0
results in no limit, and the buffer will expand as-needed. Note that if pod specifications exceed the buffer limit, the API response will be discarded when retrieving metadata, and some kubernetes metadata will fail to be injected to the logs.log
field content is a JSON string map, if so, it append the map fields as part of the log structure.Merge_Log
is enabled, the filter tries to assume the log
field from the incoming message is a JSON string message and make a structured representation of it at the same level of the log
field in the map. Now if Merge_Log_Key
is set (a string name), all the new structured fields taken from the original log
content are inserted under the new key.Merge_Log
is enabled, trim (remove possible \n or \r) field values.Keep_Log
is disabled, the log
field is removed from the incoming message once it has been successfully merged (Merge_Log
must be enabled as well).Since Fluent Bit v1.2 we are not suggesting the use of decoders (Decode_Field_As) if you are using Elasticsearch database in the output to avoid data type conflicts.
note that slashes are replaced with dots.
If you have large pod specifications (can be caused by large numbers of environment variables, etc.), be sure to increase theBuffer_Size
parameter of the kubernetes filter. If object sizes exceed this buffer, some metadata will fail to be injected to the logs.
the transformation above do not modify the original Tag, just creates a new representation for the filter to perform metadata lookup.
nodes/proxy
to get HTTP request in. When creating the role
or clusterRole
, you need to add nodes/proxy
into the rule for resource.Use_Kubelet
to true to enable this feature.hostNetwork
to true
and dnsPolicy
to ClusterFirstWithHostNet
that fluent bit DaemonSet could call Kubelet locally. Otherwise it could not resolve the dns for kubelet.fluentbit-system
with the namespace where your fluentbit is installed)yes
.Azure does not have opinion for this user
. Then the following subject
may need to be included in the fluentbit
ClusterRoleBinding
:subjects
array:ipv6
to on
.https://kubernetes.default.svc:443
. Ensure that you have connectivity to this endpoint from within the cluster and that there are no special permission interfering with the connection.Pod
objects this refresh to the Kubernetes API server can be skipped, causing metadata to be skipped.