Documentation forLoggly

Kubernetes cluster logging with rKubelog

rKubelog is a simple way to send logs from a Kubernetes (K8s) cluster to Loggly without having to configure DaemonSets, sidecars, fluentd, or persistent claims. With rKubelog, it's easy to use Loggly for logging in nodeless clusters, such as EKS on Fargate, and is perfect for smaller, local development clusters to setup logging within seconds.

rKubelog releases are referenced explicitly; 'latest' tags are not used. To update the image to the latest release, use the release's current version:

quay.io/solarwinds/rkubelog:<github_version>

where <github_version> is the latest version listed in Releases. For example, when r16 was the most recent release, quay.io/solarwinds/rkubelog:r16 would have been used.

SolarWinds recommends that you subscribe to notifications of new releases in the rKubelog repo by clicking Watch and selecting Releases only from the drop-down.

Deploy rKubelog

By default, rKubelog runs in the kube-system namespace and will observe all logs from all pods in all namespaces except from itself or from any other service in kube-system.

  1. In Loggly, add a new Customer Token by going to Source Setup then selecting Customer Tokens.

  2. Create a Kubernetes secret on your cluster named logging-secret in the kube-system namespace with the following fields:

    • PAPERTRAIL_PROTOCOL - if you do not use Papertrail or simply are not using rKubelog with Papertrail, leave the value empty to disable Papertrail.

    • PAPERTRAIL_HOST - if you do not use Papertrail or simply are not using rKubelog with Papertrail, leave the value empty to disable Papertrail.

    • PAPERTRAIL_PORT - if you do not use Papertrail or simply are not using rKubelog with Papertrail, leave the value empty to disable Papertrail.

    • LOGGLY_TOKEN - Enter your customer token from Loggly.

  3. Preview the deployment using kubectl apply -k . --dry-run -o yaml

  4. If all looks good, apply the deployment using kubectl apply -k .

Troubleshooting

Logs do not appear in Loggly after deploying rKubelog

If you deploy rKubelog on nodeless clusters, such as EKS on Fargate, you may not see logs in Loggly immediately. For EKS on Fargate, it may take up to two minutes for a pod to be fully deployed, as AWS needs to provision Fargate nodes. You can check the progress using:

Copy
kubectl get pods -o wide -n kube-system | grep rkubelog
  • The "status" should be "Running"
  • The "node" column should have a proper value (fargate-ip-192-168-X-X.us-east-2.compute.internal)
  • The "nominated node" column should be empty

Logs suddenly stopped flowing

If logs suddenly stop flowing, restart the rKubelog deployment:

Copy
kubectl scale deployment rkubelog --replicas=0 -n kube-system
kubectl scale deployment rkubelog --replicas=1 -n kube-system

Still having trouble

If you are still having trouble viewing your logs or are unsure how to proceed, we're happy to help. Contact us.

When the APM Integrated Experience is enabled, Loggly shares a common navigation and enhanced feature set with the other integrated experiences' products. How you navigate the product and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.