N Masahiro, profile picture
Uploaded byN Masahiro
1,337 views

Fluentd Project Intro at Kubecon 2019 EU

Fluentd is a streaming data collector that can unify logging and metrics collection. It collects data from sources using input plugins, processes and filters the data, and outputs it to destinations using output plugins. It is commonly used for container logging, collecting logs from files or Docker and adding metadata before outputting to Elasticsearch or other targets. Fluentbit is a lightweight version of Fluentd that is better suited for edge collection and forwarding logs to a Fluentd instance for aggregation.

Embed presentation

Downloaded 24 times
Fluentd Project Intro Masahiro Nakagawa
 Senior Software Engineer    CNCon / KubeCon EU Barcelona 2019
Fluentd Overview
• Streaming data collector for unified logging • Core + Plugins • RubyGems based various plugins • Follow Ruby’s standard way • Several setup ways • https://docs.fluentd.org/installation • Latest version: v1.5.0 • Logging part in CNCF and Graduated at 2019 What’s Fluentd
Streaming way with Fluentd Log Server Application Server A File FileFile Application Server C File FileFile Application Server B File FileFile Low latency! Seconds or minutes Easy to analyze!! Parsed and formatted
LOG Unified logging layer M + N
Fluentd Architecture
• Buffering & Retrying • Error handling • Event routing • Parallelism
 • Helper for plugins Design Core Plugins • Read / receive data • Parse data • Filter / enrich data • Buffer data • Format data • Write / send data
• Nano-second unit • from logs Event structure Time Record • JSON object,
 not raw string Tag • for event routing • Identify data source { “str_field”:”hey”, “num_field”: 100, “bool_field”: true, “array_field”: [“elem1”, “elem2”]
 }
Data pipeline (simplified) Plugin Input Filter Buffer Output Plugin Plugin Plugin 2018-05-01 15:15:15 myapp.buy Time Tag Record { “user”:”me”, “path”: “/buyItem”, “price”: 150, “referer”: “/landing”
 }
Architecture: Input Plugins HTTP+JSON (in_http) Local files (in_tail) Syslog (in_syslog) … Receive or pull logs from data sources Emit logs to data pipeline
 Parse incoming logs for
 structured logging Plugin Input
Filter Architecture: Filter Plugins Transform logs Filter out unnecessary logs Enrich logs Plugin Modify logs (record_transformer) Filter out logs (grep) Parse field (parser) …
Buffer Architecture: Buffer Plugins Plugin Improve performance Provide reliability Provide thread-safety Memory (buf_memory) File (buf_file)
Buffer Architecture: Buffer Plugins Chunk Plugin Input Output Chunk Chunk Improve performance Provide reliability Provide thread-safety
Architecture: Output Plugins Output Write or send event logs Plugin Local File (out_file) Amazon S3 (out_s3) Forward to other fluentd (out_forward) … Sync or Async
Retry Error Retry Batch Stream Error Retry Retry Divide & Conquer for retry Secondary
3rd party input plugins dstat df AMQL munin SQL
3rd party output plugins Graphite
Use-cases with Configuration Example
Simple forwarding
# logs from a file <source> @type tail path /var/log/httpd.log pos_file /tmp/pos_file <parse> @type apache2 </parse> tag app.apache </source> # logs from client libraries <source> @type forward port 24224 </source> # store logs to MongoDB <match app.**> @type mongo database fluent collection logs <buffer tag> @type file path /tmp/fluentd/buffer flush_interval 30s </buffer> </match>
All data Multiple destinations Hot data
