.*)$"

Filter containers by using Kubernetes namespaces, pod names, and container names

Description
Collect stdout and stderr from the nginx-log-demo-0 container in pods whose name starts with nginx-log-demo in the default namespace.
Note In Logtail V1.0.34 and later, Kubernetes namespaces, pod names, and container names are supported to filter containers.

Configuration example

Obtain different levels of Kubernetes information.
1. Obtain information about pods.
2. Obtain information about namespaces.

Create a Logtail configuration.

The following code shows an example of a Logtail configuration. For more information, see Use the Log Service console to collect container stdout and stderr in DaemonSet mode.

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: simple-stdout-example
spec:
  # If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-stdout
  # The Logtail configuration. 
  logtailConfig:
    # The type of the data source. If you want to collect stdout and stderr, you must set the value to plugin. 
    inputType: plugin
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: k8s-stdout-example
    inputDetail:
      plugin:
        inputs:
          -
            # input type
            type: service_docker_stdout
            detail:
              # The settings that allow Logtail to collect both stdout and stderr. 
              Stdout: true
              Stderr: true
              K8sNamespaceRegex: ^(default)$
              K8sPodRegex: '^(nginx-log-demo.*)$'
              K8sContainerRegex: ^(nginx-log-demo-0)$

Examples of Logtail configurations that are used to collect text logs

If you want to collect container text logs, you must set the inputType parameter to file and add detailed settings to the inputDetail parameter. For more information about the parameters and the descriptions of the parameters, see Use the Log Service console to collect container text logs in DaemonSet mode.

Collect logs in simple mode

Description
Collect text logs from containers whose environment variable configurations include a key of ALIYUN_LOGTAIL_USER_DEFINED_ID. The log file path is /data/logs/app_1/simple.LOG.

Configuration example

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: simple-file-example
spec:
   # The name of the Logstore. If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-file
  # The Logtail configuration. 
  logtailConfig:
    # The type of the data source. If you want to collect text logs, you must set the value to file. 
    inputType: file
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: simple-file-example
    inputDetail:
      # The settings that allow Logtail to collect text logs in simple mode. 
      logType: common_reg_log
      # The log file path. 
      logPath: /data/logs/app_1
      # The log file name. You can use wildcard characters such as asterisks (*) and question marks (?) when you specify the log file name. Example: log_*.log. 
      filePattern: simple.LOG
      # If you want to collect container text logs, you must set dockerFile to true. 
      dockerFile: true
      # The environment variable whitelist. In this example, text logs are collected only from containers whose environment variable configurations include a key of ALIYUN_LOGTAIL_USER_DEFINED_ID. 
      dockerIncludeEnv:
        ALIYUN_LOGTAIL_USER_DEFINED_ID: ""

Collect logs in full regex mode

Description
A Java program generates a multi-line log that contains error stack information. You can collect the log in full regex mode and specify a regular expression that is used to match the beginning of the first line of the log in the Logtail configuration.

Sample log

[2018-05-11T20:10:16,000] [INFO] [SessionTracker] [SessionTrackerImpl.java:148] Expiring sessions
java.sql.SQLException: Incorrect string value: '\xF0\x9F\x8E\x8F",...' for column 'data' at row 1
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:84)
at org.springframework.jdbc.support.AbstractFallbackSQLException

