Configuration sample
Kubernetes fields added by the kubernetes processor
kubernetes.pod.name type: keyword kubernetes.pod.uid type: keyword kubernetes.pod.ip type: ip kubernetes.namespace type: keyword kubernetes.node.name type: keyword kubernetes.node.hostname (Kubernetes hostname as reported by the node’s kernel) type: keyword kubernetes.labels.* (Kubernetes labels map) type: object kubernetes.annotations.* (Kubernetes annotations map) type: object kubernetes.selectors.* (Kubernetes selectors map) type: object kubernetes.replicaset.name type: keyword kubernetes.deployment.name type: keyword kubernetes.statefulset.name type: keyword kubernetes.container.name (Kubernetes container name, different than the name from the runtime) type: keyword kubernetes.container.image (Kubernetes container image) type: alias (alias to: container.image.name) |
Sample :
"kubernetes" : { "labels" : { "jarVersion" : "1.0.0-SNAPSHOT", "pod-template-hash" : "b467448c7", "app" : "spring-boot-docker-kubernetes-example-sboot", "commitSha" : "123456", "dateTime" : "1626719691" }, "container" : { "image" : "registry.david.org:444/spring-boot-docker-kubernetes-example-sboot:1.0", "name" : "spring-boot-docker-kubernetes-example-sboot" }, "node" : { "name" : "david-virtual-machine", "uid" : "6f651a85-e4df-4db4-a93e-f44eeea35aea", "labels" : { "beta_kubernetes_io/arch" : "amd64", "beta_kubernetes_io/os" : "linux", "elk-tag" : "true", "kubernetes_io/arch" : "amd64", "kubernetes_io/hostname" : "david-virtual-machine", "kubernetes_io/os" : "linux", "node-role_kubernetes_io/master" : "", "redis-data" : "true" }, "hostname" : "david-virtual-machine" }, "namespace_uid" : "e6d50a8d-9d6c-4f6f-b096-484f0220699c", "pod" : { "name" : "spring-boot-docker-kubernetes-example-sboot-b467448c7-t5fqg", "uid" : "0e692f6f-c545-4428-9e2d-b3881a26ea90" }, "namespace" : "my-apps", "replicaset" : { "name" : "spring-boot-docker-kubernetes-example-sboot-b467448c7" } }, "log" : { "file" : { "path" : "/var/log/containers/spring-boot-docker-kubernetes-example-sboot-b467448c7-t5fqg_my-apps_spring-boot-docker-kubernetes-example-sboot-7ae77deddfd05b37082c7e2547045687c7a01a01faad3cd114a03e3d7eb856bf.log" }, "offset" : 5390 } }, "sort" : [ 1626719798395 ] }, |
Elastic query
Elastic search Query to find message logs of containers by kubernetes.container.name (generic way to sort containers since it strips the pod id and the image version part) :
curl -k -u elastic:elastic-password "https://localhost:9200/filebeat-2021.07.19-000001/_search?q=kubernetes.container.name:spring-boot-docker-kubernetes-example-sboot&_source=message&pretty&size=1000" | grep message