search
YouPrep documentationHelp centerGet a demo

๐Ÿ“„Logs

Most logs are parsable so you can use Filebeat, Fluentd, Vector, etc. to process them.

If you wish to read the logs "as-is", you can use kubectl logs -f.

Example:

shell
# kubectl logs -n <namespace> <pod> <container>
kubectl logs -n toucan toucan-stack-laputa-0 laputa

We do not provide any log aggregation service in the Helm Charts, because you should be able to fetch all the logs from Kubernetes directly, or by setting up your own sidecar container.

hashtag
Method 1: Fetch logs from Kubernetes directly

yaml: vector.yaml
api:
  address: 0.0.0.0:8686
  enabled: false
  playground: true
data_dir: /vector-data-dir
sources:
  # Fetch logs from all containers
  k8s:
    type: kubernetes_logs
transforms:
  # Convert to json, if possible
  parser:
    inputs:
    - k8s
    source: |
      structured, err = parse_json(.message)
      if err == null {
        . = merge!(., structured)
      }
    type: remap
sinks:
   # Forward to elasticsearch
  elasticsearch:
    api_version: v8
    compression: gzip
    endpoints: ["http://elasticsearch:9200"]
    healthcheck:
      enabled: false
    inputs:
    - parser
    mode: bulk
    request:
      headers:
        AccountID: "0"
        ProjectID: "0"
        VL-Msg-Field: message,msg,_msg,log.msg,log.message,log
        VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace
        VL-Time-Field: timestamp
    type: elasticsearch

hashtag
Methode 2: Fetch logs using a sidecar container

However, if you want to use a sidecar container to process logs, you can use the sidecars parameter in the Helm Charts.

Last updated

Was this helpful?