EFK 日志系统收集K8s日志之容器标准输出日志( 三 ) _EFK

8.1.2 查看Filebeat pod 运行状态[root@master-1 es-single-node]# kubectl get pods -n ops -l k8s-app=node-exporterNAMEREADYSTATUSRESTARTSAGEnode-exporter-j72cb1/1Running1013dnode-exporter-k6d7v1/1Running1013dnode-exporter-vhgns1/1Running1013d8.1.3 登陆kibana 管理索引，添加索引模式索引管理：
（一般只要有数据入到ES中就会有索引出现，如果没有出现可以试着访问下业务使其产生日志输出到ES中）
点击左边的 Stack Management 中的索引管理可以看到一个名词为filebeat-7.9.2-2021.03.01-000001的索引，状态为open

文章插图

添加索引模式:
点击左边的 Stack Management 中的索引模式，创建索引模式

文章插图

输入索引模式名称： filebeat-7.9.2-*
表示可以匹配到上面的索引 filebeat-7.9.2-2021.03.01-000001

文章插图

选择@timestamp 时间字段

文章插图

文章插图

8.1.4 启动一个nginx 的Pod，验证日志数据

cat >app-log-stdout.yaml<< EOFapiVersion: apps/v1kind: Deploymentmetadata:name: app-log-stdoutspec:replicas: 3selector:matchLabels:project: stdout-testapp: nginx-stdouttemplate:metadata:labels:project: stdout-testapp: nginx-stdoutspec:containers:- name: nginximage: nginx---apiVersion: v1kind: Servicemetadata:name: app-log-stdoutspec:ports:- port: 80protocol: TCPtargetPort: 80selector:project: stdout-testapp: nginx-stdoutEOF[root@master-1 es-single-node]# kubectl apply -f app-log-stdout.yaml deployment.apps/app-log-stdout createdservice/app-log-stdout created

8.1.5 查看nginx pod,service 状态

[root@master-1 es-single-node]# kubectl get pods -l app=nginx-stdoutNAMEREADYSTATUSRESTARTSAGEapp-log-stdout-76fb86fcf6-cjch41/1Running02m34sapp-log-stdout-76fb86fcf6-wcfqm1/1Running02m34sapp-log-stdout-76fb86fcf6-zgzcc1/1Running02m34s[root@master-1 es-single-node]# kubectl get serviceNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGEapp-log-stdoutClusterIP10.0.0.167<none>80/TCP2m41skubernetesClusterIP10.0.0.1<none>443/TCP63d

8.1.6 访问nginx 的Pod 使其产生nginx 日志

[root@node-1 ~]# curl 10.0.0.167<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.</p><p>For online documentation and support please refer to<a href=https://www.isolves.com/it/cxkf/rongqi/2021-03-05/"http://nginx.org/">nginx.org.
Commercial support is available atnginx.com.
Thank you for using nginx.

8.1.7 登陆kibana dashboard 检索nginx 日志检索的语句： kubernetes.namespace : "default" and message : "curl"
可以看到有1个日志被命中了