# logs from a file <source> @type tail path /var/log/httpd.log pos_file /tmp/pos_file <parse> @type apache2 </parse> tag app.access </source> # logs from client libraries <source> @type forward port 24224 </source> # store logs to ES and HDFS <match app.**> @type copy <store> @type elasticsearch logstash_format true </store> <store> @type webhdfs host namenode port 50070 path /path/on/hdfs/ </store> </match>
Multi-tier Forwarding - At-most-once / At-least-once
 - HA (failover) - Load-balancing - keepalive forwarders aggregators https://www.slideshare.net/repeatedly/fluentd-and-distributed-logging-at-kubecon
Container and Kubernetes
Container Logging
• Docker : fluentd-docker-image • Alpine / Debian images • x86, Arm, PowerPC, etc support by Docker official • Kubernetes : fluentd-kubernetes-daemonset • Debian images • Some built-in destinations, ES, kafka, graylog, etc… • Helm chart • https://github.com/helm/charts/tree/master/stable/fluentd Resources
Docker logging with --log-driver=fluentd Server Container App FluentdSTDOUT / STDERR docker run --log-driver=fluentd 
 --log-opt fluentd-address=localhost:24224 { “container_id”: “ad6d5d32576a”, “container_name”: “myapp”, “source”: stdout } <source> @type forward </source>
Data collection with fluent-logger Server Container App Fluentd from fluent import sender from fluent import event sender.setup('app.events', host='localhost') event.Event('purchase', { 'user_id': 21, 'item_id': 321, 'value': '1' }) tag = app.events.purchase { “user_id”: 21, “item_id”: 321 “value”: 1, } fluent-logger library <source> @type forward </source>
Shared data volume and tailing Server Container App Fluentd <source> @type tail path /mnt/*/access.log pos_file /var/log/fluentd/access.log.pos <parse> @type nginx </parse> tag nginx.access </source> /mnt/nginx/logs
Kubernetes Daemonset Node Pod App Fluentd <source> @type tail path /var/log/containers/*.log pos_file /var/log/fluentd/access.log.pos <parse> @type json </parse> tag kubernetes.* </source> /var/log/containers
Kubernetes Daemonset & metadata Node Pod App Fluentd /var/log/containers <filter kubernetes.*> @type kubernetes_metadata_filter </filter> API { "log": "hellon", "stream": "stdout", "time": "2018-12-11T12:00:00.601357200Z" } { "log": "hellon", "kubernetes": { "namespace_name": "default", "container_name": "test-app-container", "namespace_labels": {
 "product_version": "v1.0.0" } … }
Container Logging approach summary • Collect log messages with docker • --log-driver=fluentd • Application data/metrics • fluent-logger • Access logs, logs from middleware • Shared data volume with in_tail • Kubernetes Daemonset • Collect container logs from /var/log/containers/* • Add kubernetes metadata to logs
Fluent-bit
Fluentd and Fluent-bit Fluentd Fluent-bit Implementation Ruby + C C Focus Flexibility and Robustness Performance and footprint Design Pluggable Pluggable Target Forwarder / Aggregator Forwarder / Edge Forward logs from fluent-bit to fluentd is popular pattern
Container Logging with fluent-bit
Enjoy logging

More Related Content

PDF
Fluentd and Distributed Logging at Kubecon
byN Masahiro
 
PDF
Fluentd 101
bySATOSHI TAGOMORI
 
PDF
The Patterns of Distributed Logging and Containers
bySATOSHI TAGOMORI
 
PPTX
FluentD for end to end monitoring
byPhil Wilkins
 
PDF
Fluentd v1.0 in a nutshell
byN Masahiro
 
PDF
Docker and Fluentd (revised)
bySATOSHI TAGOMORI
 
PDF
Fluentd v1 and future at techtalk
byN Masahiro
 
PDF
The basics of fluentd
byTreasure Data, Inc.
 
Fluentd and Distributed Logging at Kubecon
byN Masahiro
 
Fluentd 101
bySATOSHI TAGOMORI
 
The Patterns of Distributed Logging and Containers
bySATOSHI TAGOMORI
 
FluentD for end to end monitoring
byPhil Wilkins
 
Fluentd v1.0 in a nutshell
byN Masahiro
 
Docker and Fluentd (revised)
bySATOSHI TAGOMORI
 
Fluentd v1 and future at techtalk
byN Masahiro
 
The basics of fluentd
byTreasure Data, Inc.
 

What's hot

PDF
Fluent-bit
byeventdotsjp
 
PDF
Docker and Fluentd
byN Masahiro
 
PPTX
Life of an Fluentd event
byKiyoto Tamura
 
PDF
Collect distributed application logging using fluentd (EFK stack)
byMarco Pas
 
PDF
How to create Treasure Data #dotsbigdata
byN Masahiro
 
PDF
Fluent Bit: Log Forwarding at Scale
byEduardo Silva Pereira
 
PDF
fluent-plugin-beats at Elasticsearch meetup #14
byN Masahiro
 
PDF
Fluentd and AWS at classmethod
byTreasure Data, Inc.
 
PDF
Containers and Logging
byEduardo Silva Pereira
 
PDF
Fluentd v1 and Roadmap
byTreasure Data, Inc.
 
PDF
Logging for Containers
byEduardo Silva Pereira
 
PPT
'Scalable Logging and Analytics with LogStash'
byCloud Elements
 
PDF
Fluentd and Docker - running fluentd within a docker container
byTreasure Data, Inc.
 
PDF
Fluent Bit
byEduardo Silva Pereira
 
PDF
Cloud Native Logging / Fluentd Summit Tokyo
byEduardo Silva Pereira
 
PDF
Fluentd - Flexible, Stable, Scalable
byShu Ting Tseng
 
PDF
Fluentd: Unified Logging Layer at CWT2014
byN Masahiro
 
PDF
Fluentd Intro for OpenShift Commons Briefing
byEduardo Silva Pereira
 
PDF
Log forwarding at Scale
byEduardo Silva Pereira
 
PDF
Elk devops
byIdeato
 
Fluent-bit
byeventdotsjp
 
Docker and Fluentd
byN Masahiro
 
Life of an Fluentd event
byKiyoto Tamura
 
Collect distributed application logging using fluentd (EFK stack)
byMarco Pas
 
How to create Treasure Data #dotsbigdata
byN Masahiro
 
Fluent Bit: Log Forwarding at Scale
byEduardo Silva Pereira
 
fluent-plugin-beats at Elasticsearch meetup #14
byN Masahiro
 
Fluentd and AWS at classmethod
byTreasure Data, Inc.
 
Containers and Logging
byEduardo Silva Pereira
 
Fluentd v1 and Roadmap
byTreasure Data, Inc.
 
Logging for Containers
byEduardo Silva Pereira
 
'Scalable Logging and Analytics with LogStash'
byCloud Elements
 
Fluentd and Docker - running fluentd within a docker container
byTreasure Data, Inc.
 
Fluent Bit
byEduardo Silva Pereira
 
Cloud Native Logging / Fluentd Summit Tokyo
byEduardo Silva Pereira
 
Fluentd - Flexible, Stable, Scalable
byShu Ting Tseng
 
Fluentd: Unified Logging Layer at CWT2014
byN Masahiro
 
Fluentd Intro for OpenShift Commons Briefing
byEduardo Silva Pereira
 
Log forwarding at Scale
byEduardo Silva Pereira
 
Elk devops
byIdeato
 

Similar to Fluentd Project Intro at Kubecon 2019 EU

PDF
Fluentd Overview, Now and Then
bySATOSHI TAGOMORI
 
PDF
Fluentd - CNCF Paris
byHorgix
 
PDF
Fluentd meetup
bySadayuki Furuhashi
 
PDF
Fluentd and docker monitoring
byVinay Krishna
 
PDF
Fluentd and Docker - running fluentd within a docker container
byTreasure Data, Inc.
 
PDF
Fluentd Unified Logging Layer At Fossasia
byN Masahiro
 
PDF
Unifying Events and Logs into the Cloud
byEduardo Silva Pereira
 
PDF
Unifying Events and Logs into the Cloud
byTreasure Data, Inc.
 
