fluent.conf

<match fluent.**>
  @type null
</match>

<source>
  @type tail
  read_from_head true
  path /var/lib/docker/containers/*/*-json.log
  pos_file /var/log/fluentd-docker.pos
  time_format %Y-%m-%dT%H:%M:%S
  tag kubernetes.*
  format json
</source>

<filter kubernetes.**>
  @type record_transformer
  enable_ruby
  <record>
    k8s_data ${id = tag.split('.')[5]; config = JSON.parse(IO.read("/var/lib/docker/containers/#{id}/config.v2.json")); labels = config['Config']['Labels'];; image = config['Config']['Image']; safe_image = image.split('/')[-1]; [safe_image, labels['io.kubernetes.container.hash'], labels['io.kubernetes.container.name'], labels['io.kubernetes.pod.name'], labels['io.kubernetes.pod.namespace']].join('|') }
  </record>
</filter>

<filter kubernetes.**>
  @type record_transformer
  enable_ruby
  remove_keys k8s_data
  <record>
    image ${k8s_data.split('|')[0]}
    container_hash ${k8s_data.split('|')[1]}
    container_name ${k8s_data.split('|')[2]}
    pod_name ${k8s_data.split('|')[3]}
    pod_namespace ${k8s_data.split('|')[4]}
  </record>
</filter>

<match kubernetes.**>
  @type elasticsearch
  logstash_format true
  type elasticsearch
  hosts "#{ENV['ES_HOST']}"
  user "#{ENV['ES_USERNAME']}"
  password "#{ENV['ES_PASSWORD']}"
  port "#{ENV['ES_PORT']}"
  scheme https
  ssl_verify false
  buffer_chunk_limit 2M
  buffer_queue_limit 32
  flush_interval 5s
  max_retry_wait 30
  disable_retry_limit
</match>