Preparation
Microk8s
snap install microk8s
microk8s enable registry
microk8s enable dnsPopulating the cluster with some workload
Install a fake nginx with random access logs :
apt install docker.io
mkdir -p workspace/other && cd workspace/other
git clone https://github.com/kscarlett/nginx-log-generator
docker build -t localhost:32000/nginx-fake .
docker push localhost:32000/nginx-fakecreate the following manifest :
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: localhost:32000/nginx-fakeand apply it
microk8s kubectl apply -f manifest.yaml
Running elasticsearch
apiVersion: v1
kind: Namespace
metadata:
name: elasticsearch
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
namespace: elasticsearch
spec:
serviceName: "elasticsearch"
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:6.6.1
env:
- name: discovery.type
value: single-node
ports:
- containerPort: 9200
name: client
- containerPort: 9300
name: nodes
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
volumes:
- name: data
hostPath:
path: /opt/es
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
namespace: elasticsearch
labels:
service: elasticsearch
spec:
ports:
- port: 9200
name: client
- port: 9300
name: nodes
selector:
app: elasticsearch
---Running Vector.dev
Installing the binary
curl --proto '=https' --tlsv1.2 -sSf https://sh.vector.dev | bashPreparing for k8s
microk8s kubectl create namespace vector
wget https://raw.githubusercontent.com/vectordotdev/vector/master/distribution/kubernetes/vector-agent/configmap.yaml
wget https://raw.githubusercontent.com/vectordotdev/vector/master/distribution/kubernetes/vector-agent/daemonset.yaml
wget https://raw.githubusercontent.com/vectordotdev/vector/master/distribution/kubernetes/vector-agent/rbac.yaml
wget https://raw.githubusercontent.com/vectordotdev/vector/master/distribution/kubernetes/vector-agent/kustomization.yaml
wget https://raw.githubusercontent.com/vectordotdev/vector/master/distribution/kubernetes/vector-agent/serviceaccount.yamlApplying the configuration :
microk8s kubectl kustomize | microk8s kubectl apply -f -
Then i created a git repo from the current state and commited it. Now i can start playing the configuration language.
See :
- https://vector.dev/docs/reference/configuration/transforms/remap/
- https://vector.dev/docs/reference/vrl/
the fast reload command :
rm configmap.yaml && nano configmap.yaml && microk8s kubectl kustomize | microk8s kubectl apply -f - && microk8s kubectl rollout restart daemonset/vector -n vectorUpdated configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: vector
labels:
app.kubernetes.io/name: vector
app.kubernetes.io/instance: vector
app.kubernetes.io/component: Agent
app.kubernetes.io/version: "0.21.1-distroless-libc"
data:
agent.yaml: |
data_dir: /vector-data-dir
api:
enabled: true
address: 127.0.0.1:8686
playground: false
sources:
kubernetes_logs:
type: kubernetes_logs
host_metrics:
filesystem:
devices:
excludes: [binfmt_misc]
filesystems:
excludes: [binfmt_misc]
mountPoints:
excludes: ["*/proc/sys/fs/binfmt_misc"]
type: host_metrics
internal_metrics:
type: internal_metrics
transforms:
remap_nginx:
type: remap
inputs:
- kubernetes_logs
source: |-
.message
.acces_log_parsed = parse_nginx_log!(.message,"combined")
sinks:
prom_exporter:
type: prometheus_exporter
inputs: [host_metrics, internal_metrics]
address: 0.0.0.0:9090
stdout:
type: console
inputs: [remap_nginx]
encoding:
codec: json
es:
type: elasticsearch
inputs:
- remap_nginx
endpoint: http://elasticsearch.elasticsearch:9200
mode: bulk
, port forward elasticsearch and…
curl localhost:9200/vector-2022.05.12/_search | jq
{
"took": 31,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1346,
"max_score": 1,
"hits": [
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "S0APt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X; en-US) AppleWebKit/534.40.8 (KHTML, like Gecko) Version/5.0.5 Mobile/8B115 Safari/6534.40.8",
"client": "16.131.24.104",
"method": "PATCH",
"path": "/Monitored%20Proactive_array%20superstructure/projection.png",
"protocol": "HTTP/1.1",
"request": "PATCH /Monitored%20Proactive_array%20superstructure/projection.png HTTP/1.1",