PDF
Fluentd - RubyKansai 65
byN Masahiro
 
PDF
Logging in Action: With Fluentd, Kubernetes and more 1st Edition Phil Wilkins
byroarxhaarexg
 
PDF
Fluentd meetup logging infrastructure in paa s
byRakuten Group, Inc.
 
PPTX
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
byData Con LA
 
PDF
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
byLee Myring
 
PDF
Fluentd and Embulk Game Server 4
byN Masahiro
 
PPTX
Building a Unified Logging Layer with Fluentd, Elasticsearch and Kibana
byMushfekur Rahman
 
PDF
How to collect Big Data into Hadoop
bySadayuki Furuhashi
 
PPTX
CSE3069 - FLUENTD real time analytics.pptx
bydummyuseage1
 
PDF
Centralized + Unified Logging
byGabor Kozma
 
PDF
Fluentd meetup in japan
byTreasure Data, Inc.
 
PDF
Fluentd v0.12 master guide
byN Masahiro
 
Fluentd Overview, Now and Then
bySATOSHI TAGOMORI
 
Fluentd - CNCF Paris
byHorgix
 
Fluentd meetup
bySadayuki Furuhashi
 
Fluentd and docker monitoring
byVinay Krishna
 
Fluentd and Docker - running fluentd within a docker container
byTreasure Data, Inc.
 
Fluentd Unified Logging Layer At Fossasia
byN Masahiro
 
Unifying Events and Logs into the Cloud
byEduardo Silva Pereira
 
Unifying Events and Logs into the Cloud
byTreasure Data, Inc.
 
Fluentd - RubyKansai 65
byN Masahiro
 
Logging in Action: With Fluentd, Kubernetes and more 1st Edition Phil Wilkins
byroarxhaarexg
 
Fluentd meetup logging infrastructure in paa s
byRakuten Group, Inc.
 
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
byData Con LA
 
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
byLee Myring
 
Fluentd and Embulk Game Server 4
byN Masahiro
 
Building a Unified Logging Layer with Fluentd, Elasticsearch and Kibana
byMushfekur Rahman
 
How to collect Big Data into Hadoop
bySadayuki Furuhashi
 
CSE3069 - FLUENTD real time analytics.pptx
bydummyuseage1
 
Centralized + Unified Logging
byGabor Kozma
 
Fluentd meetup in japan
byTreasure Data, Inc.
 
