Jump To Close Expand all Collapse all Table of contents Logging 1. Release notes for Logging Expand section "1. Release notes for Logging" Collapse section "1. Release notes for Logging" 1.1. Logging 5.5.8 Expand section "1.1. Logging 5.5.8" Collapse section "1.1. Logging 5.5.8" 1.1.1. Bug fixes 1.1.2. CVEs 1.2. Logging 5.5.7 Expand section "1.2. Logging 5.5.7" Collapse section "1.2. Logging 5.5.7" 1.2.1. Bug fixes 1.2.2. CVEs 1.3. Logging 5.5.6 Expand section "1.3. Logging 5.5.6" Collapse section "1.3. Logging 5.5.6" 1.3.1. Known issues 1.3.2. Bug fixes 1.3.3. CVEs 1.4. Logging 5.5.5 Expand section "1.4. Logging 5.5.5" Collapse section "1.4. Logging 5.5.5" 1.4.1. Bug fixes 1.4.2. CVEs 1.5. Logging 5.5.4 Expand section "1.5. Logging 5.5.4" Collapse section "1.5. Logging 5.5.4" 1.5.1. Bug fixes 1.5.2. CVEs 1.6. Logging 5.5.3 Expand section "1.6. Logging 5.5.3" Collapse section "1.6. Logging 5.5.3" 1.6.1. Bug fixes 1.6.2. CVEs 1.7. Logging 5.5.2 Expand section "1.7. Logging 5.5.2" Collapse section "1.7. Logging 5.5.2" 1.7.1. Bug fixes 1.7.2. CVEs 1.8. Logging 5.5.1 Expand section "1.8. Logging 5.5.1" Collapse section "1.8. Logging 5.5.1" 1.8.1. Enhancements 1.8.2. Bug fixes 1.8.3. CVEs 1.9. Logging 5.5 Expand section "1.9. Logging 5.5" Collapse section "1.9. Logging 5.5" 1.9.1. Enhancements 1.9.2. Bug fixes 1.9.3. CVEs 1.10. Logging 5.4.14 Expand section "1.10. Logging 5.4.14" Collapse section "1.10. Logging 5.4.14" 1.10.1. Bug fixes 1.10.2. CVEs 1.11. Logging 5.4.13 Expand section "1.11. Logging 5.4.13" Collapse section "1.11. Logging 5.4.13" 1.11.1. Bug fixes 1.11.2. CVEs 1.12. Logging 5.4.12 Expand section "1.12. Logging 5.4.12" Collapse section "1.12. Logging 5.4.12" 1.12.1. Bug fixes 1.12.2. CVEs 1.13. Logging 5.4.11 Expand section "1.13. Logging 5.4.11" Collapse section "1.13. Logging 5.4.11" 1.13.1. Bug fixes 1.13.2. CVEs 1.14. Logging 5.4.10 Expand section "1.14. Logging 5.4.10" Collapse section "1.14. Logging 5.4.10" 1.14.1. Bug fixes 1.14.2. CVEs 1.15. Logging 5.4.9 Expand section "1.15. Logging 5.4.9" Collapse section "1.15. Logging 5.4.9" 1.15.1. Bug fixes 1.15.2. CVEs 1.16. Logging 5.4.8 Expand section "1.16. Logging 5.4.8" Collapse section "1.16. Logging 5.4.8" 1.16.1. Bug fixes 1.16.2. CVEs 1.17. Logging 5.4.6 Expand section "1.17. Logging 5.4.6" Collapse section "1.17. Logging 5.4.6" 1.17.1. Bug fixes 1.17.2. CVEs 1.18. Logging 5.4.5 Expand section "1.18. Logging 5.4.5" Collapse section "1.18. Logging 5.4.5" 1.18.1. Bug fixes 1.18.2. CVEs 1.19. Logging 5.4.4 Expand section "1.19. Logging 5.4.4" Collapse section "1.19. Logging 5.4.4" 1.19.1. Bug fixes 1.19.2. CVEs 1.20. Logging 5.4.3 Expand section "1.20. Logging 5.4.3" Collapse section "1.20. Logging 5.4.3" 1.20.1. Elasticsearch Operator deprecation notice 1.20.2. Bug fixes 1.20.3. CVEs 1.21. Logging 5.4.2 Expand section "1.21. Logging 5.4.2" Collapse section "1.21. Logging 5.4.2" 1.21.1. Bug fixes 1.21.2. CVEs 1.22. Logging 5.4.1 Expand section "1.22. Logging 5.4.1" Collapse section "1.22. Logging 5.4.1" 1.22.1. Bug fixes 1.22.2. CVEs 1.23. Logging 5.4 Expand section "1.23. Logging 5.4" Collapse section "1.23. Logging 5.4" 1.23.1. Technology Previews 1.23.2. About Vector Expand section "1.23.2. About Vector" Collapse section "1.23.2. About Vector" 1.23.2.1. Enabling Vector 1.23.3. About Loki Expand section "1.23.3. About Loki" Collapse section "1.23.3. About Loki" 1.23.3.1. Deploying the Lokistack 1.23.4. Bug fixes 1.23.5. CVEs 1.24. Logging 5.3.14 Expand section "1.24. Logging 5.3.14" Collapse section "1.24. Logging 