Configuration example

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: regex-file-example
spec:
  # The name of the Logstore. If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-file
  logtailConfig:
    # The type of the data source. If you want to collect text logs, you must set the value to file. 
    inputType: file
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: regex-file-example
    inputDetail:
      # The settings that allow Logtail to collect text logs in full regex mode. 
      logType: common_reg_log
      # The log file path. 
      logPath: /app/logs
      # The log file name. You can use wildcard characters such as asterisks (*) and question marks (?) when you specify the log file name. Example: log_*.log. 
      filePattern: error.LOG
      # The regular expression that is used to match the beginning of the first line of a log. 
      logBeginRegex: '\[\d+-\d+-\w+:\d+:\d+,\d+]\s\[\w+]\s.*'
      # The regular expression that is used to extract log content. 
      regex: '\[([^]]+)]\s\[(\w+)]\s\[(\w+)]\s\[([^:]+):(\d+)]\s(.*)'
      # The keys that you want to extract from logs. 
      key: ["time", "level", "method", "file", "line", "message"]
      # The format of the time values that are extracted from logs. When logs are collected in full regex mode, the time values are extracted from the time field of the logs by default. If you do not want to extract time values, you can leave this parameter empty. If you configure the timeFormat parameter, you must also configure the adjustTimezone and logTimezone parameters. 
      timeFormat: '%Y-%m-%dT%H:%M:%S'
      # By default, Logtail uses UTC. You must configure the following parameter setting before you can forcefully change the time zone: 
      adjustTimezone: true
      # The time zone offset. The time zone of logs is UTC+8. You can change the value of this parameter to change the time zone. 
      logTimezone: "GMT+08:00"
      # The settings that allow Logtail to upload raw logs if the logs fail to be parsed. 
      discardUnmatch: false
      # If you want to collect container text logs, you must set dockerFile to true. 
      dockerFile: true
      # The environment variable whitelist. In this example, text logs are collected only from containers whose environment variable configurations include a key of ALIYUN_LOGTAIL_USER_DEFINED_ID. 
      dockerIncludeEnv:
        ALIYUN_LOGTAIL_USER_DEFINED_ID: ""

New log obtained after parsing

Collect logs in delimiter mode

Description
If the container text logs that you want to collect contain delimiters, you can collect the container text logs in delimiter mode. Logs that are in the delimiter-separated values (DSV) format use line feeds as boundaries. Each log is placed in a separate line. Each log is parsed into multiple fields by using delimiters.

Configuration example

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: delimiter-file-example
spec:
  # The name of the Logstore. If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-file
  logtailConfig:
    # The type of the data source. If you want to collect text logs, you must set the value to file. 
    inputType: file
    configName: delimiter-file-example
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    inputDetail:
      # The settings that allow Logtail to collect text logs in delimiter mode. 
      logType: delimiter_log
      # The log file path. 
      logPath: /usr/local/ilogtail
      # The log file name. You can use wildcard characters such as asterisks (*) and question marks (?) when you specify the log file name. Example: log_*.log. 
      filePattern: delimiter_log.LOG
      # The delimiters. 
      separator: '|&|'
      # The keys that you want to extract from logs. 
      key: ['time', 'level', 'method', 'file', 'line', 'message']
      # The name of the field from which time values are extracted. 
      timeKey: 'time'
      # The format of the time values that are extracted from logs. When logs are collected in delimiter mode, the time values are extracted from the time field of the logs by default. If you do not want to extract time values, you can leave this parameter empty. If you configure the timeFormat parameter, you must also configure the adjustTimezone and logTimezone parameters. 
      timeFormat: '%Y-%m-%dT%H:%M:%S'
      # By default, Logtail uses UTC. You must configure the following parameter setting before you can forcefully change the time zone: 
      adjustTimezone: true
      # The time zone offset. The time zone of logs is UTC+8. You can change the value of this parameter to change the time zone. 
      logTimezone: "GMT+08:00"
      # The settings that allow Logtail to upload raw logs if the logs fail to be parsed. 
      discardUnmatch: false
      # If you want to collect container text logs, you must set dockerFile to true. 
      dockerFile: true
      # The environment variable whitelist. In this example, text logs are collected only from containers whose environment variable configurations include a key of ALIYUN_LOGTAIL_USER_DEFINED_ID. 
      dockerIncludeEnv:
        ALIYUN_LOGTAIL_USER_DEFINED_ID: ''

Collect logs in JSON mode

Description
If the container text logs that you want to collect are JSON logs of the Object type, you can collect the container text logs in JSON mode.