Fluentd v0.12 master guide
byN Masahiro
 

More from N Masahiro

PDF
Fluentd v1.0 in a nutshell
byN Masahiro
 
PDF
Presto changes
byN Masahiro
 
PDF
Fluentd at HKOScon
byN Masahiro
 
PDF
Fluentd v0.14 Overview
byN Masahiro
 
PDF
Fluentd and Kafka
byN Masahiro
 
PDF
Dive into Fluentd plugin v0.12
byN Masahiro
 
PDF
Technologies for Data Analytics Platform
byN Masahiro
 
PDF
Treasure Data and AWS - Developers.io 2015
byN Masahiro
 
PDF
Treasure Data and OSS
byN Masahiro
 
PDF
Fluentd - road to v1 -
byN Masahiro
 
PDF
SQL for Everything at CWT2014
byN Masahiro
 
PDF
Can you say the same words even in oss
byN Masahiro
 
PDF
I am learing the programming
byN Masahiro
 
PDF
Fluentd meetup dive into fluent plugin (outdated)
byN Masahiro
 
PDF
D vs OWKN Language at LLnagoya
byN Masahiro
 
PDF
Goodbye Doost
byN Masahiro
 
KEY
Final presentation at pfintern
byN Masahiro
 
ZIP
Kernel VM 5 LT
byN Masahiro
 
ZIP
D言語のコミッタになる一つの方法
byN Masahiro
 
Fluentd v1.0 in a nutshell
byN Masahiro
 
Presto changes
byN Masahiro
 
Fluentd at HKOScon
byN Masahiro
 
Fluentd v0.14 Overview
byN Masahiro
 
Fluentd and Kafka
byN Masahiro
 
Dive into Fluentd plugin v0.12
byN Masahiro
 
Technologies for Data Analytics Platform
byN Masahiro
 
Treasure Data and AWS - Developers.io 2015
byN Masahiro
 
Treasure Data and OSS
byN Masahiro
 
Fluentd - road to v1 -
byN Masahiro
 
SQL for Everything at CWT2014
byN Masahiro
 
Can you say the same words even in oss
byN Masahiro
 
I am learing the programming
byN Masahiro
 
Fluentd meetup dive into fluent plugin (outdated)
byN Masahiro
 
D vs OWKN Language at LLnagoya
byN Masahiro
 
Goodbye Doost
byN Masahiro
 
Final presentation at pfintern
byN Masahiro
 
Kernel VM 5 LT
byN Masahiro
 
D言語のコミッタになる一つの方法
byN Masahiro
 

Recently uploaded

PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
AI Technology important knowledge ......
byutkarshj2007
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
The year in review - MarvelClient in 2025
bypanagenda
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 

