Skip to main content
Sumo Logic

Collect Logs and Metrics for the Kubernetes App

This page has instructions for collecting logs and metrics for the Sumo App for Kubernetes.  FluentBit and FluentD. Prometheus collects metrics data for Sumo Logic.

Prerequisite

Set the following fields in the Sumo Logic UI prior to configuring collection. This ensures that your logs are tagged with relevant metadata, which is required by the app dashboards and Explore.

  • cluster
  • container 
  • deployment 
  • host
  • namespace
  • node
  • pod
  • service

For information on setting up fields, see the Fields help page.

Collecting metrics and logs for Kubernetes

This section provides instructions for a Helm based collection set  up for both metrics and logs and a non-Helm based collection set up.

Helm collection set up

This procedure shows you how set up metric and log collection for Kubernetes using Helm.

To collect metrics and logs using Helm, follow the steps as described on this page.

Non-Helm collection set up

This procedure has instructions for setting up metric and collection with FluentD, FluentBit, and Prometheus.

To collect metrics and logs using FluentD, FulentBit, and Prometheus, do the following:

  1. Configure metric collection in the following way:
    1. Deploy FluentD, as described in Step 1 of this document.

    2. Configure Prometheus, as described in Step 2 of this document.

  2. Configure log collection in the following way:
    1. Deploy FluentBit, as described in Step 3 of this document.

    2. Deploy Falco, as described in Step 4 of this document.

Sample log message

Application Logs
{"timestamp":1561534865020,"log":"E0626 07:41:05.020255       1 
manager.go:101] Error in scraping containers from kubelet:192.168.190.54:10255: 
failed to get all container stats from Kubelet URL \"http://192.168.190.54:10255/stats/container/\": 
Post http://192.168.190.54:10255/stats/container/: dial tcp 192.168.190.54:10255: 
getsockopt: connection refused"}

Query sample

Message Breakdown by Container from the Dashboard Container Logs
 cluster = * and namespace = * and pod = * and container = *
| json field=_raw "log" as message
| fields - message | count container | top 10 container by _count