Verified steps

Deploy the Collector as a DaemonSet so one instance runs on each node and can access that node's container log files; mount /var/log/pods and /var/log/containers from the host into the Collector container
Configure the filelog receiver to include /var/log/pods/*/*/*.log; add a container operator (type: container) to automatically detect and parse CRI-O or Docker JSON log format without manual per-runtime config
Add the k8sattributes processor to the log pipeline; set auth_type: serviceAccount and configure extract.metadata to pull k8s.pod.name, k8s.namespace.name, k8s.node.name, k8s.container.name, and relevant pod labels/annotations
Grant the DaemonSet ServiceAccount RBAC permissions: pods/get, pods/list, pods/watch on the core API group and namespaces/get so the processor can resolve pod metadata from the Kubernetes API
Add a resource processor after k8sattributes to promote frequently queried metadata (cluster name, environment) into resource attributes rather than log attributes for efficient backend indexing
Use the Helm chart's logsCollection and kubernetesAttributes presets (--set presets.logsCollection.enabled=true) to generate a validated baseline DaemonSet config that you can then customise

Known gotchas

Running more than one DaemonSet Collector (or a sidecar plus a DaemonSet) that watches the same log path produces duplicate log records; pick a single collection topology per node
The k8sattributes processor looks up metadata using the source IP of the connection; in a DaemonSet deployment, set passthrough: false and ensure pod_association rules use pod UID or resource attributes rather than connection IP when running behind NAT
Container log rotation (logrotate or Docker log driver) can cause the filelog receiver to miss logs between a rotation and detection if poll_interval is too long; set poll_interval to 200ms in high-throughput environments and enable a persistent storage extension to preserve offsets across restarts

docs.fluentbit.io · 6 steps · unrated

Configure the filelog receiver to handle multiline log entries

github.com/open-telemetry/opentelemetry-collector-contrib · 6 steps · unrated

Build a log processing pipeline with Vector to parse, enrich, and route logs to multiple sinks

vector.dev · 6 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Collect Kubernetes container logs with filelog receiver and k8sattributes processor

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes