Logging Formats
When it comes to log management in Kubernetes clusters, it's crucial to understand that there are various logging formats based on the container runtime and the logging drivers in use. Here, we'll explore the different logging formats and how to correctly configure log forwarding in Zeet.
Common Logging Formats
Logs in Kubernetes can be represented in several formats. The most common ones include:
1. Docker JSON-file Format
The default logging driver for Docker is json-file. Logs are stored as JSON objects, which include the log message, the stream type (stdout or stderr), and a timestamp.
{"log": "Your log message here\n", "stream": "stdout", "time": "2023-03-22T08:54:39.123456789Z"}
2. Kubernetes CRI Format
Kubernetes' Container Runtime Interface (CRI) defines a standard for container runtimes to follow, which also affects log format. A typical CRI log entry includes a timestamp, the output stream type, and the log message itself.
2023-10-06T00:17:09.669794202Z stdout F Your log message here
2023-10-06T00:17:09.669794202Z stdout P Another log pt 1
2023-10-06T00:17:09.669794202Z stdout P Another log pt 2
2023-10-06T00:17:10.113242941Z stderr F Another log final
Configuring Log Format in Zeet
By default, Zeet configures log forwarding assuming logs are in the Docker JSON-file format. However, this may not always match the format used by your cluster.
If your cluster uses a different logging format, you can adjust Zeet's log forwarding configuration to match. This is done by applying the following configuration patch for your project in the Kubernetes tab of your project settings.
containers:
- name: betterstack
env:
- name: PARSER
value: cri
You can change the name of the container depending on the log provider that you are using to forward your logs to. After applying the following config patch, Zeet will update the Pod Spec to use the new format.
