After upgrade to OCP 4.5 Elasticsearch indices have a new format

Solution Verified - Updated -

Issue

The name scheme differed with the cluster logging in OpenShift 4.5.

  • There is no timestamp on the ElasticSearch index names to easily identify the time period of the documents in a given index. The index names are generic in nature (e.g., infra-000001 or app-000003).
  • Logs from all application namespaces are stored in a given app-###### index name. Thus, there is no ElasticSearch index for each namespace like there is in older versions.
  • Since there is no grouping of logs for given application namespace into its own ElasticSearch index, is there security in place so developers can only view logs for the namespaces they have access to?
  • It looks like the app-###### index names provide no value as a Kibana index pattern since it is not associated with any particular namespace or time period.

Environment

  • Red Hat OpenShift Container Platform
    • 4.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content