I Love Logging

With the MO of  “get all into splunk or else” – ran into some OCP/k8 challenges aggregating all logs to get to splunk.  Nothing native in OCP..

 

So digging around:

https://github.com/kubernetes/kubernetes/issues/24677

various options dealing with aggregation to include container logs.

 k8 logging — https://kubernetes.io/docs/user-guide/logging/overview/

OCP-EFK — https://docs.openshift.com/container-platform/3.4/install_config/aggregate_logging.html

Nice OCP Logging Overview – http://playbooks-rhtconsulting.rhcloud.com/playbooks/installation/logging.html

Have a Splunk agent on the nodes is great but doesn’t capture the container logs.  So leverage the EFK stack – where it aggregates — fluentd.

Using the fleuntd secure forward plugin (SFP) to forward EFK logs to an external fluentd which has the fluentd file output plugin which gets picked up by the Splunk forwarding agent.

Logging Roundup 

https://sematext.com/blog/2016/09/13/logstash-alternatives/

https://www.slant.co/topics/326/~best-log-aggregation-monitoring-tools

 

 

 

 

Advertisements

One thought on “I Love Logging

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s