8.4. 将日志转发到 LokiStack
要配置日志转发到 LokiStack 网关,您必须创建一个 ClusterLogging 自定义资源 (CR)。
先决条件
- Red Hat OpenShift 的日志记录子系统: 5.5 及更新的版本
-
Loki OperatorOperator
流程
-
创建或编辑定义
ClusterLogging自定义资源 (CR )的 YAML 文件:
apiVersion: logging.openshift.io/v1
kind: ClusterLogging
metadata:
name: instance
namespace: openshift-logging
spec:
managementState: Managed
logStore:
type: lokistack
lokistack:
name: logging-loki
collection:
type: vector8.4.1. 对 Loki "entry out of order" 进行故障排除
如果您的 Fluentd 将大量信息转发到超过速率限制的 Loki 日志记录系统,Locki 会生成 "entry out of order" 错误。要解决这个问题,您需要更新 Loki 服务器配置文件中 loki.yaml 中的一些值。
注意
loki.yaml 在 Grafana 托管的 Loki 中不可用。本主题不适用于 Grafana 托管的 Loki 服务器。
Conditions
-
ClusterLogForwarder自定义资源配置为将日志转发到 Loki。 您的系统向 Loki 发送大于 2 MB 的信息块,例如:
"values":[["1630410392689800468","{\"kind\":\"Event\",\"apiVersion\":\ ....... ...... ...... ...... \"received_at\":\"2021-08-31T11:46:32.800278+00:00\",\"version\":\"1.7.4 1.6.0\"}},\"@timestamp\":\"2021-08-31T11:46:32.799692+00:00\",\"viaq_index_name\":\"audit-write\",\"viaq_msg_id\":\"MzFjYjJkZjItNjY0MC00YWU4LWIwMTEtNGNmM2E5ZmViMGU4\",\"log_type\":\"audit\"}"]]}]}当您进入
oc logs -c fluentd时,OpenShift Logging 集群中的 Fluentd 日志会显示以下信息:429 Too Many Requests Ingestion rate limit exceeded (limit: 8388608 bytes/sec) while attempting to ingest '2140' lines totaling '3285284' bytes 429 Too Many Requests Ingestion rate limit exceeded' or '500 Internal Server Error rpc error: code = ResourceExhausted desc = grpc: received message larger than max (5277702 vs. 4194304)'
当您在 Loki 服务器上打开日志时,它们会显示
entry out of order信息,类似:,\nentry with timestamp 2021-08-18 05:58:55.061936 +0000 UTC ignored, reason: 'entry out of order' for stream: {fluentd_thread=\"flush_thread_0\", log_type=\"audit\"},\nentry with timestamp 2021-08-18 06:01:18.290229 +0000 UTC ignored, reason: 'entry out of order' for stream: {fluentd_thread="flush_thread_0", log_type="audit"}
流程
使用此处所示的值更新 Loki 服务器上的
loki.yaml配置文件中的以下字段:-
grpc_server_max_recv_msg_size: 8388608 -
chunk_target_size: 8388608 -
ingestion_rate_mb: 8 -
ingestion_burst_size_mb: 16
-
-
将
loki.yaml中的更改应用到 Loki 服务器。
loki.yaml 文件示例
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
grpc_server_max_recv_msg_size: 8388608
ingester:
wal:
enabled: true
dir: /tmp/wal
lifecycler:
address: 127.0.0.1
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed
chunk_target_size: 8388608
max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h
chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m)
max_transfer_retries: 0 # Chunk transfers disabled
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
storage_config:
boltdb_shipper:
active_index_directory: /tmp/loki/boltdb-shipper-active
cache_location: /tmp/loki/boltdb-shipper-cache
cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
shared_store: filesystem
filesystem:
directory: /tmp/loki/chunks
compactor:
working_directory: /tmp/loki/boltdb-shipper-compactor
shared_store: filesystem
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 12h
ingestion_rate_mb: 8
ingestion_burst_size_mb: 16
chunk_store_config:
max_look_back_period: 0s
table_manager:
retention_deletes_enabled: false
retention_period: 0s
ruler:
storage:
type: local
local:
directory: /tmp/loki/rules
rule_path: /tmp/loki/rules-temp
alertmanager_url: http://localhost:9093
ring:
kvstore:
store: inmemory
enable_api: true
其他资源