Parameters
The parent key for all of the following parameters is openshift4_logging.
See the OpenShift docs for details.
channel
| type |
string |
| default |
|
Channel of the operator subscription to use. In OpenShift 4.7 Red Hat introduced an OpenShift version independent logging stack starting with the version 5.0. Since version 5.1 there are two channels stable and stable-5.x. Choosing the stable channel allows never have to care about the interoperability as the specific OpenShift version delivers the right version via the operator marketplace.
See the OpenShift documentation for details.
alerts
| type |
string |
| default |
|
Release version of the alerting rules.
Should be adjusted according to the channel: If you specify channel: stable-5.2 use alerts: release-5.2.
kibana_host
| type |
string |
| default |
|
| example |
|
Host name of the Kibana route.
predict_elasticsearch_storage_alert
| type |
dict |
| example |
|
Create an alert SYN_ElasticsearchExpectNodeToReachDiskWatermark if the storage allocated for Elasticsearch is predicted to reach the low storage watermark.
predict_elasticsearch_storage_alert.lookback_range
| type |
prometheus duration |
| default |
|
How for to look back to calculate the prediction.
predict_elasticsearch_storage_alert.predict_hours_from_now
| type |
number |
| default |
|
How far in the future the prediction is calculated.
predict_elasticsearch_storage_alert.threshold
| type |
number |
| default |
|
The threshold for the alert. Percentage of disk fill.
ignore_alerts
| type |
list |
| default |
[] |
This parameter can be used to disable alerts provided by openshift cluster-logging-operator.
The component supports removing entries in this parameter by providing the entry prefixed with ~.
clusterLogging
| type |
dictionary |
| default |
see |
A dictionary holding the .spec for cluster logging.
See the OpenShift docs for available parameters.
clusterLogForwarding
clusterLogForwarding.forwarders
| type |
dictionary |
| default |
{} |
Each key in this dictionary holds the parameters for an .spec.outputs object.
See the OpenShift docs for available parameters.
clusterLogForwarding.namespace_groups
| type |
dictionary |
| default |
{} |
Customization for the logging of a specified group of namespaces.
Enabling forwarders will send the logs of the specified namespaces to a third-party log aggregator. For some log aggregation systems you may need to deploy a separate log forwarder.
Enable json parsing for a 'namespace_group' only makes sense if the logs are forwarded to the clusters default elasticsearch instance. Therefor 'default' will automatically be added to the forwarders.
clusterLogForwarding:
namespace_groups:
my-group: (1)
namespaces: (2)
- my-namespace
forwarders: (3)
- splunk-forwarder
json: true (4)| 1 | Namespace to configure. |
| 2 | List of namespaces. |
| 3 | List of forwarders (defined in clusterLogForwarding.forwarders). |
| 4 | Enable json logging only for defined namespaces. |
clusterLogForwarding.application_logs
| type |
dictionary |
| default |
{} |
Customization for the logging of all applications.
Enabling forwarders will send the logs of all namespaces to a third-party log aggregator. For some log aggregation systems you may need to deploy a separate log forwarder.
clusterLogForwarding:
application_logs:
forwarders: (1)
- splunk-forwarder
json: true (2)| 1 | List of forwarders (defined in clusterLogForwarding.forwarders). |
| 2 | Enable json logging for all applications. |
clusterLogForwarding.infrastructure_logs
| type |
dictionary |
| default |
|
Customization for the logging of openshift*, kube*, or default projects.
Enabled by default.
Enabling forwarders will send the logs of all namespaces to a third-party log aggregator. For some log aggregation systems you may need to deploy a separate log forwarder.
clusterLogForwarding:
infrastructure_logs:
forwarders: (1)
- splunk-forwarder
json: true (2)| 1 | List of forwarders (defined in clusterLogForwarding.forwarders). |
| 2 | Enable json logging for all applications. |
clusterLogForwarding.audit_logs
| type |
dictionary |
| default |
|
Customization for the logging of audit logs.
Disabled by default.
Enabling forwarders will send the logs of all namespaces to a third-party log aggregator. For some log aggregation systems you may need to deploy a separate log forwarder.
clusterLogForwarding:
audit_logs:
forwarders: (1)
- splunk-forwarder
json: true (2)| 1 | List of forwarders (defined in clusterLogForwarding.forwarders). |
| 2 | Enable json logging for all applications. |
clusterLogForwarding.json
| type |
dictionary |
| default |
see below |
Setting json.enabled is required for json parsing to be available. You need to additionally enable it in clusterLogForwarding.application_logs or clusterLogForwarding.namespace_groups, based on your needs, to actually parse the logs.
clusterLogForwarding:
json:
enabled: false (1)
typekey: 'kubernetes.labels.logFormat' (2)
typename: 'nologformat' (3)| 1 | By default JSON parsing is disabled. |
| 2 | The value of that field, if present, is used to construct the index name. |
| 3 | If typekey isn’t set or its key isn’t present, the value of this field is used to construct the index name. |
See the OpenShift docs for a detailed explanation.
Example
clusterLogging:
logStore:
retentionPolicy:
application:
maxAge: 15d
elasticsearch:
nodeCount: 5Forward logs for all application logs to third-party
clusterLogForwarding:
enabled: true
forwarders:
splunk-forwarder:
secret:
name: splunk-forwarder
type: fluentdForward
url: tls://splunk-forwarder:24224
application_logs:
forwarders:
- splunk-forwarderForward logs for certain namespaces to third-party
clusterLogForwarding:
enabled: true
forwarders:
splunk-forwarder:
secret:
name: splunk-forwarder
type: fluentdForward
url: tls://splunk-forwarder:24224
namespace_groups:
my-group:
namespaces:
- my-namespace
forwarders:
- splunk-forwarder