Sample log

{"url": "POST /PutData?Category=YunOsAccountOpLog&AccessKeyId=U0Ujpek********&Date=Fri%2C%2028%20Jun%202013%2006%3A53%3A30%20GMT&Topic=raw&Signature=pD12XYLmGxKQ%2Bmkd6x7hAgQ7b1c%3D HTTP/1.1", "ip": "10.200.98.220", "user-agent": "aliyun-sdk-java", "request": {"status": "200", "latency": "18204"}, "time": "05/Jan/2020:13:30:28"}

Configuration example

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: json-file-example
spec:
  # The name of the Logstore. If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-file
  logtailConfig:
    # The type of the data source. If you want to collect text logs, you must set the value to file. 
    inputType: file
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: json-file-example
    inputDetail:
      # The settings that allow Logtail to collect text logs in JSON mode. 
      logType: json_log
      # The log file path. 
      logPath: /usr/local/ilogtail
      # The log file name. You can use wildcard characters such as asterisks (*) and question marks (?) when you specify the log file name. Example: log_*.log. 
      filePattern: json_log.LOG
      # The name of the field from which time values are extracted. If no requirements are specified, use the timeKey: '' setting. 
      timeKey: 'time'
      # The format of the time values that are extracted from logs. If no requirements are specified, use the timeFormat: '' setting. 
      timeFormat: '%Y-%m-%dT%H:%M:%S'
      # If you want to collect container text logs, you must set dockerFile to true. 
      dockerFile: true
      # The environment variable whitelist. In this example, text logs are collected only from containers whose environment variable configurations include a key of ALIYUN_LOGTAIL_USER_DEFINED_ID. 
      dockerIncludeEnv:
        ALIYUN_LOGTAIL_USER_DEFINED_ID: ""

Filter containers by using Kubernetes information

Description
Collect logs from the simple.LOG file in the /data/logs/app_1 directory of specified containers. The containers must meet the following conditions:
- The containers belong to the default namespace.
- The containers belong to the pods whose name starts with nginx-log-demo.
- The containers are named nginx-log-demo-0.
- The containers have Kubernetes labels that contain the job-name key and a specific value. The value starts with nginx-log-demo.
Note In Logtail V1.0.34 and later, Kubernetes namespaces, pod names, container names, and Kubernetes labels are supported to filter containers.

Configuration example

Obtain different levels of Kubernetes information.
1. Obtain information about pods.
2. Obtain information about namespaces.
3. Obtain Kubernetes labels.

Create a Logtail configuration

The following code shows an example of a Logtail configuration. For more information, see Use the Log Service console to collect container stdout and stderr in DaemonSet mode.

Note You must configure Kubernetes-related parameters in the k8s parameter below advanced. The Kubernetes-related parameters include IncludeK8sLabel, ExcludeK8sLabel, K8sNamespaceRegex, K8sPodRegex, K8sContainerRegex, ExternalEnvTag, and ExternalK8sLabelTag. For more information, see Use the Log Service console to collect container stdout and stderr in DaemonSet mode.

apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
  # The name of the resource. The name must be unique in the current Kubernetes cluster. 
  name: simple-file-example
spec:
   # The name of the Logstore. If the Logstore that you specify does not exist, Log Service automatically creates a Logstore. 
  logstore: k8s-file
  # The Logtail configuration. 
  logtailConfig:
    # The type of the data source. If you want to collect text logs, you must set the value to file. 
    inputType: file
    # The name of the Logtail configuration. The name must be the same as the resource name that is specified in metadata.name. 
    configName: simple-file-example
    inputDetail:
      # The settings that allow Logtail to collect text logs in simple mode. 
      logType: common_reg_log
      # The log file path. 
      logPath: /data/logs/app_1
      # The log file name. You can use wildcard characters such as asterisks (*) and question marks (?) when you specify the log file name. Example: log_*.log. 
      filePattern: simple.LOG
      # If you want to collect container text logs, you must set dockerFile to true. 
      dockerFile: true
      # The conditions that are used to filter containers. 
      advanced:
        k8s:
          K8sNamespaceRegex: ^(default)$
          K8sPodRegex: '^(nginx-log-demo.*)$'
          K8sContainerRegex: ^(nginx-log-demo-0)$
          IncludeK8sLabel:
            job-name: "^(nginx-log-demo.*)$"

Troubleshooting

If an exception occurs when you use Logtail to collect logs from containers, such as standard containers and Kubernetes containers, you can troubleshoot the issue based on the following topic:

What do I do if an error occurs when I use Logtail to collect logs from containers?