This message was deleted.
# logginga
adamant-kite-43734
11/20/2023, 7:31 PMThis message was deleted.
h
hundreds-evening-84071
11/20/2023, 7:38 PMI've never worked with Loki but need to.
Is installing Promtail needed on Rancher downstream cluster? Or simply installing Logging operator from Rancher Apps sufficient?
Then setup ClusterFlows as you mentioned above ?
b
brave-afternoon-4801
11/20/2023, 7:40 PMI'm trying to answer that question! So far it certainly seems like there are only a few pieces missing to have exactly that setup. They really should add loki to the rancher-monitoring chart
โ 1
brave-afternoon-4801
11/20/2023, 7:40 PMIs installing Promtail needed on Rancher downstream clusterI'm able to get pod logs without promtail, using fluentd to ship them.
๐ 1
brave-afternoon-4801
11/20/2023, 7:42 PMTo deploy loki, what I did is render the helm template locally, modify it to my needs, and then use fleet's kustomize support to patch the rancher-monitoring chart
brave-afternoon-4801
11/20/2023, 7:42 PMotherwise the official chart will force install the agent, which isn't needed if you have the logging operator installed
h
hundreds-evening-84071
11/20/2023, 7:44 PMnice! thanks for the response.
b
brave-afternoon-4801
11/20/2023, 7:45 PMnp. good luck
h
hundreds-evening-84071
11/20/2023, 10:25 PMwell - so deploying loki was easy and setting up flow.
but it seems to be VERY slow. I am only sending 1 namespace logs and looking like logs will show up 15-20 minutes later
b
brave-afternoon-4801
11/20/2023, 10:26 PMyeah, you have to disable output buffer to get anything quickly, and that will still see around 20s delay
h
hundreds-evening-84071
11/20/2023, 10:27 PMgiving that a try - ๐ค
b
brave-afternoon-4801
11/20/2023, 10:29 PM Copy code
{host=~".+"} | json | line_format `{{.message}}` | logfmt | level = `error`brave-afternoon-4801
11/20/2023, 10:30 PMpoor man's log tail. adjust that last segment to your needs
h
hundreds-evening-84071
11/20/2023, 10:31 PMWOW!! that (output buffer) made such a HUGE difference!
b
brave-afternoon-4801
11/20/2023, 10:31 PMlol right?!
h
hundreds-evening-84071
11/20/2023, 10:31 PMI was certainly not expecting that big of difference
b
brave-afternoon-4801
11/20/2023, 10:38 PMbtw, I also set this in the
rancher-logging Copy code
global:
dockerRootDirectory: /var/logbrave-afternoon-4801
11/20/2023, 10:40 PMthe generated fluentbit config will append
/containers/var/lib/docker/containers๐ 1
brave-afternoon-4801
11/24/2023, 1:56 PM@hundreds-evening-84071 i was looking through the fluentd docs and found this
Copy code
flush_mode: immediatebrave-afternoon-4801
11/24/2023, 2:45 PMI take that back. without disabling buffering, it still holds them forever. I didn't realize it was still getting set
๐ 1
h
hundreds-evening-84071
11/27/2023, 12:16 PMHey; have you tried to set it like this:
Copy code
flush_mode: interval
flush_interval: 2sb
brave-afternoon-4801
11/27/2023, 12:51 PMI haven't! but was planning on trying that soon too
brave-afternoon-4801
11/27/2023, 12:51 PMbringing up a new cluster today. I'll probably try that out later.
h
hundreds-evening-84071
11/27/2023, 2:47 PMAlso, do you remember - do you have 1 or 2 replicas for
rancher-logging-root-fluentd Copy code
# kubectl get statefulset -n cattle-logging-system
NAME READY AGE
rancher-logging-root-fluentd 1/1 51db
brave-afternoon-4801
11/27/2023, 2:47 PM1 by default
โ๏ธ 1
9 Views