5.3.14" 1.24.1. Bug fixes 1.24.2. CVEs 1.25. Logging 5.3.13 Expand section "1.25. Logging 5.3.13" Collapse section "1.25. Logging 5.3.13" 1.25.1. Bug fixes 1.25.2. CVEs 1.26. Logging 5.3.12 Expand section "1.26. Logging 5.3.12" Collapse section "1.26. Logging 5.3.12" 1.26.1. Bug fixes 1.26.2. CVEs 1.27. Logging 5.3.11 Expand section "1.27. Logging 5.3.11" Collapse section "1.27. Logging 5.3.11" 1.27.1. Bug fixes 1.27.2. CVEs 1.28. Logging 5.3.10 Expand section "1.28. Logging 5.3.10" Collapse section "1.28. Logging 5.3.10" 1.28.1. Bug fixes 1.28.2. CVEs 1.29. Logging 5.3.9 Expand section "1.29. Logging 5.3.9" Collapse section "1.29. Logging 5.3.9" 1.29.1. Bug fixes 1.29.2. CVEs 1.30. Logging 5.3.8 Expand section "1.30. Logging 5.3.8" Collapse section "1.30. Logging 5.3.8" 1.30.1. Bug fixes 1.30.2. CVEs 1.31. OpenShift Logging 5.3.7 Expand section "1.31. OpenShift Logging 5.3.7" Collapse section "1.31. OpenShift Logging 5.3.7" 1.31.1. Bug fixes 1.31.2. CVEs 1.32. OpenShift Logging 5.3.6 Expand section "1.32. OpenShift Logging 5.3.6" Collapse section "1.32. OpenShift Logging 5.3.6" 1.32.1. Bug fixes 1.33. OpenShift Logging 5.3.5 Expand section "1.33. OpenShift Logging 5.3.5" Collapse section "1.33. OpenShift Logging 5.3.5" 1.33.1. Bug fixes 1.33.2. CVEs 1.34. OpenShift Logging 5.3.4 Expand section "1.34. OpenShift Logging 5.3.4" Collapse section "1.34. OpenShift Logging 5.3.4" 1.34.1. Bug fixes 1.34.2. CVEs 1.35. OpenShift Logging 5.3.3 Expand section "1.35. OpenShift Logging 5.3.3" Collapse section "1.35. OpenShift Logging 5.3.3" 1.35.1. Bug fixes 1.35.2. CVEs 1.36. OpenShift Logging 5.3.2 Expand section "1.36. OpenShift Logging 5.3.2" Collapse section "1.36. OpenShift Logging 5.3.2" 1.36.1. Bug fixes 1.36.2. CVEs 1.37. OpenShift Logging 5.3.1 Expand section "1.37. OpenShift Logging 5.3.1" Collapse section "1.37. OpenShift Logging 5.3.1" 1.37.1. Bug fixes 1.37.2. CVEs 1.38. OpenShift Logging 5.3.0 Expand section "1.38. OpenShift Logging 5.3.0" Collapse section "1.38. OpenShift Logging 5.3.0" 1.38.1. New features and enhancements 1.38.2. Bug fixes 1.38.3. Known issues 1.38.4. Deprecated and removed features Expand section "1.38.4. Deprecated and removed features" Collapse section "1.38.4. Deprecated and removed features" 1.38.4.1. Forwarding logs using the legacy Fluentd and legacy syslog methods have been removed 1.38.4.2. Configuration mechanisms for legacy forwarding methods have been removed 1.38.5. CVEs 1.39. Logging 5.2.13 Expand section "1.39. Logging 5.2.13" Collapse section "1.39. Logging 5.2.13" 1.39.1. Bug fixes 1.39.2. CVEs 1.40. Logging 5.2.12 Expand section "1.40. Logging 5.2.12" Collapse section "1.40. Logging 5.2.12" 1.40.1. Bug fixes 1.40.2. CVEs 1.41. Logging 5.2.11 Expand section "1.41. Logging 5.2.11" Collapse section "1.41. Logging 5.2.11" 1.41.1. Bug fixes 1.41.2. CVEs 1.42. OpenShift Logging 5.2.10 Expand section "1.42. OpenShift Logging 5.2.10" Collapse section "1.42. OpenShift Logging 5.2.10" 1.42.1. Bug fixes 1.42.2. CVEs 1.43. OpenShift Logging 5.2.9 Expand section "1.43. OpenShift Logging 5.2.9" Collapse section "1.43. OpenShift Logging 5.2.9" 1.43.1. Bug fixes 1.44. OpenShift Logging 5.2.8 Expand section "1.44. OpenShift Logging 5.2.8" Collapse section "1.44. OpenShift Logging 5.2.8" 1.44.1. Bug fixes 1.44.2. CVEs 1.45. OpenShift Logging 5.2.7 Expand section "1.45. OpenShift Logging 5.2.7" Collapse section "1.45. OpenShift Logging 5.2.7" 1.45.1. Bug fixes 1.45.2. CVEs 1.46. OpenShift Logging 5.2.6 Expand section "1.46. OpenShift Logging 5.2.6" Collapse section "1.46. OpenShift Logging 5.2.6" 1.46.1. Bug fixes 1.46.2. CVEs 1.47. OpenShift Logging 5.2.5 Expand section "1.47. OpenShift Logging 5.2.5" Collapse section "1.47. OpenShift Logging 5.2.5" 1.47.1. Bug fixes 1.47.2. CVEs 1.48. OpenShift Logging 5.2.4 Expand section "1.48. OpenShift Logging 5.2.4" Collapse section "1.48. OpenShift Logging 5.2.4" 1.48.1. Bug fixes 1.48.2. CVEs 1.49. OpenShift Logging 5.2.3 Expand section "1.49. OpenShift Logging 5.2.3" Collapse section "1.49. OpenShift Logging 5.2.3" 1.49.1. Bug fixes 1.49.2. CVEs 1.50. OpenShift Logging 5.2.2 Expand section "1.50. OpenShift Logging 5.2.2" Collapse section "1.50. OpenShift Logging 5.2.2" 1.50.1. Bug fixes 1.50.2. CVEs 1.51. OpenShift Logging 5.2.1 Expand section "1.51. OpenShift Logging 5.2.1" Collapse section "1.51. OpenShift Logging 5.2.1" 1.51.1. Bug fixes 1.51.2. CVEs 1.52. OpenShift Logging 5.2.0 Expand section "1.52. OpenShift Logging 5.2.0" Collapse section "1.52. OpenShift Logging 5.2.0" 1.52.1. New features and enhancements 1.52.2. Bug fixes 1.52.3. Known issues 1.52.4. Deprecated and removed features 1.52.5. Forwarding logs using the legacy Fluentd and legacy syslog methods have been deprecated 1.52.6. CVEs 2. Understanding the logging subsystem for Red Hat OpenShift Expand section "2. Understanding the logging subsystem for Red Hat OpenShift" Collapse section "2. Understanding the logging subsystem for Red Hat OpenShift" 2.1. Glossary of common terms for OpenShift Container Platform Logging 2.2. About deploying the logging subsystem for Red Hat OpenShift Expand section "2.2. About deploying the logging subsystem for Red Hat OpenShift" Collapse section "2.2. About deploying the logging subsystem for Red Hat OpenShift" 2.2.1. About JSON OpenShift Container Platform Logging 2.2.2. About collecting and storing Kubernetes events 2.2.3. About updating OpenShift Container Platform Logging 2.2.4. About viewing the cluster dashboard 2.2.5. About troubleshooting OpenShift Container Platform Logging 2.2.6. About uninstalling OpenShift Container Platform Logging 2.2.7. About exporting fields 2.2.8. About logging subsystem components 2.2.9. About the logging collector 2.2.10. About the log store 2.2.11. About logging visualization 2.2.12. About event routing 2.2.13. About log forwarding 3. Installing the logging subsystem for Red Hat OpenShift Expand section "3. Installing the logging subsystem for Red Hat OpenShift" Collapse section "3. Installing the logging subsystem for Red Hat OpenShift" 3.1. Installing the logging subsystem for Red Hat OpenShift using the web console 3.2. Post-installation tasks 3.3. Installing the logging subsystem for Red Hat OpenShift using the CLI 3.4. Post-installation tasks Expand section "3.4. Post-installation tasks" Collapse section "3.4. Post-installation tasks" 3.4.1. Defining Kibana index patterns 3.4.2. Allowing traffic between projects when network isolation is enabled 4. Configuring your Logging deployment Expand section "4. Configuring your Logging deployment" Collapse section "4. Configuring your Logging deployment" 4.1. About the Cluster Logging custom resource Expand section "4.1. About the Cluster Logging custom resource" Collapse section "4.1. About the Cluster Logging custom resource" 4.1.1. About the ClusterLogging custom resource 4.2. Configuring the logging collector Expand section "4.2. Configuring the logging collector" Collapse section "4.2. Configuring the logging collector" 4.2.1. About unsupported configurations 4.2.2. Viewing logging collector pods 