Fluentd and Kubernetes – Permission Denied Error

When deploying the logging aggregation tool Fluentd to our Kubernetes cluster, Fluentd was failing to start up.  It was failing with a permission denied error when trying to create the directory /var/log/fluent. I had Fluentd configured to write its position files in the /var/log/fluent directory.  /var/log was mounted as a hostDir, from (predictably) /var/log on the host node, in order to … Read more

Fluentd – Splunk HttpEventCollector and Time

If you need to get log events from fluentd up to a Splunk HTTPEventCollector (HEC), I’ve found that you have two options,  splunk-http-eventcollector and splunkhec.  Both of these plugins have fallen out of use in the last couple of years.  When using either of these plugins, you lose the milliseconds in log event times.  So what? We … Read more

Making fluentd, journald, Kubernetes, and Splunk Happy Together

The Requirements Our requirements are simple.  We run microservices in Docker, using Kubernetes as our deployment platform.  We want all of our logs in Splunk.  So the requirements are simply to take the logs from our microservice containers, and the logs from Kubernetes itself, and the logs from the host OS, and ship them to … Read more