"size": 2649,
"status": 200,
"timestamp": "2022-05-12T06:54:06Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "16.131.24.104 - - [12/May/2022:06:54:06 +0000] \"PATCH /Monitored%20Proactive_array%20superstructure/projection.png HTTP/1.1\" 200 2649 \"-\" \"Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X; en-US) AppleWebKit/534.40.8 (KHTML, like Gecko) Version/5.0.5 Mobile/8B115 Safari/6534.40.8\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:06.202300537Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "TEAPt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_8_8 rv:3.0) Gecko/1923-01-06 Firefox/36.0",
"client": "79.122.122.103",
"method": "GET",
"path": "/zero%20administration%20budgetary%20management.gif",
"protocol": "HTTP/1.1",
"request": "GET /zero%20administration%20budgetary%20management.gif HTTP/1.1",
"size": 3081,
"status": 200,
"timestamp": "2022-05-12T06:54:07Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "79.122.122.103 - - [12/May/2022:06:54:07 +0000] \"GET /zero%20administration%20budgetary%20management.gif HTTP/1.1\" 200 3081 \"-\" \"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_8_8 rv:3.0) Gecko/1923-01-06 Firefox/36.0\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:07.200476602Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "TUAPt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (Windows NT 6.1; en-US; rv:1.9.0.20) Gecko/1910-17-09 Firefox/37.0",
"client": "223.60.207.209",
"method": "GET",
"path": "/pricing%20structure/non-volatile_encoding_Configurable/installation.jpg",
"protocol": "HTTP/1.1",
"request": "GET /pricing%20structure/non-volatile_encoding_Configurable/installation.jpg HTTP/1.1",
"size": 1918,
"status": 200,
"timestamp": "2022-05-12T06:54:08Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "223.60.207.209 - - [12/May/2022:06:54:08 +0000] \"GET /pricing%20structure/non-volatile_encoding_Configurable/installation.jpg HTTP/1.1\" 200 1918 \"-\" \"Mozilla/5.0 (Windows NT 6.1; en-US; rv:1.9.0.20) Gecko/1910-17-09 Firefox/37.0\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:08.199850682Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "U0APt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_8_7) AppleWebKit/5331 (KHTML, like Gecko) Chrome/38.0.812.0 Mobile Safari/5331",
"client": "64.71.250.120",
"method": "HEAD",
"path": "/Optimized.png",
"protocol": "HTTP/1.1",
"request": "HEAD /Optimized.png HTTP/1.1",
"size": 2124,
"status": 200,
"timestamp": "2022-05-12T06:54:14Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "64.71.250.120 - - [12/May/2022:06:54:14 +0000] \"HEAD /Optimized.png HTTP/1.1\" 200 2124 \"-\" \"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_8_7) AppleWebKit/5331 (KHTML, like Gecko) Chrome/38.0.812.0 Mobile Safari/5331\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:14.200438293Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "VEAPt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (Windows CE; en-US; rv:1.9.2.20) Gecko/1923-05-05 Firefox/37.0",
"client": "155.178.40.8",
"method": "PUT",
"path": "/Stand-alone/Organic/flexibility.svg",
"protocol": "HTTP/1.1",
"request": "PUT /Stand-alone/Organic/flexibility.svg HTTP/1.1",
"size": 2184,
"status": 200,
"timestamp": "2022-05-12T06:54:15Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "155.178.40.8 - - [12/May/2022:06:54:15 +0000] \"PUT /Stand-alone/Organic/flexibility.svg HTTP/1.1\" 200 2184 \"-\" \"Mozilla/5.0 (Windows CE; en-US; rv:1.9.2.20) Gecko/1923-05-05 Firefox/37.0\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:15.201855954Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "WUAPt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_6_5 rv:4.0) Gecko/2015-13-12 Firefox/36.0",
"client": "83.206.226.175",
"method": "GET",
"path": "/challenge.hmtl",
"protocol": "HTTP/1.1",
"request": "GET /challenge.hmtl HTTP/1.1",
"size": 1617,
"status": 200,
