Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set Ignore_Older to 24h by default to prevent older logs from being ingested on install. #664

Merged
merged 2 commits into from
May 26, 2020
Merged

Set Ignore_Older to 24h by default to prevent older logs from being ingested on install. #664

merged 2 commits into from
May 26, 2020

Conversation

frankreno
Copy link
Contributor

Description

Fixes #596.

Set Ignore_Older to 24h by default to prevent older logs from being ingested when collection is first installed. Relative times are supported. Tested using shorter time range (1m) and validated that the older logs are not ingested.

fluent/fluent-bit#221
https://docs.fluentbit.io/manual/pipeline/inputs/tail#config

Note, this is not supported on systemd plugin so only updating tail plugin.

Fill in your description here.

Testing performed
  • ci/build.sh
  • Redeploy fluentd and fluentd-events pods
  • Confirm events, logs, and metrics are coming in

@frankreno frankreno mentioned this pull request May 20, 2020
Closed
3 tasks
@frankreno frankreno added the enhancement New feature or request label May 20, 2020
@frankreno frankreno added this to the v1.1 milestone May 20, 2020
perk-sumo
perk-sumo approved these changes May 26, 2020
View reviewed changes
Copy link
Contributor

@perk-sumo perk-sumo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@perk-sumo perk-sumo merged commit 9d3ad56 into master May 26, 2020
@perk-sumo perk-sumo deleted the ignore-older-default branch May 26, 2020 13:38
@avdhoot
Copy link

avdhoot commented Jul 19, 2020

@frankreno I doubt it will work(not working for me). To Ignore_Older work input plugin need parser. more fluent/fluent-bit#716

@frankreno
Copy link
Contributor Author

@avdhoot - we use a parser on our input plugin for container logs. Local testing showed this working but definitely worth another check. Can you share your configuration? Are you seeing older logs ingested for container logs or systemd/kubelet?

@avdhoot
Copy link

avdhoot commented Jul 20, 2020
edited
Loading

Non working config:

    [INPUT]
        Name             tail
        Path             /var/log/containers/*.log
        Multiline        On
        Parser_Firstline multi_line
        Tag              containers.*
        Refresh_Interval 1
        Rotate_Wait      60
        Mem_Buf_Limit    5MB
        Skip_Long_Lines  On
        DB               /tail-db/tail-containers-state-sumo.db
        DB.Sync          Normal
        Ignore_Older 1m

Working config. To it work parser should extract time.

[INPUT]
    Name             tail
    Path             /var/log/containers/*.log
    Multiline        Off
    Parser_Firstline multi_line
    Tag              containers.*
    Refresh_Interval 1
    Rotate_Wait      60
    Mem_Buf_Limit    5MB
    Skip_Long_Lines  On
    DB               /tail-db/tail-containers-state-sumo.db
    DB.Sync          Normal
    Ignore_Older 1m
    Parser  Docker

@avdhoot
Copy link

avdhoot commented Jul 22, 2020

@frankreno in case you missed it. Result of above config. There is still some leak but it is manageable.

image

@frankreno
Copy link
Contributor Author

Thank you @avdhoot - we will investigate and report back. In that search are you looking at all logs sent to the collector? You should exclude any logs from systemd because there is a known issue that we ingest old logs there. The systemd does not support a way to ignore older log files, so I just want to make sure the leak you see above is not from those logs.

@avdhoot
Copy link

avdhoot commented Jul 23, 2020
edited
Loading

To make things more clear. I have used config mentioned in #664 (comment). Currently we are not sending systemd logs. @frankreno

@frankreno frankreno mentioned this pull request Jul 29, 2020
Closed
@Adhira-Deogade
Copy link
Contributor

@avdhoot With your configs here, I am still collecting historical logs. Am I doing something wrong? Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samjsong samjsong samjsong approved these changes

@vsinghal13 vsinghal13 vsinghal13 approved these changes

@sumo-drosiek sumo-drosiek sumo-drosiek approved these changes

@perk-sumo perk-sumo perk-sumo approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.1
Development

Successfully merging this pull request may close these issues.

Set Default IgnoreOlder in FluentBit
7 participants
@frankreno @avdhoot @Adhira-Deogade @samjsong @vsinghal13 @sumo-drosiek @perk-sumo