Bug 1968576 - Logging documentation suggests creating index patterns for indices that don't exist in empty cluster
Summary: Logging documentation suggests creating index patterns for indices that don't...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 4.8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: landerso
QA Contact: Xiaoli Tian
Claire Bremble
URL:
Whiteboard:
: 1968577 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-07 15:20 UTC by Erik M Jacobs
Modified: 2022-10-24 14:50 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-10-24 14:50:57 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHDEVDOCS-3079 0 Unprioritized Open Bug 1968576 - Logging documentation suggests creating index patterns for indices that don't exist in empty cluster 2021-06-17 16:01:46 UTC

Description Erik M Jacobs 2021-06-07 15:20:48 UTC
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-deploying.html#cluster-logging-visualizer-indices_cluster-logging-deploying

When a cluster is first created, if Logging is one of the initial things installed/deployed, there is not yet anything that will generate app logs. Similarly, audit isn't enabled by default, and no audit logs will be generated.

Until these logs are generated, no indices for apps or audit will exist.

This makes creating index _patterns_ for them impossible.

There is a note about audit logs that does not make this clear, but no such note exists for app logs.

Comment 1 Petr Kovar 2021-11-01 14:02:50 UTC
*** Bug 1968577 has been marked as a duplicate of this bug. ***

Comment 6 Claire Bremble 2022-09-15 18:14:05 UTC
Impacts supported OCP version, so updating to 4.8

Comment 7 landerso 2022-10-24 14:50:57 UTC
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-deploying.html#cluster-logging-visualizer-indices_cluster-logging-deploying 

"The audit logs are not stored in the internal OpenShift Container Platform Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the default output for audit logs.

Elasticsearch documents must be indexed before you can create index patterns. This is done automatically, but it might take a few minutes in a new or updated cluster."


Note You need to log in before you can comment on or make changes to this bug.