OpenShift Series: Aggregate OpenShift logs into enterprise logging system

Introduction

Red Hat OpenShift is an enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud, multicloud, and edge deployments. Red Hat OpenShift is optimized to improve developer productivity and promote innovation.

OpenShift provides some convenient mechanisms for viewing application logs. Firstly, you can view Pod’s logs directly from the web console or via the command line. Secondly, OpenShift provides support for out of the box logging stack consisting of (E)lasticSearch, (F)luentd and (K)ibana. The logging stack is responsible for log collection, aggregation and visualization.

However, the OpenShift Logging Elasticsearch instance is optimized and tested for short term storage, approximately seven days. If you want to retain your logs over a longer term, it is recommended you move the data to a third-party storage system. Secondly, for many organizations, enterprise log collection solutions may already be in place. They will have a need to make logs from OpenShift and workloads running on OpenShift to be made available in the same enterprise log collection system for monitoring, correlation and analytics.

In this article we will look at OpenShift out of the box support to integrate with external log collection systems. We will also look at various enterprise log collection systems that you can use to collect logs from OpenShift.