FluentBit

groundcover automatically collects all logs within your Kubernetes cluster streamed via Standard Output (stdout) using our proprietary eBPF sensor, requiring no setup. However, if your organization stores logs in files, either within Kubernetes or outside, or if you want to pass logs from non-Kubernetes entities, you can use FluentBit to send these logs to groundcover.

Setting metadata

While not required, it is suggested to set metadata attributes to be recognized by groundoover.

Attribute

Meaning

env_name

clusterId

Will associate the log with a cluster in groundcover.

host.name

Will appear as the logs' hostname

gc_source_type

will appear the source of the type of the logs. . Can be any value of your choosing. For example, logs from Kubernetes clusters are marked as 'k8s'

service.name

Will appear as the name of the workload that created the log.

Configuring the output stage

Setup instructions depend on whether your logs are stored in a Kubernetes or non-Kubernetes cluster.

This feature is only available for enterprise plan.

Finding the OTEL endpoint of the inCloud backend

The following example will use FluentBit's to send logs to your inCloud's endpoint.

For more instructions on finding your inCloud endpoint and apikey, see docs.

Configuring an output stage

Add the following code to your Fluent Bit configuration to start sending logs to groundcover:

[OUTPUT]
        Name http
        Match *
        Host {inCloud_Site}
        Port 443
        Tls On
        Tls.verify On
        URI /json/logs
        Json_date_key    timestamp
        Json_date_format iso8601
        Header apikey {api-key}

Finding the endpoint of our eBPF sensor's collector

First, direct FluentBit's to our eBPF sensor's daemonset.

Use the instructions to locate the endpoint for the sensor service, referenced below as {GROUNDCOVER_SENSOR_ENDPOINT}.

Configuring an output stage

Add the following code to your FluentBit configuration file to start sending logs to groundcover:

[OUTPUT]
        Name opentelemetry
        Match *
        Host {GROUNDCOVER-SENSOR-ENDPOINT}
        Logs_uri /v1/logs
        Port 4318
        Tls Off
        Tls.verify Off
        Log_response_payload Off

Last updated 20 days ago

Setting metadata

While not required, it is suggested to set metadata attributes to be recognized by groundoover.

Attribute

Meaning

env_name

Will associate the log with an environment in groundcover.

clusterId

Will associate the log with a cluster in groundcover.

host.name

Will appear as the logs' hostname

gc_source_type

will appear the source of the type of the logs. . Can be any value of your choosing. For example, logs from Kubernetes clusters are marked as 'k8s'

service.name

Will appear as the name of the workload that created the log.

Configuring the output stage

Setup instructions depend on whether your logs are stored in a Kubernetes or non-Kubernetes cluster.

This feature is only available for enterprise plan.

Finding the OTEL endpoint of the inCloud backend

The following example will use FluentBit's to send logs to your inCloud's endpoint.

For more instructions on finding your inCloud endpoint and apikey, see docs.

Configuring an output stage

Add the following code to your Fluent Bit configuration to start sending logs to groundcover:

[OUTPUT]
        Name http
        Match *
        Host {inCloud_Site}
        Port 443
        Tls On
        Tls.verify On
        URI /json/logs
        Json_date_key    timestamp
        Json_date_format iso8601
        Header apikey {api-key}

Finding the endpoint of our eBPF sensor's collector

First, direct FluentBit's to our eBPF sensor's daemonset.

Use the instructions to locate the endpoint for the sensor service, referenced below as {GROUNDCOVER_SENSOR_ENDPOINT}.

Configuring an output stage

Add the following code to your FluentBit configuration file to start sending logs to groundcover:

[OUTPUT]
        Name opentelemetry
        Match *
        Host {GROUNDCOVER-SENSOR-ENDPOINT}
        Logs_uri /v1/logs
        Port 4318
        Tls Off
        Tls.verify Off
        Log_response_payload Off