Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

EKS Blueprint deployment of AWS for fluent bit parses JSON to string

0

Hi,

we deployed fluent bit via the terraform eks blueprint to send logs to cloudwatch. its pulling in everything as expected except for that JSON logs are being turned into strings.

If i run a kubectl logs container ill get back:

{
  "service":"OpensearchBulkIndexWorker",
  "event":"batch_indexing_job",
  "index":"data-object-share",
  "total_count":42,
  "error_count":0,
  "duration":0.11248340101155918
}

But when looking in cloudwatch logs i then get:

{
"log": "2023-07-24T18:41:47.084106019Z stdout F {\"service\":\"OpensearchBulkIndexWorker\",\"event\":\"batch_indexing_job\",\"index\":\"data-object-share-parcel\",\"total_count\":42,\"error_count\":0,\"duration\":0.11248340101155918}
...

based on this [doc][1] i thought it was built it that it would parse to json but guess something has changed? any idea how to resolve?

Themen
BehälterManagement & Unternehmensführung
Tags
Amazon Elastic Kubernetes DienstAmazon CloudWatch-Protokolle
Sprache
English
AWS-User-1166501
gefragt vor 10 Monaten704 Aufrufe
3 Antworten
0
Akzeptierte Antwort

we gave up and moved to full fluent bit and removed the aws-fluent-bit. so we could get the solution running

AWS-User-1166501
beantwortet vor 10 Monaten
0

Hi,

AWS enabled the support for monitoring JSON-formatted logs with CloudWatch Logs which enable you to create graphs and receive notifications when your JSON-formatted log events contain terms or match conditions that you choose. [1] AWS also supports logging from the pods directly to CloudWatch. [2]

However, parsing the files from the container to the CloudWatch is done by Fluent-bit which always displayed in the CloudWatch as stdout. The suggested solution to make JSON logs work, is to use a parser in your config map as shown in the example below:

kind: ConfigMap
apiVersion: v1
metadata:
  name: xxxx
  namespace: xxxx
  labels:
data:
  parsers.conf: |
    [PARSER]
        Name docker
        Format json
        Time_Key time
  output.conf: |
    [OUTPUT]
        Name cloudwatch
        Match   *
        region xxxx
        log_group_name xxxx
        log_stream_prefix from-fluent-bit-
        auto_create_group true
        log_key log

References: [1] https://aws.amazon.com/about-aws/whats-new/2015/01/20/amazon-cloudwatch-logs-json-log-format-support/ [2] https://docs.amazonaws.cn/en_us/eks/latest/userguide/fargate-logging.html

AWS
SUPPORT-TECHNIKER
rePost-User-7701488
beantwortet vor 10 Monaten
0

My attempt (Which total faiiled :D)

Current values file (Which is just the default values):

serviceAccount:
  create: false
  name: aws-for-fluent-bit-sa

cloudWatchLogs:
  enabled: true
  region: eu-west-2
  logGroupName: /oc-prod-backend/worker-fluentbit-logs

this creates a configmap like:

apiVersion: v1
data:
  fluent-bit.conf: |
    [SERVICE]
        Parsers_File /fluent-bit/parsers/parsers.conf
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/*.log
        DB                /var/log/flb_kube.db
        Parser            docker
        Docker_Mode       On
        Mem_Buf_Limit     5MB
        Skip_Long_Lines   On
        Refresh_Interval  10
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc.cluster.local:443
        Merge_Log           On
        Merge_Log_Key       data
        Keep_Log            On
        K8S-Logging.Parser  On
        K8S-Logging.Exclude On
        Buffer_Size         32k
    [OUTPUT]
        Name                  cloudwatch_logs
        Match                 *
        region                eu-west-2
        log_group_name        /oc-prod-backend/worker-fluentbit-logs
        log_group_template    /aws/eks/fluentbit-cloudwatch/workload/$kubernetes['namespace_name']
        log_stream_prefix     fluentbit-
        log_stream_template   $kubernetes['pod_name'].$kubernetes['container_name']
        auto_create_group     true
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: aws-for-fluent-bit
    meta.helm.sh/release-namespace: aws-for-fluent-bit
  creationTimestamp: "2023-05-05T13:39:08Z"
  labels:
    app.kubernetes.io/instance: aws-for-fluent-bit
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: aws-for-fluent-bit
    app.kubernetes.io/version: 2.31.11
    helm.sh/chart: aws-for-fluent-bit-0.1.27

tried updating to below as its seems the closest thing i can get.

serviceAccount:
  create: false
  name: aws-for-fluent-bit-sa

cloudWatchLogs:
  enabled: true
  region: eu-west-2
  logGroupName: /oc-prod-backend/worker-fluentbit-logs

service:
  extraParsers: |
    [PARSER]
        Name     docker
        Format   json
        Time_Key time

which updates the configmap to:

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  fluent-bit.conf: |
    [SERVICE]
        Parsers_File /fluent-bit/parsers/parsers.conf
        Parsers_File /fluent-bit/etc/parser_extra.conf
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/*.log
        DB                /var/log/flb_kube.db
        Parser            docker
        Docker_Mode       On
        Mem_Buf_Limit     5MB
        Skip_Long_Lines   On
        Refresh_Interval  10
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc.cluster.local:443
        Merge_Log           On
        Merge_Log_Key       data
        Keep_Log            On
        K8S-Logging.Parser  On
        K8S-Logging.Exclude On
        Buffer_Size         32k
    [OUTPUT]
        Name                  cloudwatch_logs
        Match                 *
        region                eu-west-2
        log_group_name        /oc-prod-backend/worker-fluentbit-logs
        log_group_template    /aws/eks/fluentbit-cloudwatch/workload/$kubernetes['namespace_name']
        log_stream_prefix     fluentbit-
        log_stream_template   $kubernetes['pod_name'].$kubernetes['container_name']
        auto_create_group     true
  parser_extra.conf: |-
    [PARSER]
        Name     docker
        Format   json
        Time_Key time
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: aws-for-fluent-bit
    meta.helm.sh/release-namespace: aws-for-fluent-bit
  creationTimestamp: "2023-05-05T13:39:08Z"

which stops the logs coming in and gets an log message like :

[2023/07/25 13:27:56] [ info] [output:cloudwatch_logs:cloudwatch_logs.0] Creating log stream resque-workers-opensearch-9cc86684d-c86dh.resque-workers-opensearch in log group /aws/eks/fluentbit-cloudwatch/workload/resque-workers-opensearch
[2023/07/25 13:27:56] [error] [http_client] broken connection to logs.eu-west-2.amazonaws.com:443 ?
[2023/07/25 13:27:56] [error] [http_client] broken connection to logs.eu-west-2.amazonaws.com:443 ?
[2023/07/25 13:27:56] [error] [output:cloudwatch_logs:cloudwatch_logs.0] Failed to create log stream
[2023/07/25 13:27:56] [error] [output:cloudwatch_logs:cloudwatch_logs.0] Failed to send events
[2023/07/25 13:27:56] [ warn] [engine] failed to flush chunk '1-1690291675.655229071.flb', retry in 7 seconds: task_id=0, input=tail.0 > output=cloudwatch_logs.0 (out_id=0)
AWS-User-1166501
beantwortet vor 10 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt