Log forwarding multi-line logs


#1

Hello,

I’m looking for inspiration on how to solve sending multi-line logs to our ELK stack. I tried setting up the syslog forwarding as explained in the docs, but that is sending line by line so that’s not really useful. Then I looked at the proposal of elastic.co to use filebeat on a kubernetes cluster, but filebeat does not seem to find any logs to send (when creating the filebeat daemonset via kubectl create command that is), so I’m guessing gravity cannot be considered “standard kubernetes” and pushes/ centralises the logs elsewhere. Anyone did a similar setup and can shed some light ?

Thanks!


#2

I think the only difference is where gravity puts the docker logs on a different docker folder:

/var/lib/gravity/planet/docker/containers

If you update the filebeat deployment to look for logs there, the system should work just fine. Let us know if that helped, feel free to respond here if you’ll run into problems


#3

Hi Sasha,

Indeed mounting the folder that you mentioned to the “standard” /var/lib/docker/containers folder in the container itself did the trick! I’m still new to gravity so I didn’t know that log location difference.

Thanks a lot for the helpful input!