The Logging custom resource

The logging resource defines the logging infrastructure for your cluster that collects and transports your log messages, and also contains configurations for the Fluent Bit log collector and the Fluentd and syslog-ng log forwarders. It also establishes the controlNamespace, the administrative namespace of the Logging operator. The Fluentd and syslog-ng statefulsets and the Fluent Bit daemonset are deployed in this namespace, and global resources like ClusterOutput and ClusterFlow are evaluated only in this namespace by default - they are ignored in any other namespace unless allowClusterResourcesFromAllNamespaces is set to true.

You can customize the configuration of Fluentd, syslog-ng, and Fluent Bit in the logging resource. The logging resource also declares watchNamespaces, that specifies the namespaces where Flow/SyslogNGFlow and Output/SyslogNGOutput resources will be applied into Fluentd’s/syslog-ng’s configuration.

Note: By default, the Logging operator Helm chart doesn’t install the logging resource. If you want to install it with Helm, set the logging.enabled value to true.
For details on customizing the installation, see the Helm chart values.

You can customize the following sections of the logging resource:

Generic parameters of the logging resource. For the list of available parameters, see LoggingSpec.
The fluentd statefulset that Logging operator deploys. For a list of parameters, see FluentdSpec. For examples on customizing the Fluentd configuration, see Configure Fluentd.
The syslogNG statefulset that Logging operator deploys. For a list of parameters, see SyslogNGSpec. For examples on customizing the Fluentd configuration, see Configure syslog-ng.
The fluentbit field is deprecated. Fluent Bit should now be configured separately, see Fluent Bit log collector.

The following example snippets use the logging namespace. To create this namespace if it does not already exist, run:

kubectl create ns logging

A simple `logging` example

apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
  name: default-logging-simple
  namespace: logging
spec:
  fluentd: {}
  fluentbit: {}
  controlNamespace: logging

Filter namespaces

In the following example, the watchNamespaces option is set, so logs are collected only from the prod and test namespaces.

apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
  name: default-logging-namespaced
  namespace: logging
spec:
  fluentd: {}
  fluentbit: {}
  controlNamespace: logging
  watchNamespaces: ["prod", "test"]

Starting with Logging operator version 4.3, you can use the watchNamespaceSelector selector to select the watched namespaces based on their label, or an expression, for example:

  watchNamespaceSelector:
    matchLabels:
      <label-name>: <label-value>

  watchNamespaceSelector:
    matchExpressions:
      - key: "<label-name>"
        operator: NotIn
        values:
          - "<label-value>"

If both watchNamespaces and watchNamespaceSelector are set, the union of them will take effect.

Last modified December 3, 2025: Merge 93ef79b90193df9d95bda2068bba61200e21e86b into 2eea06951e5cb8d307b35fee26ea2a83a8ed6bdb (e71de0b)

The Logging custom resource

A simple logging example

Filter namespaces

A simple `logging` example