4.2.3. Configure log collector CPU and memory limits 4.2.4. Advanced configuration for the log forwarder 4.2.5. Removing unused components if you do not use the default Elasticsearch log store 4.3. Configuring the log store Expand section "4.3. Configuring the log store" Collapse section "4.3. Configuring the log store" 4.3.1. Forwarding audit logs to the log store 4.3.2. Configuring log retention time 4.3.3. Configuring CPU and memory requests for the log store 4.3.4. Configuring replication policy for the log store 4.3.5. Scaling down Elasticsearch pods 4.3.6. Configuring persistent storage for the log store 4.3.7. Configuring the log store for emptyDir storage 4.3.8. Performing an Elasticsearch rolling cluster restart 4.3.9. Exposing the log store service as a route 4.4. Configuring the log visualizer Expand section "4.4. Configuring the log visualizer" Collapse section "4.4. Configuring the log visualizer" 4.4.1. Configuring CPU and memory limits 4.4.2. Scaling redundancy for the log visualizer nodes 4.5. Configuring logging subsystem storage Expand section "4.5. Configuring logging subsystem storage" Collapse section "4.5. Configuring logging subsystem storage" 4.5.1. Storage considerations for the logging subsystem for Red Hat OpenShift 4.5.2. Additional resources 4.6. Configuring CPU and memory limits for logging subsystem components Expand section "4.6. Configuring CPU and memory limits for logging subsystem components" Collapse section "4.6. Configuring CPU and memory limits for logging subsystem components" 4.6.1. Configuring CPU and memory limits 4.7. Using tolerations to control OpenShift Logging pod placement Expand section "4.7. Using tolerations to control OpenShift Logging pod placement" Collapse section "4.7. Using tolerations to control OpenShift Logging pod placement" 4.7.1. Using tolerations to control the log store pod placement 4.7.2. Using tolerations to control the log visualizer pod placement 4.7.3. Using tolerations to control the log collector pod placement 4.7.4. Additional resources 4.8. Moving logging subsystem resources with node selectors Expand section "4.8. Moving logging subsystem resources with node selectors" Collapse section "4.8. Moving logging subsystem resources with node selectors" 4.8.1. Moving OpenShift Logging resources 4.9. Configuring systemd-journald and Fluentd Expand section "4.9. Configuring systemd-journald and Fluentd" Collapse section "4.9. Configuring systemd-journald and Fluentd" 4.9.1. Configuring systemd-journald for OpenShift Logging 4.10. Maintenance and support Expand section "4.10. Maintenance and support" Collapse section "4.10. Maintenance and support" 4.10.1. About unsupported configurations 4.10.2. Unsupported configurations 4.10.3. Support policy for unmanaged Operators 5. Viewing logs for a resource Expand section "5. Viewing logs for a resource" Collapse section "5. Viewing logs for a resource" 5.1. Viewing resource logs 6. Viewing cluster logs by using Kibana Expand section "6. Viewing cluster logs by using Kibana" Collapse section "6. Viewing cluster logs by using Kibana" 6.1. Defining Kibana index patterns 6.2. Viewing cluster logs in Kibana 7. Forwarding logs to external third-party logging systems Expand section "7. Forwarding logs to external third-party logging systems" Collapse section "7. Forwarding logs to external third-party logging systems" 7.1. About forwarding logs to third-party systems Expand section "7.1. About forwarding logs to third-party systems" Collapse section "7.1. About forwarding logs to