New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GELF message is missing mandatory "host" field #1897
Comments
Someone who faces the same issues:
|
I can confirm with the fluent-bit 1.5 that this bug exist. Adding the Gelf_Host_key still does not work. The host key is not being passed to Graylog with GELF. Has anyone tested this. Seem if there is a recommendation it should be fully vetted. DB |
No this has worked for me. I'm using the latest fluent-bit helm chart from fluent itself and the latest graylog helm chart from stable as of this writing. |
@alekseydemidov when I set |
Same here. |
Any updates on this one? I could not find a way to workaround this properly. The fixes mentioned above only create fixed hosts fields. |
You can omit the
I also omit the
Finally my Output plugin looks like this:
You can use Furthermore https://github.com/fluent/fluent-bit-docs/blob/master/pipeline/outputs/gelf.md#configuration-file-example gives a configuration file example for GELF. To verify your output. I used the HTTP Plugin instead in order to direct the output to a service that logs the payload e.g. https://hub.docker.com/r/mendhak/http-https-echo, e.g.
|
Hi, Could someone clarify a few things for me regarding fluent-bit and GELF support to Graylog? Lots of tutorials (https://www.xtivia.com/blog/k8s-loggings-graylog-fluent-bit) and (https://vzurczak.wordpress.com/2019/02/13/using-graylog-for-centralized-logs-in-k8s-platforms-and-permissions-management) appear to be using Graylog GELF HTTP input. Whereas, it appears that fluent-bit expects this input to be the standard GELF TCP input. Which I tried and started getting logs, but now I get double timestamps in message like so:
Note the initial timestamp with my local timezone, followed by regular nginx. So my questions boil down to 2 I think:
|
I solved my problem with "Parser: cri" instead of "docker". I still however am curious about the tcp/http thing and I'm also still experiencing this bug. I have a kubernetes_host field. I've tried renaming it. I've tried adding Gelf_Host_Key. Nothing |
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the |
This issue was closed because it has been stalled for 5 days with no activity. |
any resolution to this ? |
Bug Report
Describe the bug
During getting gelf messages from fluent-bit, i see continuous repeated error in graylog logs:
To Reproduce
In GELF documentation: "If you're using Fluent Bit in Kubernetes and you're using Kubernetes Filter Plugin, this plugin adds host value to your log by default, and you don't need to add it by your own."
But looks like that's not true.
That possible to see logs in raw/text format on graylog side and there's not really the 'host' field
I've tried to set Gelf_Host_Key for gelf plugin, but no any intelligible explanations how to use that, any values were ignored
Expected behavior
add neccessary 'host' field into log
Screenshots
Your Environment
Platform: k8s v1.16.4
fluent-bit:1.3.5
graylor:3.1
fluent-bit configuration:
Additional context
This WARN does not prevent logs collection, but overfill journal log of the graylog
The text was updated successfully, but these errors were encountered: