Installing cluster logging

You can install cluster logging by deploying the Elasticsearch and Cluster Logging Operators. The Elasticsearch Operator creates and manages the Elasticsearch cluster used by cluster logging. The Cluster Logging Operator creates and manages the components of the logging stack.

Before you begin

The process for deploying cluster logging to OpenShift Container Platform involves:

• Reviewing the cluster logging storage considerations. For more information, see Configuring cluster logging storage.
• Installing the Elasticsearch Operator and Cluster Logging Operator using the OpenShift Container Platform web console or CLI. For more information, see Installing cluster logging.

About this task

Perform the following steps to install cluster logging:

1. To define index patterns and create visualizations in Kibana:
   1. Create your Kibana index patterns. Navigate to Management > Index Patterns and select Create index pattern.
   2. Each user who logs into Kibana for the first time must manually create index patterns to see logs for their projects. To view their container logs, users must create an index pattern named application and use the @timestamp time field.
   3. Each administrator logging into Kibana for the first time must create index patterns for the application, infrastructure, and audit indices using the @timestamp time field.
2. Create Kibana Visualizations from the new index patterns.
   1. When you log into Kibana for the first time, create index patterns for the application, infrastructure, and audit indices using the @timestamp time field. For example, app-000001, infra-000001.
   2. Create your queries specific to the Container name. For example, asi, ac, api.
3. Create queries specific to the AC Container.
   1. To display all the adapter container logs, create a query kubernetes.container_name.raw:"ac" and save this search as all_adapter_container_logs.
   2. To display logs specific to adapter container nodes, use the following command:

      kubernetes.pod_name:"adapter_container_podname" AND kubernetes.namespace_name:"namespace_name" AND kubernetes.container_name.raw:"ac"

      For example,

      kubernetes.pod_name:"b2bi-release-b2bi-ac-server-0" AND kubernetes.namespace_name:"default" AND kubernetes.container_name.raw:"ac"

   3. To display file specific logs such as the Perimeter.log for adapter container nodes, add a filter on the available fields. For example, message, for operators - exists and for label - Perimeter.log
4. Create queries specific to the ASI container.
   1. To display all the ASI container logs, create a query kubernetes.container_name.raw:"asi" and save this search as all_asi_logs.
   2. To display logs specific to ASI nodes, create the following query:

      kubernetes.pod_name:"asi_podname" AND kubernetes.namespace_name:"namespace_name" AND kubernetes.container_name.raw:"asi"

      For example,

      kubernetes.pod_name:"b2bi-release-b2bi-asi-server-0" AND kubernetes.namespace_name:"default" AND kubernetes.container_name.raw:"asi"

   3. To display file specific logs, such as Authentication.log, for Adapter Container nodes, add a filter on the available fields. For example, message, for operators - exists and for label - Authentication.log.
5. Create queries specific to the API Container.
   1. To display all the API container logs, create a query kubernetes.container_name.raw:"api" and save this search as api_logs.
   2. To display logs specific to the ASI nodes, create the following query:

      kubernetes.pod_name:"api_podname" AND kubernetes.namespace_name:"namespace_name" AND kubernetes.container_name.raw:"api"

      For example,

      kubernetes.pod_name:"b2bi-release-b2bi-api-server-0" AND kubernetes.namespace_name:"default" AND kubernetes.container_name.raw:"api"

   3. To display file specific logs such as messages.log for adapter container nodes, add a filter on the available fields. For example message, for operators - exists and for label - messages.log.

What to do next

Visualize

• Visualize enables you to create visualizations of the data in your Elasticsearch indices. You can then build dashboards that display related visualizations.
• Kibana visualizations are based on Elasticsearch queries. By using a series of Elasticsearch aggregations to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about.
• You can create visualizations from a search saved from Discover or start with a new search query.

For more information, see Create new visualization.

Dashboard

A Kibana dashboard displays a collection of visualizations and searches. You can arrange, resize, and edit the dashboard content and then save the dashboard so you can share it. For more information, see Building a Dashboard.