third-party systems" 7.1.1. Creating a Secret 7.2. Supported log data output types in OpenShift Logging 5.1 7.3. Supported log data output types in OpenShift Logging 5.2 7.4. Supported log data output types in OpenShift Logging 5.3 7.5. Supported log data output types in OpenShift Logging 5.4 7.6. Supported log data output types in OpenShift Logging 5.5 7.7. Supported log data output types in OpenShift Logging 5.6 7.8. Forwarding logs to an external Elasticsearch instance 7.9. Forwarding logs using the Fluentd forward protocol Expand section "7.9. Forwarding logs using the Fluentd forward protocol" Collapse section "7.9. Forwarding logs using the Fluentd forward protocol" 7.9.1. Enabling nanosecond precision for Logstash to ingest data from fluentd 7.10. Forwarding logs using the syslog protocol Expand section "7.10. Forwarding logs using the syslog protocol" Collapse section "7.10. Forwarding logs using the syslog protocol" 7.10.1. Adding log source information to message output 7.10.2. Syslog parameters 7.10.3. Additional RFC5424 syslog parameters 7.11. Forwarding logs to Amazon CloudWatch 7.12. Forwarding logs to Loki Expand section "7.12. Forwarding logs to Loki" Collapse section "7.12. Forwarding logs to Loki" 7.12.1. Troubleshooting Loki "entry out of order" errors 7.13. Forwarding application logs from specific projects 7.14. Forwarding application logs from specific pods 7.15. Troubleshooting log forwarding 8. Enabling JSON logging Expand section "8. Enabling JSON logging" Collapse section "8. Enabling JSON logging" 8.1. Parsing JSON logs 8.2. Configuring JSON log data for Elasticsearch 8.3. Forwarding JSON logs to the Elasticsearch log store 9. Collecting and storing Kubernetes events Expand section "9. Collecting and storing Kubernetes events" Collapse section "9. Collecting and storing Kubernetes events" 9.1. Deploying and configuring the Event Router 10. Updating OpenShift Logging Expand section "10. Updating OpenShift Logging" Collapse section "10. Updating OpenShift Logging" 10.1. Supported Versions 10.2. Updating Logging to the current version 11. Viewing cluster dashboards Expand section "11. Viewing cluster dashboards" Collapse section "11. Viewing cluster dashboards" 11.1. Accessing the Elasticsearch and OpenShift Logging dashboards 11.2. About the OpenShift Logging dashboard 11.3. Charts on the Logging/Elasticsearch nodes dashboard 12. Troubleshooting Logging Expand section "12. Troubleshooting Logging" Collapse section "12. Troubleshooting Logging" 12.1. Viewing OpenShift Logging status Expand section "12.1. Viewing OpenShift Logging status" Collapse section "12.1. Viewing OpenShift Logging status" 12.1.1. Viewing the status of the Red Hat OpenShift Logging Operator Expand section "12.1.1. Viewing the status of the Red Hat OpenShift Logging Operator" Collapse section "12.1.1. Viewing the status of the Red Hat OpenShift Logging Operator" 12.1.1.1. Example condition messages 12.1.2. Viewing the status of logging subsystem components 12.2. Viewing the status of the Elasticsearch log store Expand section "12.2. Viewing the status of the Elasticsearch log store" Collapse section "12.2. Viewing the status of the Elasticsearch log store" 12.2.1. Viewing the status of the log store Expand section "12.2.1. Viewing the status of the log store" Collapse section "12.2.1. Viewing the status of the log store" 12.2.1.1. Example condition messages 12.2.2. Viewing the status of the log store components 12.2.3. Elasticsearch cluster status 12.3. Understanding logging subsystem