Hide Forgot
What are some of the most common log queries we use in Kibana for OpenShift and what are their syntax? Things like... * What are all the logs for the last hour for a single version of a single application, but across all replicas? * What are all the logs for the last hour for all versions of a single application, but across all replicas? * What are all the logs, categorized as error, for the last hour for a single version of a single application, but across all replicas? Do we have documentation posted of best practices or most useful/frequently used?
(In reply to Rich Megginson from comment #0) > What are some of the most common log queries we use in Kibana for OpenShift > and what are their syntax? > > Things like... > > * What are all the logs for the last hour for a single version of a single > application, but across all replicas? kubernetes_labels_deployment:"<name of replication controller>" > * What are all the logs for the last hour for all versions of a single > application, but across all replicas? kubernetes_labels_deploymentconfig:"<name of deployment config>" > * What are all the logs, categorized as error, for the last hour for a > single version of a single application, but across all replicas? kubernetes_labels_deployment:"<name of RC>" AND message:ERROR To note: we also don't have a log level field to filter on for container logs (at least not in 3.3.1 and earlier)
(In reply to ewolinet from comment #1) > To note: we also don't have a log level field to filter on for container > logs (at least not in 3.3.1 and earlier) We don't really have one in 3.4 with the common data model and journal input either. https://github.com/openshift/origin-aggregated-logging/blob/master/fluentd/configs.d/openshift/filter-retag-journal.conf#L2 # The stream identification is encoded into the PRIORITY field as an # integer: 6, or github.com/coreos/go-systemd/journal.Info, marks stdout, # while 3, or github.com/coreos/go-systemd/journal.Err, marks stderr. # PRIORITY=6 So we map this to the "level" field: https://github.com/openshift/origin-aggregated-logging/blob/master/fluentd/configs.d/openshift/filter-k8s-record-transform.conf#L14 level ${record['PRIORITY']} We don't have a way to take a "message" field like this: 172.17.0.1 - - [21/May/2016:16:52:05 +0000] "GET /healthz HTTP/1.1" 404 0 "" "Go-http-client/1.1" and say "ah, that's an apache log - parse out the '404' and turn that into some sort of error code"
Customer in OCP 3.6 environment is making this request in SFDC 02169998
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers. Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant. This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.