i wan't to send pod log to ELK, buat after deploying fluentd i get Error, i got from tutorial Official Fluentd documentation
EKS Version 1.22
i put Suppress_Type_Name On, it's not solved this issue
[2022/06/20 16:23:07] [error] [output:es:es.0] HTTP status=400 URI=/_bulk, response:
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [_type]"}],"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [_type]"},"status":400}
my configmap
fluent-bit.conf: |
Flush 1
Log_Level info
Daemon off
Parsers_File parsers.conf
HTTP_Server On
HTTP_Port 2020
@INCLUDE input-kubernetes.conf
@INCLUDE filter-kubernetes.conf
@INCLUDE output-elasticsearch.conf
input-kubernetes.conf: |
Name tail
Tag kube.*
Path /var/log/containers/*.log
Parser docker
DB /var/log/flb_kube.db
Mem_Buf_Limit 5MB
Skip_Long_Lines On
Refresh_Interval 10
filter-kubernetes.conf: |
Name kubernetes
Match kube.*
Kube_URL https://kubernetes.default.svc:443
Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
Kube_Tag_Prefix kube.var.log.containers.
Merge_Log On
Merge_Log_Key log_processed
K8S-Logging.Parser On
K8S-Logging.Exclude Off
output-elasticsearch.conf: |
Name es
Match *
Logstash_Format On
Replace_Dots On
Retry_Limit False
I was able to resolve the issue by these 3 steps,
step 1. You need to update your fluentbit image to latest
image: fluent/fluent-bit:2.1.1
You can get the deployment file from here
step 2: Add "Suppress_Type_Name On" to output-elasticsearch.conf
output-elasticsearch.conf: |
Name es
Match *
Logstash_Format On
Replace_Dots On
Retry_Limit False
Suppress_Type_Name On
Step 3. Delete the fluentbit pods and reapply it
kubectl delete -f fluentbit-ds.yaml
kubectl apply -f fluentbit-ds.yaml