apiVersion: v1 kind: ConfigMap metadata: name: fluent-bit-windows-config namespace: amazon-cloudwatch labels: k8s-app: fluent-bit data: fluent-bit.conf: | [SERVICE] Flush 5 Log_Level error Daemon off net.dns.resolver LEGACY Parsers_File parsers.conf @INCLUDE application-log.conf @INCLUDE dataplane-log.conf @INCLUDE host-log.conf application-log.conf: | [INPUT] Name tail Tag application.* Exclude_Path C:\\var\\log\\containers\\fluent-bit*, C:\\var\\log\\containers\\cloudwatch-agent* Path C:\\var\\log\\containers\\*.log Parser docker DB C:\\var\\fluent-bit\\state\\flb_container.db Mem_Buf_Limit 50MB Skip_Long_Lines On Rotate_Wait 30 Refresh_Interval 10 Read_from_Head ${READ_FROM_HEAD} [INPUT] Name tail Tag application.* Path C:\\var\\log\\containers\\fluent-bit* Parser docker DB C:\\var\\fluent-bit\\state\\flb_log.db Mem_Buf_Limit 5MB Skip_Long_Lines On Rotate_Wait 30 Refresh_Interval 10 Read_from_Head ${READ_FROM_HEAD} [INPUT] Name tail Tag application.* Path C:\\var\\log\\containers\\cloudwatch-agent* Parser docker DB C:\\var\\fluent-bit\\state\\flb_cwagent.db Mem_Buf_Limit 5MB Skip_Long_Lines On Rotate_Wait 30 Refresh_Interval 10 Read_from_Head ${READ_FROM_HEAD} [OUTPUT] Name cloudwatch_logs Match application.* region ${AWS_REGION} log_group_name /aws/containerinsights/${CLUSTER_NAME}/application log_stream_prefix ${HOST_NAME}- auto_create_group true extra_user_agent container-insights dataplane-log.conf: | [INPUT] Name tail Tag dataplane.tail.* Path C:\\ProgramData\\containerd\\root\\*.log, C:\\ProgramData\\Amazon\\EKS\\logs\\*.log Parser dataplane_firstline DB C:\\var\\fluent-bit\\state\\flb_dataplane_tail.db Mem_Buf_Limit 5MB Skip_Long_Lines On Rotate_Wait 30 Refresh_Interval 10 Read_from_Head ${READ_FROM_HEAD} [INPUT] Name tail Tag dataplane.tail.C.ProgramData.Amazon.EKS.logs.vpc-bridge Path C:\\ProgramData\\Amazon\\EKS\\logs\\*.log.* Path_Key file_name Parser dataplane_firstline DB C:\\var\\fluent-bit\\state\\flb_dataplane_cni_tail.db Mem_Buf_Limit 5MB Skip_Long_Lines On Rotate_Wait 30 Refresh_Interval 10 Read_from_Head ${READ_FROM_HEAD} [INPUT] Name winlog Channels EKS DB C:\\var\\fluent-bit\\state\\flb_eks_winlog.db Interval_Sec 60 [FILTER] Name aws Match dataplane.* imds_version v2 [FILTER] Name aws Match winlog.* imds_version v2 [OUTPUT] Name cloudwatch_logs Match dataplane.* region ${AWS_REGION} log_group_name /aws/containerinsights/${CLUSTER_NAME}/dataplane log_stream_prefix ${HOST_NAME}- auto_create_group true extra_user_agent container-insights [OUTPUT] Name cloudwatch_logs Match winlog.* region ${AWS_REGION} log_group_name /aws/containerinsights/${CLUSTER_NAME}/dataplane log_stream_name ${HOST_NAME}.windows.kubelet.kubeproxy.service auto_create_group true extra_user_agent container-insights host-log.conf: | [INPUT] Name winlog Channels System DB C:\\var\\fluent-bit\\state\\flb_system_winlog.db Interval_Sec 60 [FILTER] Name aws Match winlog.* imds_version v2 [OUTPUT] Name cloudwatch_logs Match winlog.* region ${AWS_REGION} log_group_name /aws/containerinsights/${CLUSTER_NAME}/host log_stream_name ${HOST_NAME}.windows.system.events auto_create_group true extra_user_agent container-insights parsers.conf: | [PARSER] Name docker Format json Time_Key time Time_Format %b %d %H:%M:%S [PARSER] Name container_firstline Format regex Regex (?<log>(?<="log":")\S(?!\.).*?)(?<!\\)".*(?<stream>(?<="stream":").*?)".*(?<time>\d{4}-\d{1,2}-\d{1,2}T\d{2}:\d{2}:\d{2}\.\w*).*(?=}) Time_Key time Time_Format %Y-%m-%dT%H:%M:%S.%LZ [PARSER] Name dataplane_firstline Format regex Regex (?<log>(?<="log":")\S(?!\.).*?)(?<!\\)".*(?<stream>(?<="stream":").*?)".*(?<time>\d{4}-\d{1,2}-\d{1,2}T\d{2}:\d{2}:\d{2}\.\w*).*(?=}) Time_Key time Time_Format %Y-%m-%dT%H:%M:%S.%LZ