Archive

How to monitor a application log path present inside a container in kubernetes?

Engager

Currently I'm using Splunk connect for kubernetes to index console logs. Is there a way to index logs that is present inside without without using a sidecar container?
If sidecar is the only option, is there any documentation on how to implement it?

0 Karma

Splunk Employee
Splunk Employee

Hi!

One option is to define an emptyDir( https://kubernetes.io/docs/concepts/storage/volumes/#emptydir ) for your pod to log to, which you then mount into the logging pod. This allows you to simply update the configMap to add a new file input to fluentd. emptydir logs are usually at /var/lib/kubeleton the node, I believe, so you would add a new tail_in and filters as necessary.

One thing I will say...if you logs dont come out of the container runtime (stdout/stderr) and are very high volume (ie, 4000K+ eps) then I would look at the UF docker image instead, and deploy once UF per node for high volume non docker/containerd logging. While Connect for K8s is better at shaping the data for Splunk, the UF whips it in perf. So depends on what the constraints/requirements are.

Will try and post a blog on this and update here....