-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EKS control plane logs should have their source based on the log stream name #372
Comments
@robmp are you suggesting have the |
I'm suggesting that the |
@robmp Thanks for your clarification! I think it makes more sense to keep In fact, it would be better to add this in the default I'm going to close the issue for now, since I believe we would NOT make this change in the forwarder. |
The current handling of EKS CloudWatch logs is really inconsistent across the Datadog infrastructure. Only the audit and scheduler logs are correctly recognised and a corresponding built-in pipeline is added for them, respectively "Kubernetes audit" and "Kube Scheduler (glog)". This is covered by the #406 PR which you @tianchu reviewed some months after this issued was closed. Datadog expects a
It would be great if you could take another look at this issue. |
While the changes introduced in #371 and #365 that set EKS control plane logs source to
eks
are an improvement, I think they're not sufficient.EKS log groups in CloudWatch have multiple log streams, e.g:
These come from different control plane components and have different formats (some glog, others json).
I think it would make sense to have the log source based on the log stream name, e.g.
kube-apiserver
,kube-scheduler
etc.The text was updated successfully, but these errors were encountered: