0
0
Kubernetesdevops~10 mins

Centralized logging (EFK stack) in Kubernetes - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Centralized logging (EFK stack)
Logs generated by pods
Fluentd collects logs
Fluentd forwards logs to Elasticsearch
Elasticsearch stores and indexes logs
Kibana queries Elasticsearch
User views logs in Kibana dashboard
Logs flow from pods to Fluentd, then to Elasticsearch for storage, and finally Kibana displays them.
Execution Sample
Kubernetes
kubectl apply -f fluentd-config.yaml
kubectl apply -f elasticsearch-deployment.yaml
kubectl apply -f kibana-deployment.yaml
Deploy Fluentd, Elasticsearch, and Kibana components to collect, store, and visualize logs.
Process Table
StepActionComponentLog Data StateSystem State Change
1Pod generates logsPodRaw logs createdLogs available in pod filesystem
2Fluentd collects logsFluentdReads raw logsLogs buffered in Fluentd
3Fluentd forwards logsFluentdLogs sentLogs sent to Elasticsearch service
4Elasticsearch stores logsElasticsearchLogs indexedLogs stored and searchable
5Kibana queries logsKibanaQuery sentLogs retrieved for display
6User views logsKibana UILogs displayedUser sees logs in dashboard
7End--Logging cycle complete
💡 All logs collected, stored, and displayed successfully.
Status Tracker
VariableStartAfter Step 2After Step 4Final
Pod LogsNoneRaw logs createdRaw logs stored in ElasticsearchAvailable for Kibana queries
Fluentd BufferEmptyLogs bufferedEmpty after forwardingEmpty after forwarding
Elasticsearch IndexEmptyEmptyLogs indexedLogs searchable
Kibana DisplayEmptyEmptyEmptyLogs displayed
Key Moments - 3 Insights
Why does Fluentd buffer logs before sending to Elasticsearch?
Fluentd buffers logs to handle bursts and network delays, ensuring no logs are lost before forwarding, as shown in step 2 and 3 of the execution table.
What happens if Elasticsearch is down when Fluentd tries to send logs?
Fluentd will keep logs in its buffer and retry sending later, preventing log loss. This is implied by Fluentd's buffering behavior in steps 2 and 3.
How does Kibana get the logs to display?
Kibana queries Elasticsearch for indexed logs (step 5), then displays them in the dashboard (step 6), as shown in the execution table.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, at which step does Fluentd send logs to Elasticsearch?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Check the 'Action' and 'Component' columns for Fluentd forwarding logs.
According to the variable tracker, what is the state of Fluentd Buffer after step 4?
ALogs buffered
BLogs indexed
CEmpty after forwarding
DRaw logs created
💡 Hint
Look at the 'Fluentd Buffer' row under 'After Step 4' column.
If Elasticsearch fails to store logs, which component's state will show logs still buffered?
AFluentd Buffer
BPod Logs
CKibana Display
DElasticsearch Index
💡 Hint
Refer to key moment about Fluentd buffering and retrying logs.
Concept Snapshot
Centralized logging with EFK stack:
- Fluentd collects logs from pods
- Fluentd buffers and forwards logs to Elasticsearch
- Elasticsearch stores and indexes logs
- Kibana queries Elasticsearch and displays logs
- Ensures logs are centralized and easy to search
Full Transcript
In centralized logging using the EFK stack, logs are first generated by pods running in Kubernetes. Fluentd collects these logs from the pods and buffers them to handle network delays or bursts. Then Fluentd forwards the buffered logs to Elasticsearch, which stores and indexes them for fast searching. Kibana queries Elasticsearch to retrieve logs and displays them in a user-friendly dashboard. This flow ensures all logs are collected in one place, stored safely, and easy to view. If Elasticsearch is down, Fluentd keeps logs buffered and retries sending later, preventing data loss.