2

I have a cluster with many namespaces. I'm trying to log data from a specific namespace in my Openshift cluster but it is logging the data from all the namespaces. I tried to follow the documentation of the Openshift regarding logging, but there is no mention of scoping the log data.

I followed this documentation: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging.html

I'm using fluentd as the log collector.

Akhil Ravindran
  • 126
  • 1
  • 10
  • which log collector you are using? – Adiii Aug 04 '22 at 10:14
  • @Adiii I'm using fluentd – Akhil Ravindran Aug 04 '22 at 10:20
  • 1
    https://stackoverflow.com/questions/57027935/how-to-exclude-namespace-from-fluent-bit-logging – Adiii Aug 04 '22 at 10:27
  • 1
    Does this answer your question? [How to exclude namespace from fluent-bit logging](https://stackoverflow.com/questions/57027935/how-to-exclude-namespace-from-fluent-bit-logging) – Adiii Aug 04 '22 at 10:28
  • no, it is not @Adiii – Akhil Ravindran Aug 09 '22 at 07:31
  • Do you want to forward logs in a specific namespace which is created by developer to your Elasticsearch? By default, OpenShift Logging aggregate all log messages from all namespaces and send to application index in default Elasticsearch. I believed that you can select namespaces and forward logs in the namespaces to your ES. – hiroyukik Sep 09 '22 at 13:42
  • @hiroyukik Thank you. But I don't want to store all my namespaces logs in ES. I don't want to forward it to the ES. Is there a way to do that? – Akhil Ravindran Sep 10 '22 at 11:35

1 Answers1

2

As Cluster Logging on OpenShift, you can transfer logs in namespaces or Pods matched label you select.

The sample CR like Forward logs in my-project namespace to Elasticserach which is deployed by Cluster Logging could be as follows:

apiVersion: "logging.openshift.io/v1"
kind: ClusterLogForwarder
metadata:
  name: instance 
  namespace: openshift-logging 
spec:
  inputs: 
   - name: my-app-logs
     application:
        namespaces:
        - my-project
  pipelines:
   - name: my-app 
     inputRefs:
      - my-app-logs
     outputRefs:
      - default

You can customize inputs field as you want. It also could be specified Pods using matchLabels expression. *2

outputs default means send logs to default Elasticsearch on Cluster Logging.

*1: https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-external.html

*2: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-external.html#cluster-logging-collector-log-forward-logs-from-application-pods_cluster-logging-external

hiroyukik
  • 713
  • 1
  • 6
  • 14