From 40a944e74caca6c20e889a2ee3b1fb4afcdffdb6 Mon Sep 17 00:00:00 2001 From: Phantom-Intruder Date: Thu, 15 Feb 2024 13:16:58 +0530 Subject: [PATCH] fluentbit sidecar --- Logging101/fluentbit-sidecar.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Logging101/fluentbit-sidecar.md b/Logging101/fluentbit-sidecar.md index 25e312d8..beef4ce1 100644 --- a/Logging101/fluentbit-sidecar.md +++ b/Logging101/fluentbit-sidecar.md @@ -67,4 +67,10 @@ Note the name of the pod, and use it in the below command: kubectl describe pod --watch ``` -You should see two containers being described by this command under the `Containers` section. Watch as the state of both containers goes from `pending` to `running`. When the container running the sleep command goes to a `successful` state, the container running fluentbit should immediately stop. Both pods will then go into a `Terminating` state before the pod itself terminates and leaves. \ No newline at end of file +You should see two containers being described by this command under the `Containers` section. Watch as the state of both containers goes from `pending` to `running`. When the container running the sleep command goes to a `successful` state, the container running fluentbit should immediately stop. Both pods will then go into a `Terminating` state before the pod itself terminates and leaves. + +## Conclusion + +This brings us to the end of the section on running fluent bit as a sidecar container. Now, you may be asking the question: if fluentbit does the same things as filebeat with a much smaller resource footprint, why use filebeat at all? The answer to this is features. For example, logstash supports the Beats protocol natively. However, it does not do this for fluentbit. Instead, you will have to use HTTP, which might mess up the output that is presented in Kibana. Larger loggers such as fluentd support in-built grok parsing which fluentbit doesn't. Instead, you will have to push logs from fluent bit to fluentd (or logstash as we do here), which adds another resource that acts as a mediator. Since logstash also handles buffering so that elasticsearch doesn't get overwhelmed, this isn't a particularly terrible idea. Additionally, you might notice that fluent bit does not have tools like bash or sh, which means that if you want to look inside the fluent bit container for some reason, you won't be able to do so. + +So there is a trade-off and you will have to consider what is best for your use case. \ No newline at end of file