Most of the outputs supported have some concept of a tenant
and can currently be configured with custom values. For example Kafka
has topics
, CloudWatch
has log_groups
, and ElasticSearch
has indices
. This document provides guidance on configuring the tenant for supported outputs.
CloudWatch’s tenant can be configured by setting how logs are grouped together along with an optional prefix. Configure using the groupBy
& groupPrefix
fields.
-
Logs can be grouped by the following:
-
namespaceName
-
namespaceUUID
-
logType
-
spec:
outputs:
- name: cw
type: cloudwatch
cloudwatch:
groupBy: logType (1)
groupPrefix: <group prefix> (2)
region: us-east-2
-
Specify the
groupBy
type here. -
Specify an optional prefix to add to the tenant.
-
See the forwarding to CloudWatch section on the official documentation.
Elasticsearch’s default behavior is to send logs to indices defined by their log_type
and appended by -write
.
Example: `application` logs will be sent to the index `app-write`.
ElasticSearch’s index can be configured if parse: json
is enabled.
-
Configure using the
structuredTypeKey & structuredTypeName
fields.
spec:
outputs:
- name: external-es
type: elasticsearch
elasticsearch:
structuredTypeKey: kubernetes.namespace_name (1)
structuredTypeName: myParsedMessages (2)
pipelines:
- name: parsed-app-logs
inputRefs:
- application
outputRefs:
- external-es
parse: json (3)
-
Specify the
structuredTypeKey
here. -
Specify the
structuredTypeName
here. -
Parse JSON must be enabled.
Note
|
Both or one of structuredTypeKey and/or structuredTypeName must be specified. If both are specified, the structureTypeName will be used as fallback if the field defined by the structuredTypeKey is not present in the log record.
|
-
See the custom index configuration section of the internal Elasticsearch forwarding documentation.
-
See also the configuring JSON log data for Elasticsearch on the offical documention.
Google Cloud Logging can be configured with a custom tenant by setting the logId
field.
spec:
outputs:
- name: gcp-1
type: googleCloudLogging
secret:
name: gcp-secret
googleCloudLogging:
projectId : openshift-gce-devel
logId : app-gcp (1)
-
Specify the
logId
here.
-
See the internal forwarding doc for Google Cloud Logging.
-
See also the forwarding logs to GCL section on the official documentation.
A header
can be added to the HTTP output as a tenant label.
spec:
outputs:
- name: httpout-app
type: http
url: <HTTP-URL>
http:
headers:
h1: v1
tenant: myAppLogs (1)
method: POST
-
Specify the
header
here.
-
See the internal forwarding doc for Vector HTTP.
-
See also the forwarding logs to HTTP section on the offical documentation.
Kafka’s tenant can be configured by setting the topic
either through the topic
field or at the end of the URL.
spec:
outputs:
- name: app-logs
type: kafka
kafka:
topic: app-topic (1)
-
Specify the
topic
here.
spec:
outputs:
- name: app-logs
type: kafka
url: tls://kafka.example.devlab.com:9093/app-topic (1)
-
Specify the
topic
here.
-
See the forwarding to Kafka section on the official documentation.
Loki’s tenant can be configured through the tenantKey
field.
spec:
outputs:
- name: loki-insecure
type: "loki"
url: http://loki.insecure.com:3100
loki:
tenantKey: kubernetes.namespace_name (1)
-
Specify the
tenantKey
here.
-
See the forwarding logs to Loki section on the official documentation.
Splunk’s index can be configured by either setting an IndexKey
or IndexName
.
-
IndexKey
: Dynamic index extraction of logs.-
If the field referenced by the
IndexKey
is not present, the log will be sent to Splunks default index
-
-
IndexName
: Static index values.
Note
|
If IndexKey/IndexName is not defined, logs will be sent to Splunk’s default index.
|
spec:
outputs:
- name: splunk-receiver
type: splunk
splunk:
indexKey: "kubernetes.namespace_name" (1)
url: 'http://example-splunk-hec-service:8088'
-
Specify one of
indexKey
orindexName
not both.
-
See the customizing Splunk’s index section of the internal Splunk forwarding documentation.
-
See also the Splunk forwarding section on the official documentation.
Syslog uses a combination of facility & severity
to group logs. A possible way to define a tenant is to configure the tag
.
spec:
outputs:
- name: syslogout
syslog:
addLogSource: true
tag: mytag (1)
type: syslog
url: tls://syslog-receiver.openshift-logging.svc:24224
-
Specify the
tag
here.
-
See adding log source information to message output for Syslog on the official documentation.