alerts Expand section "12.3. Understanding logging subsystem alerts" Collapse section "12.3. Understanding logging subsystem alerts" 12.3.1. Viewing logging collector alerts 12.3.2. About logging collector alerts 12.3.3. About Elasticsearch alerting rules 12.4. Collecting logging data for Red Hat Support Expand section "12.4. Collecting logging data for Red Hat Support" Collapse section "12.4. Collecting logging data for Red Hat Support" 12.4.1. About the must-gather tool 12.4.2. Prerequisites 12.4.3. Collecting OpenShift Logging data 12.5. Troubleshooting for Critical Alerts Expand section "12.5. Troubleshooting for Critical Alerts" Collapse section "12.5. Troubleshooting for Critical Alerts" 12.5.1. Elasticsearch Cluster Health is Red 12.5.2. Elasticsearch Cluster Health is Yellow 12.5.3. Elasticsearch Node Disk Low Watermark Reached 12.5.4. Elasticsearch Node Disk High Watermark Reached 12.5.5. Elasticsearch Node Disk Flood Watermark Reached 12.5.6. Elasticsearch JVM Heap Use is High 12.5.7. Aggregated Logging System CPU is High 12.5.8. Elasticsearch Process CPU is High 12.5.9. Elasticsearch Disk Space is Running Low 12.5.10. Elasticsearch FileDescriptor Usage is high 13. Uninstalling OpenShift Logging Expand section "13. Uninstalling OpenShift Logging" Collapse section "13. Uninstalling OpenShift Logging" 13.1. Uninstalling the logging subsystem for Red Hat OpenShift 14. Log Record Fields 15. message 16. structured 17. @timestamp 18. hostname 19. ipaddr4 20. ipaddr6 21. level 22. pid 23. service 24. tags 25. file 26. offset 27. kubernetes Expand section "27. kubernetes" Collapse section "27. kubernetes" 27.1. kubernetes.pod_name 27.2. kubernetes.pod_id 27.3. kubernetes.namespace_name 27.4. kubernetes.namespace_id 27.5. kubernetes.host 27.6. kubernetes.container_name 27.7. kubernetes.annotations 27.8. kubernetes.labels 27.9. kubernetes.event Expand section "27.9. kubernetes.event" Collapse section "27.9. kubernetes.event" 27.9.1. kubernetes.event.verb 27.9.2. kubernetes.event.metadata Expand section "27.9.2. kubernetes.event.metadata" Collapse section "27.9.2. kubernetes.event.metadata" 27.9.2.1. kubernetes.event.metadata.name 27.9.2.2. kubernetes.event.metadata.namespace 27.9.2.3. kubernetes.event.metadata.selfLink 27.9.2.4. kubernetes.event.metadata.uid 27.9.2.5. kubernetes.event.metadata.resourceVersion 27.9.3. kubernetes.event.involvedObject Expand section "27.9.3. kubernetes.event.involvedObject" Collapse section "27.9.3. kubernetes.event.involvedObject" 27.9.3.1. kubernetes.event.involvedObject.kind 27.9.3.2. kubernetes.event.involvedObject.namespace 27.9.3.3. kubernetes.event.involvedObject.name 27.9.3.4. kubernetes.event.involvedObject.uid 27.9.3.5. kubernetes.event.involvedObject.apiVersion 27.9.3.6. kubernetes.event.involvedObject.resourceVersion 27.9.4. kubernetes.event.reason 27.9.5. kubernetes.event.source_component 27.9.6. kubernetes.event.firstTimestamp 27.9.7. kubernetes.event.count 27.9.8. kubernetes.event.type 28. OpenShift Expand section "28. OpenShift" Collapse section "28. OpenShift" 28.1. openshift.labels Legal Notice Settings Close Language: 简体中文 한국어 日本語 English Language: 简体中文 한국어 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 简体中文 한국어 日本語 English Language: 简体中文 한국어 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Chapter 15. message The original log entry text, UTF-8 encoded. This field may be absent or empty if a non-empty structured field is present. See the description of structured for more. Data type text Example value HAPPY Previous Next