OCP4 - Excluding log sources does not work as described in documentation

Solution Unverified - Updated -

Issue

  • According to the official OCP4 documentation, when we set a retention policy for one source of logs (application, infrastructure or audit) the other sources will not be collected.

    Red Hat OpenShift Container Platform - Configuring the log store:

    IMPORTANT
    If you do not specify a retention policy for all three log sources, only logs from the sources with a retention policy are stored. For example, if you set a retention policy for the infrastructure and applicaiton logs, but do not set a retention policy for audit logs, the audit logs will not be retained and there will be no audit- index in Elasticsearch or Kibana.

  • Nevertheless, even if the retention policy for applications is set, new indexes for infrastructure and audit logs are created:

    green open .kibana_1                     GbvdVof2RwmTj0MO4yXb-w 1 1         0 0    522b   261b
green open app-000007                    vjk5lxE6R0OSHOSs3Vr0cQ 3 0  54799797 0  45.4gb 45.4gb
green open .kibana_98632_cmr_1           dZmeF30ITMaFavHDeaCg6w 1 1         2 0 110.2kb 55.1kb
green open infra-000008                  n_kjKZfWSQ6tuIhJV8r7Rw 3 0  70156262 0  45.2gb 45.2gb
green open app-000009                    8ih90ip4R-GAsdSZbvYLKQ 3 0  57118849 0  47.6gb 47.6gb
green open app-000010                    lTL4ongKTk-J32fZ9TrsKw 3 0  43049226 0  37.3gb 37.3gb
green open app-000005                    Xzmv8sdQTtKRl6WhTjyQIA 3 0  57972369 0  48.3gb 48.3gb
green open audit-000007                  hFB74r5BToWPbZTAx6dXjA 3 0         0 0    783b   783b
green open infra-000004                  6OsQvxtvSDKnc1Jf3RLA0Q 3 0  73469619 0  47.2gb 47.2gb
green open audit-000010                  uk-jOlbcSw-avtXmbtK-7g 3 0         0 0    783b   783b
green open audit-000008                  01GxXUc-Qj2lzb8ufaU4Hg 3 0         0 0    783b   783b
green open audit-000006                  T1f9hksPQByHiNXh6rYU2Q 3 0         0 0    783b   783b
green open audit-000009                  KvJyLVGBTeWoNVZgKmhbsg 3 0         0 0    783b   783b
green open infra-000006                  Kq0J8KUjSeOEZ_ZtWKluIg 3 0  72599831 0  46.7gb 46.7gb
green open infra-000003                  sIVEPrhUR9SVfAkVmfg_6w 3 0  94107807 0  60.3gb 60.3gb
green open .kibana_-2116095764_u005150_1 J0GPYn7vSHuzpGzbkG0FEQ 1 1         2 0 109.2kb 54.6kb

  • That means the behavior is different from what is described in the documentation.

Environment

  • Red Hat OpenShift Container Platform (OCP) 4.5, 4.6, 4.7, 4.8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content