1

I am new to kubernetes and centralized logging. I have installed EFK on my cluster from kubernetes repository and I deleted the flowing code from fluentd-es-ds.yaml file:

nodeSelector:
  beta.kubernetes.io/fluentd-ds-ready: "true"

I installed counter pod that logs at sout but I can't find the logs in kibana. Why did fluend didn't find the logs? Where does kubernetes store the logs?

I must mention that I have my cluster running on centos machines.

EDIT

I have figured out what the problem is. I have systemd on the machines and my logs are written in journald. I found out that all the logs are in "/run/log/journal" on master node. Do you know how I can change this so that logs can be found on every machine where the pods are running? Or if you know a way to get logs from journald using fluentd?

Thanks

Dorin
  • 2,167
  • 4
  • 20
  • 32
  • Did you check https://kubernetes.io/docs/concepts/cluster-administration/logging/ ? – Amrit Sep 01 '18 at 11:01
  • Yes this is the documentation from where I installed counter pod. But I still don't understand where logs for pods are stored and I can't figure out how this works with fluentd. Thanks! – Dorin Sep 01 '18 at 11:41
  • Logs from stdout are captured by the docker daemon, if ur using docker. Fluentd basically use in_tail to read those docker logs and forwards them to elasticsearch if configured. Check out the fluentd-es-config.yaml file to see how fluentd is configured. – Bal Chua Sep 01 '18 at 22:27
  • And where are docker logs stored? I didn't find anything in "/var/log" or "/var/lib/docker". I don't know where to search for logs. – Dorin Sep 02 '18 at 06:36

0 Answers0