add 'include_timestamp true' in the elastic part of the configmap to actually get the timestamp in elasticsearch

monitoring/logging/fluentd/kubernetes/counter-err.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter-err
+  labels:
+    app: counter-err
+    version: v1.2
+spec:
+  containers:
+  - name: count
+    image: busybox
+    args: [/bin/sh, -c,
+            'i=0; RANDOM=$$; while true; do R=$(($RANDOM%100)); echo "loop:$i  value:$R"; if [ $R -gt 80 ]; then echo "Warning:$R too high" 1>&2; fi; i=$((i+1)); sleep 1; done']

monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile

@@ -33,10 +33,12 @@ RUN touch /fluentd/etc/disable.conf
 # Copy plugins
 COPY plugins /fluentd/plugins/
 COPY entrypoint.sh /fluentd/entrypoint.sh
+# chmod needed in full Linux env :)
+RUN chmod 755 /fluentd/entrypoint.sh
 
 # Environment variables
 ENV FLUENTD_OPT=""
 ENV FLUENTD_CONF="fluent.conf"
 
 # Overwrite ENTRYPOINT to run fluentd as root for /var/log / /var/lib
-ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"]
+ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"]

monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml

@@ -51,7 +51,7 @@ data:
       <parse>
         @type kubernetes
         @type "#{ENV['FLUENT_CONTAINER_TAIL_PARSER_TYPE'] || 'json'}"
-        time_format %Y-%m-%dT%H:%M:%S.%NZ
+        time_format "%Y-%m-%dT%H:%M:%S.%NZ"
       </parse>
     </source>
 
@@ -78,4 +78,5 @@ data:
       port "#{ENV['FLUENT_ELASTICSEARCH_PORT'] || '9200'}"
       index_name fluentd-k8s
       type_name fluentd
-    </match>
+      include_timestamp true
+    </match>