Application logging with EFK

Use the Elasticsearch, Fluentd, and Kibana (EFK) tools to aggregate application log data for IBM® Cloud Pak for Network Automation.

Pod processes running in Kubernetes frequently produce logs. To manage this log data and ensure that no loss of log data occurs when a pod terminates, deploy a log aggregation tool on the Kubernetes cluster. Log aggregation tools help users persist, search, and visualize the log data that is gathered from the pods across the cluster.

Log aggregation tools in the market today include EFK, LogDNA, Splunk, Datadog, and IBM Operations Analytics. When enterprises consider log aggregation tools, they make choices that are inclusive of their journey to cloud, both new cloud-native applications that run in Kubernetes and traditional IT choices.

One choice for application logging with log aggregation, based on open source, is EFK. You can deploy EFK by using the Elasticsearch Operator and the Cluster Logging Operator. Use this preconfigured EFK stack to aggregate all container logs. After a successful installation, the EFK pods are located inside the openshift-logging namespace of the cluster.
Important: If multitenancy is enabled for the Cloud Pak and you deploy EFK, ensure that only administrators can access Kibana. Do not enable access to Kibana from the Nimrod UI. In Kibana, users that belong to one tenant can view logs that originate from the requests of users that belong to other tenants.