Skip to main content
Sumo Logic

Collect Logs and Metrics in Kubernetes environment

Collect Logs and Metrics for Nginix Plus in Kubernetes environment

In a Kubernetes environment, we use the Telegraf Operator, which is packaged with our Kubernetes collection. You can learn more about it here.The diagram below illustrates how data is collected from Nginx Plus in Kubernetes environments. In the architecture shown below, there are four services that make up the metric collection pipeline: Telegraf, Prometheus, Fluentd and FluentBit.

The first service in the pipeline is Telegraf. Telegraf collects metrics from Nginx Plus. Note that we’re running Telegraf in each pod we want to collect metrics from as a sidecar deployment: i.e. Telegraf runs in the same pod as the containers it monitors. Telegraf uses the Nginx Plus input plugin to obtain metrics. (For simplicity, the diagram doesn’t show the input plugins.) The injection of the Telegraf sidecar container is done by the Telegraf Operator. We also have Fluentbit that collects logs written to standard out and forwards them to FluentD, which in turn sends all the logs and metrics data to a Sumo Logic HTTP Source.

Configuring log and metric collection for the Nginx Plus App includes the following tasks:

  • Step 1: Collect Logs for Nginx Plus

  • Step 2: Collect Metrics for Nginx Plus

Step 1: Collect Logs for Nginx Plus in Kubernetes environment

1. Configure logging in Nginx Plus

Before you can configure Sumo Logic to ingest logs, you must configure the logging of errors and processed requests in NGINX Open Source and NGINX Plus. For instructions, refer to the following documentation:

https://www.nginx.com/resources/admin-guide/logging-and-monitoring/

2. Use the Sumologic-Kubernetes-Collection, to send the logs to Sumologic. For more information, visit.

3. Identifying the logs metadata:
For example, to get Logs data from the pod, you can use the following source  _sourcecategory = "kubernetes/default/nginx" where “kubernetes” is Cluster name, “default” is Namespace, “nginx” is application.

4. To get log data from Nginx Pods - all nginx logs must be redirected to standard output “stdout” and standard error “stderr”.

Step 2: Collect Metrics for Nginx Plus in Kubernetes environment 

The following steps assume you are collecting Nginx Plus metrics from a Kubernetes environment. In a Kubernetes environment, we use the Telegraf Operator, which is packaged with our Kubernetes collection.  You can learn more about this here.

  1. Before you can configure Sumo Logic to ingest metrics, you must enable the API module to expose metrics in NGINX Plus. 

  2. Set up Kubernetes Collection with the Telegraf Operator.

  3. On your Nginx Plus Pods, add the following annotations to configure Telegraf.

  • telegraf.influxdata.com/inputs - This contains the required configuration for the Telegraf Nginx Plus Input plugin. Please refer to this doc for more information on configuring the Nginx input plugin for Telegraf. Note since telegraf will be run as a sidecar the host should always be localhost
  • telegraf.influxdata.com/class: sumologic-prometheus - This instructs the Telegraf operator what output to use. This should not be changed.
  • prometheus.io/scrape: "true" - This ensures our Prometheus will scrape the metrics.
  • prometheus.io/port: "9273" - This tells Prometheus what ports to scrape on. This should not be changed.