Well, that looks okay, with the exception of the log_level. I think it should be LOGLEVEL. I haven’t tested with Kubernetes but my previous tests with docker were similar to that.
I do recall having some issues connecting to FluentD directly when I used a Syslog input. So I used a Syslog listening service like
- https://www.remotesyslog.com/ (for linux) or
- Syslog Watcher - High-performance Syslog Server | EZ5 Systems
and then forwarded the calls to FluentD. But I think you may need a parser for this
You may just have better luck with defining a UDP input plugin. Here is a quick config to listen and spit out the analytics to stdout
# Global service wide config
<system>
log_level info
</system>
# Syslog UDP input from Tyk Pump
<source>
@type udp
@label @syslog.udp
tag pump.udp.syslog # required
<parse>
@type none
</parse>
port 5160
bind 0.0.0.0
tag syslog.udp
</source>
# StdOut output log to FluentD
<label @syslog.udp>
<match **>
@type stdout
</match>
</label>
It appears you may be trying to build an EFK observability stack. I would encourage you to visit the docs or the fluentd community for further assistance