"timestamp": "2022-05-12T06:54:20Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "83.206.226.175 - - [12/May/2022:06:54:20 +0000] \"GET /challenge.hmtl HTTP/1.1\" 200 1617 \"-\" \"Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_6_5 rv:4.0) Gecko/2015-13-12 Firefox/36.0\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:20.200444880Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "XEAPt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/5332 (KHTML, like Gecko) Chrome/36.0.834.0 Mobile Safari/5332",
"client": "99.167.165.7",
"method": "GET",
"path": "/Configurable%20Graphic%20Interface%20Reverse-engineered%20Persevering.svg",
"protocol": "HTTP/1.1",
"request": "GET /Configurable%20Graphic%20Interface%20Reverse-engineered%20Persevering.svg HTTP/1.1",
"size": 1025,
"status": 200,
"timestamp": "2022-05-12T06:54:23Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "99.167.165.7 - - [12/May/2022:06:54:23 +0000] \"GET /Configurable%20Graphic%20Interface%20Reverse-engineered%20Persevering.svg HTTP/1.1\" 200 1025 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/5332 (KHTML, like Gecko) Chrome/36.0.834.0 Mobile Safari/5332\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:23.200055246Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "b0APt4ABXlsH6r_bWmEp",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (X11; Linux i686) AppleWebKit/5311 (KHTML, like Gecko) Chrome/37.0.859.0 Mobile Safari/5311",
"client": "88.149.131.89",
"method": "GET",
"path": "/tangible-transitional_executive.hmtl",
"protocol": "HTTP/1.1",
"request": "GET /tangible-transitional_executive.hmtl HTTP/1.1",
"size": 2886,
"status": 200,
"timestamp": "2022-05-12T06:54:42Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "88.149.131.89 - - [12/May/2022:06:54:42 +0000] \"GET /tangible-transitional_executive.hmtl HTTP/1.1\" 200 2886 \"-\" \"Mozilla/5.0 (X11; Linux i686) AppleWebKit/5311 (KHTML, like Gecko) Chrome/37.0.859.0 Mobile Safari/5311\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:42.200304342Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "cEAPt4ABXlsH6r_bWmEq",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/1942-27-05 Firefox/36.0",
"client": "61.59.242.233",
"method": "POST",
"path": "/user-facing%20interface.php",
"protocol": "HTTP/1.1",
"request": "POST /user-facing%20interface.php HTTP/1.1",
"size": 69,
"status": 302,
"timestamp": "2022-05-12T06:54:43Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "61.59.242.233 - - [12/May/2022:06:54:43 +0000] \"POST /user-facing%20interface.php HTTP/1.1\" 302 69 \"-\" \"Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/1942-27-05 Firefox/36.0\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:43.200570985Z"
}
},
{
"_index": "vector-2022.05.12",
"_type": "_doc",
"_id": "c0APt4ABXlsH6r_bWmEq",
"_score": 1,
"_source": {
"acces_log_parsed": {
"agent": "Mozilla/5.0 (Windows 95) AppleWebKit/5311 (KHTML, like Gecko) Chrome/39.0.884.0 Mobile Safari/5311",
"client": "45.207.120.115",
"method": "GET",
"path": "/focus%20group.gif",
"protocol": "HTTP/1.1",
"request": "GET /focus%20group.gif HTTP/1.1",
"size": 1761,
"status": 200,
"timestamp": "2022-05-12T06:54:46Z"
},
"file": "/var/log/pods/default_nginx-deployment-848f476f95-x6hnx_3fa4f651-7aa2-43a8-beee-5eeaa255611f/nginx/0.log",
"kubernetes": {
"container_id": "containerd://de242d0ea8c16c697733311ea7648eacddab6c6666007d25127b7d706e1bba87",
"container_image": "localhost:32000/nginx-fake",
"container_name": "nginx",
"namespace_labels": {
"kubernetes.io/metadata.name": "default"
},
"pod_annotations": {
"cni.projectcalico.org/podIP": "10.1.141.71/32",
"cni.projectcalico.org/podIPs": "10.1.141.71/32"
},
"pod_ip": "10.1.141.71",
"pod_ips": [
"10.1.141.71"
],
"pod_labels": {
"app": "nginx",
"pod-template-hash": "848f476f95"
},
"pod_name": "nginx-deployment-848f476f95-x6hnx",
"pod_namespace": "default",
"pod_node_name": "kubernetes-example",
"pod_owner": "ReplicaSet/nginx-deployment-848f476f95",
"pod_uid": "3fa4f651-7aa2-43a8-beee-5eeaa255611f"
},
"message": "45.207.120.115 - - [12/May/2022:06:54:46 +0000] \"GET /focus%20group.gif HTTP/1.1\" 200 1761 \"-\" \"Mozilla/5.0 (Windows 95) AppleWebKit/5311 (KHTML, like Gecko) Chrome/39.0.884.0 Mobile Safari/5311\"",
"source_type": "kubernetes_logs",
"stream": "stdout",
"timestamp": "2022-05-12T06:54:46.200092336Z"
}
}
]
}
}tada !