Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
LogicMonitor provides different methods for sending logs from a monitored Kubernetes cluster to LM Logs. The method you should use depends on the type of logs that you want to send:
You can install and configure the LogicMonitor Kubernetes integration to forward your Kubernetes logs to the LM Logs ingestion API.
The Kubernetes configuration for LM Logs is deployed as a Helm chart.
1. Add the LogicMonitor Helm repository:
helm repo add logicmonitor https://logicmonitor.github.com/k8s-helm-charts
If you already have the LogicMonitor Helm repository, you should update it to get the latest charts:
helm repo update
2. Install the lm-logs chart, filling in the required values:
helm install -n <namespace> \
--set lm_company_name="<lm_company_name>" \
--set lm_access_id="<lm_access_id>" \
--set lm_access_key="<lm_access_key>" \
You can configure the LogicMonitor Collector to receive and forward Kubernetes Cluster events and Pod logs from a monitored Kubernetes cluster or cluster group.
Note: This section only applies to existing clusters in monitoring. You do not need to make this edit if the cluster was just added into monitoring with the lastest version of Argus.
The Cluster Role Collector needs to have access to the resources you want to monitor.
$ kubectl edit clusterrole collector
Under apiGroups > resources, add events and pod/logs. For example:
You have two options for enabling events and logs collection:
1. (Recommended) Modify the Helm deployment for Argus to enable events collection.
helm upgrade --reuse-values \
--set device_group_props.cluster.name="lmlogs.k8sevent.enable" \
--set device_group_props.cluster.value="true" \
--set device_group_props.pods.name="lmlogs.k8spodlog.enable" \
--set device_group_props.pods.value="true" \
2. Manually add the following properties to the monitored Kubernetes cluster group (or individual resources) in LogicMonitor.
In addition to the enabling logs and events collection, you can add or edit the following entries in the Collector’s agent.conf:
We recommend that you configure filters to remove log messages that contain sensitive information (such as credit cards, phone numbers, or personal identifiers) so that they are not sent to LogicMonitor. Filters can also be used to reduce the volume of non-essential syslog log messages that are sent to the logs ingestion API queue.
The filtering criteria for Kubernetes Events are based on the fields: message, reason, and type. For Kubernetes pod logs, you can filter on the message fields. Filtering criteria can be defined using keywords, a regular expression pattern, specific values of fields, and so on. To configure a filter criteria, uncomment to enable and then edit the filtering entries in agent.conf. For example:
1. If you are not seeing Kubernetes logs in your LM Portal after a few minutes, it may be a Resource mapping issue:
2. If mapping is correct, verify that the log file path is mounted. If the log file path is not mounted, edit the /k8s-helm-charts/lm-logs/templates/deamonset.yaml file to add the file path and volume.
For example, if the path to mount is /mnt/ephemeral/docker/containers/, you would make the following edits:
If you have enabled pod logs collection and forwarding, but you are not receiving pod logs in LM Logs, restart the Collector and increase the polling interval to 3-5 minutes.
In This Article