Include logs from specific namespace only

[Balaji Rangarajan]

Hello folks : 

I am using Fluent-bit in AWS EKS1.16 to capture console logs and ship to splunk HEC.  I want to restrict fluent-bit to capture logs only from specific namespaces (say dev and perf). How should i do that.. do we have an example for that?

Regards

Balaji

[Eduardo Silva]

the namespace usually comes in the "file name" of the log you are reading, so you can add an "exclude_path" option to your input section that reads the logs:

https://docs.fluentbit.io/manual/pipeline/inputs/tail#config

--
You received this message because you are subscribed to the Google Groups "Fluent Bit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluent-bit+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fluent-bit/f15988df-11ca-4266-b201-57a024a8e6c0n%40googlegroups.com.

--

Eduardo Silva

Calyptia Inc.

https://fluentbit.io

https://twitter.com/edsiper

[Balaji Rangarajan]

Hi Eduardo - 

In FluentBit 1.3, Is the attribute name is exclude_path or Exclude_Path to configure in order to ignore logs from spec namespace.

https://docs.fluentbit.io/manual/v/1.3/input/tail#config 

Regards

Balaji

[Balaji Rangarajan]

Hi Eduardo 

My configuration is below.. I still see the logs from kube-system namespace on the output location though its added to Exclude_Path

Am i missing something here.

[INPUT]

Name tail

Tag kube.*

Exclude_Path /var/log/containers/*_kube-system_*,/var/log/containers/*_keda_*,/var/log/containers/*_amazon-cloudwatch_*

Path /var/log/containers/*.log

Parser docker

DB /var/log/flb_kube.db

Mem_Buf_Limit 10MB

Skip_Long_Lines On

Refresh_Interval 10

Docker_Mode On

Docker_Mode_Flush 4