-
Notifications
You must be signed in to change notification settings - Fork 329
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to create dynamic index patterns for elasticsearch output #677
Comments
Hm, maybe I missunderstood elasticsearch plugin documentation and just need to try placeholders ( https://github.com/uken/fluent-plugin-elasticsearch#placeholders ) any working examples with logging-operator maybe? |
It works with placeholders, but I have another issue with tag format ( https://github.com/banzaicloud/fluent-plugin-tag-normaliser/issues/2) , anyway closing this, sorry for disturbing. |
For someone who will look for a workaround.
|
Thanks for the hints, I followed pretty much same path as you did and saw the other approach with apiVersion: logging.banzaicloud.io/v1beta1
kind: ClusterFlow
metadata:
name: test
namespace: logging
spec:
filters:
- record_modifier:
records:
- kube_app_name: ${record.dig('kubernetes', 'labels', 'app.kubernetes.io/name') || "unknown"} and apiVersion: logging.banzaicloud.io/v1beta1
kind: ClusterOutput
metadata:
name: test
namespace: logging
spec:
awsElasticsearch:
endpoint:
url: https://test.com
index_name: logs-${$.kubernetes.namespace_name}-${kube_app_name}-%Y.%m.%d
buffer:
tags: tag,time,$.kubernetes.namespace_name,kube_app_name |
Is your feature request related to a problem? Please describe.
I want to forward logs to different indexes in elasticsearch based on namespace/pod name/etc. dynamically
Describe the solution you'd like
It seems that it is possible with another type of elasticsearch output plugin:
@type elasticsearch_dynamic
https://github.com/uken/fluent-plugin-elasticsearch#dynamic-configuration
Describe alternatives you've considered
Did not found any
Additional context
The goal is to have separate indexes per app in order to mitigate index mapping issues when same field has different type in different apps and to have smaller problem scope, ideally only single app with broken json scheme should have issues with log forwarding after developers error etc.
The text was updated successfully, but these errors were encountered: