How to send ECS container logs to Grafana Loki using Fluent Bit on Fargate?

Question

I am trying to send logs from my AWS ECS containers (running on Fargate) to a Loki server so I can visualize them in Grafana. I have a sidecar container running Fluent Bit, and my application container uses the awsfirelens log driver with the forward protocol. 
What are the recommended steps and best practices to get ECS container logs into Loki using Fluent Bit and FireLens?
Thank you!

re:Post Agent · Answer

To send ECS container logs to Grafana Loki using Fluent Bit on Fargate with FireLens, follow these steps:

1. **Set up a task definition with FireLens**:
- Include a log router container with Fluent Bit
- Add your application container with the `awsfirelens` log driver

2. **Configure the log router container**:
- Use the AWS for Fluent Bit image (e.g., `aws-for-fluent-bit:stable`)
- Set up a FireLens configuration in the container definition

3. **Create a custom Fluent Bit configuration file** that includes:
- The standard service and input sections
- Filters to process your logs
- An output section configured for Loki

4. **Specify the custom configuration** in your FireLens setup:
- Use `config-file-type` set to either `s3` or `file`
- Set `config-file-value` to the location of your configuration file

5. **Configure your application container**:
- Use the `awsfirelens` log driver
- Set `log-driver-options` to specify how logs should be processed

6. **Set up proper IAM permissions**:
- Ensure your task has the necessary IAM role to access any AWS services
- Add permissions for your Fluent Bit container to access Loki

7. **Configure Loki output in Fluent Bit**:
- Add an OUTPUT section in your Fluent Bit configuration:
```
[OUTPUT]
Name            loki
Match           your_application_logs_tag
Host            your-loki-server
Port            3100
Labels          job=ecs,task_definition=${ecs_task_definition_family},task_id=${ecs_task_arn}
```

Remember that FireLens automatically adds metadata to your logs (like cluster name, task ARN, etc.), which can be useful for filtering in Grafana. If you don't want this metadata, you can disable it by setting `enable-ecs-log-metadata` to `false`.

By default, FireLens ensures the log router container starts before your application containers and stops after them, which helps prevent log loss.

For high-throughput applications, consider tuning the buffer settings in your Fluent Bit configuration to handle the log volume efficiently.  
**Sources**  
[Using custom log routing with FireLens for Amazon ECS - AWS Prescriptive Guidance](https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/firelens-custom-log-routing.html)  
[Example Amazon ECS task definition: Route logs to FireLens - Amazon Elastic Container Service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/firelens-taskdef.html)  
[Send Amazon ECS logs to an AWS service or AWS Partner - Amazon Elastic Container Service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html)  
[Amazon ECS container logs for EC2 and Fargate launch types - AWS Prescriptive Guidance](https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/ec2-fargate-logs.html)

How to send ECS container logs to Grafana Loki using Fluent Bit on Fargate?

Add your answer

Relevant content