Fluentd Project Intro at Kubecon 2019 EU

  • 1.
    Fluentd Project Intro MasahiroNakagawa
 Senior Software Engineer    CNCon / KubeCon EU Barcelona 2019
  • 2.
  • 3.
    • Streaming datacollector for unified logging • Core + Plugins • RubyGems based various plugins • Follow Ruby’s standard way • Several setup ways • https://docs.fluentd.org/installation • Latest version: v1.5.0 • Logging part in CNCF and Graduated at 2019 What’s Fluentd
  • 4.
    Streaming way withFluentd Log Server Application Server A File FileFile Application Server C File FileFile Application Server B File FileFile Low latency! Seconds or minutes Easy to analyze!! Parsed and formatted
  • 5.
  • 6.
  • 7.
    • Buffering &Retrying • Error handling • Event routing • Parallelism
 • Helper for plugins Design Core Plugins • Read / receive data • Parse data • Filter / enrich data • Buffer data • Format data • Write / send data
  • 8.
    • Nano-second unit •from logs Event structure Time Record • JSON object,
 not raw string Tag • for event routing • Identify data source { “str_field”:”hey”, “num_field”: 100, “bool_field”: true, “array_field”: [“elem1”, “elem2”]
 }
  • 9.
    Data pipeline (simplified) Plugin InputFilter Buffer Output Plugin Plugin Plugin 2018-05-01 15:15:15 myapp.buy Time Tag Record { “user”:”me”, “path”: “/buyItem”, “price”: 150, “referer”: “/landing”
 }
  • 10.
    Architecture: Input Plugins HTTP+JSON(in_http) Local files (in_tail) Syslog (in_syslog) … Receive or pull logs from data sources Emit logs to data pipeline
 Parse incoming logs for
 structured logging Plugin Input
  • 11.
    Filter Architecture: Filter Plugins Transformlogs Filter out unnecessary logs Enrich logs Plugin Modify logs (record_transformer) Filter out logs (grep) Parse field (parser) …
  • 12.
    Buffer Architecture: Buffer Plugins Plugin Improveperformance Provide reliability Provide thread-safety Memory (buf_memory) File (buf_file)
  • 13.
    Buffer Architecture: Buffer Plugins Chunk Plugin Input Output Chunk Chunk Improveperformance Provide reliability Provide thread-safety
  • 14.
    Architecture: Output Plugins Output Writeor send event logs Plugin Local File (out_file) Amazon S3 (out_s3) Forward to other fluentd (out_forward) … Sync or Async
  • 15.
  • 16.
    3rd party inputplugins dstat df AMQL munin SQL
  • 17.
    3rd party outputplugins Graphite
  • 18.
  • 19.
  • 20.
    # logs froma file <source> @type tail path /var/log/httpd.log pos_file /tmp/pos_file <parse> @type apache2 </parse> tag app.apache </source> # logs from client libraries <source> @type forward port 24224 </source> # store logs to MongoDB <match app.**> @type mongo database fluent collection logs <buffer tag> @type file path /tmp/fluentd/buffer flush_interval 30s </buffer> </match>
  • 21.
  • 22.
    # logs froma file <source> @type tail path /var/log/httpd.log pos_file /tmp/pos_file <parse> @type apache2 </parse> tag app.access </source> # logs from client libraries <source> @type forward port 24224 </source> # store logs to ES and HDFS <match app.**> @type copy <store> @type elasticsearch logstash_format true </store> <store> @type webhdfs host namenode port 50070 path /path/on/hdfs/ </store> </match>
  • 23.
    Multi-tier Forwarding - At-most-once/ At-least-once
 - HA (failover) - Load-balancing - keepalive forwarders aggregators https://www.slideshare.net/repeatedly/fluentd-and-distributed-logging-at-kubecon
  • 24.
  • 25.
  • 26.
    • Docker :fluentd-docker-image • Alpine / Debian images • x86, Arm, PowerPC, etc support by Docker official • Kubernetes : fluentd-kubernetes-daemonset • Debian images • Some built-in destinations, ES, kafka, graylog, etc… • Helm chart • https://github.com/helm/charts/tree/master/stable/fluentd Resources
  • 27.
    Docker logging with--log-driver=fluentd Server Container App FluentdSTDOUT / STDERR docker run --log-driver=fluentd 
 --log-opt fluentd-address=localhost:24224 { “container_id”: “ad6d5d32576a”, “container_name”: “myapp”, “source”: stdout } <source> @type forward </source>
  • 28.
    Data collection withfluent-logger Server Container App Fluentd from fluent import sender from fluent import event sender.setup('app.events', host='localhost') event.Event('purchase', { 'user_id': 21, 'item_id': 321, 'value': '1' }) tag = app.events.purchase { “user_id”: 21, “item_id”: 321 “value”: 1, } fluent-logger library <source> @type forward </source>
  • 29.
    Shared data volumeand tailing Server Container App Fluentd <source> @type tail path /mnt/*/access.log pos_file /var/log/fluentd/access.log.pos <parse> @type nginx </parse> tag nginx.access </source> /mnt/nginx/logs
  • 30.
    Kubernetes Daemonset Node Pod App Fluentd <source> @type tail path/var/log/containers/*.log pos_file /var/log/fluentd/access.log.pos <parse> @type json </parse> tag kubernetes.* </source> /var/log/containers
  • 31.
    Kubernetes Daemonset &metadata Node Pod App Fluentd /var/log/containers <filter kubernetes.*> @type kubernetes_metadata_filter </filter> API { "log": "hellon", "stream": "stdout", "time": "2018-12-11T12:00:00.601357200Z" } { "log": "hellon", "kubernetes": { "namespace_name": "default", "container_name": "test-app-container", "namespace_labels": {
 "product_version": "v1.0.0" } … }
  • 32.
    Container Logging approachsummary • Collect log messages with docker • --log-driver=fluentd • Application data/metrics • fluent-logger • Access logs, logs from middleware • Shared data volume with in_tail • Kubernetes Daemonset • Collect container logs from /var/log/containers/* • Add kubernetes metadata to logs
  • 33.
  • 34.
    Fluentd and Fluent-bit FluentdFluent-bit Implementation Ruby + C C Focus Flexibility and Robustness Performance and footprint Design Pluggable Pluggable Target Forwarder / Aggregator Forwarder / Edge Forward logs from fluent-bit to fluentd is popular pattern
  • 35.
  • 36.