Skip to content
share

Logagent output filter for Kubernetes log enrichment

Output Filter: kubernetes-enrichment

Output filter plugin to add metadata such as Kubernetes pod information to container logs or route logs to different destinations by setting pod annotations.

Features:

  • Attach Kuberntes meta data (namespace, UUID, pod name, container name in pod, image name)
  • Evaluates pod annotations for Sematext Cloud:
  • sematext.com/logs-token=YOUR_LOGS_TOKEN to set the log index
  • sematext.com/logs-enabled=<true|false> to switch logging per pod on or off
  • sematext.com/logs-receiver-url=https://logsene-receiver.sematext.com/token set Elasticsearch API endpoint for log ingestion
  • sematext.com/logs-remove-fields=<field list> to remove specific log fields from pod logs

Applications:

  • Log routing based on Kubernetes annotations
  • Use Kubernetes API to get correct Kubernetes metadata

Configuration

input:
  docker:
    module: docker-logs
    socket: /var/run/docker.sock
    labelFilter: com.docker.*,io.kubernetes.*,annotation.*

outputFilter: 
  dockerEnrichment:
    module: docker-enrichment 
    autodetectSeverity: true
  k8sEnrichment:
    module: kubernetes-enrichment

output:
    sematext:
      module: elasticsearch
      url: https://logsene-receiver.sematext.com
      index: YOUR_LOGS_TOKEN

Start Logagent

logagent --config k8s.yaml

Kubernetes enrichment plugin is supported with CLI without any configuration file: 

logagent --k8sEnrichment --docker /var/run/docker.sock --yaml