Sending Kubernetes logs To ClickHouse with Fluent Bit

Calyptia
9 min readintermediate
--
View Original

Overview

This article discusses how to send Kubernetes logs to ClickHouse using Fluent Bit, providing a step-by-step guide on deployment and configuration. It highlights the benefits of using Fluent Bit for log enrichment and offers recommendations for schema design in ClickHouse.

What You'll Learn

1

How to deploy Fluent Bit for Kubernetes log collection

2

Why enriching logs with Kubernetes context is beneficial

3

How to configure ClickHouse for optimal log storage

Prerequisites & Requirements

  • Basic understanding of Kubernetes and logging concepts
  • Fluent Bit and ClickHouse installed(optional)

Key Questions Answered

How do you deploy Fluent Bit on Kubernetes for log collection?
To deploy Fluent Bit on Kubernetes, you can use the Helm chart from the Fluent Bit repository. After downloading and extracting the Helm chart, modify the values.yaml file to configure the filters and output settings, then install it using the Helm install command.
What are the best practices for schema design in ClickHouse for logs?
Best practices for schema design in ClickHouse include defining primary keys for commonly filtered columns, using LowCardinality for string types, and lifting known fields out of JSON to improve performance and reduce storage. This ensures efficient querying and better compression.
What is the role of the Lua filter in Fluent Bit configuration?
The Lua filter in Fluent Bit is used to manipulate log records by extracting specific fields from nested JSON structures. This is essential for moving fields like host and pod_name to the root of the message for better performance in ClickHouse queries.
How can you visualize Kubernetes logs in Grafana?
Kubernetes logs can be visualized in Grafana by importing a pre-built dashboard that connects to ClickHouse. The dashboard allows users to monitor log data and correlate it with other metrics, enhancing observability in the Kubernetes environment.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Key Actionable Insights

1
Implementing Fluent Bit for log collection can significantly enhance your ability to troubleshoot issues in Kubernetes environments.
By enriching logs with Kubernetes metadata, operators can quickly identify the source of problems, making it easier to manage and maintain applications.
2
Defining primary keys in ClickHouse for log data can drastically improve query performance.
Using primary keys that match common filtering criteria allows ClickHouse to optimize data retrieval, leading to faster analytics and reporting.
3
Utilizing the Lua filter in Fluent Bit can streamline your log processing pipeline.
By extracting necessary fields from nested JSON, you can ensure that your logs are structured in a way that maximizes performance in ClickHouse.

Common Pitfalls

1
Failing to define primary keys in ClickHouse can lead to poor query performance.
Without primary keys, ClickHouse cannot optimize data retrieval, resulting in slower queries and increased resource usage.
2
Overlooking the need to lift fields out of JSON for better performance.
If fields remain nested within JSON, it can hinder performance and complicate queries, making it essential to restructure log data appropriately.

Related Concepts

Log Enrichment
Schema Design In Databases
Kubernetes Logging Best Practices