Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 13. Performance and reliability tuning
13.1. Flow control mechanisms
If logs are produced faster than they can be collected, it can be difficult to predict or control the volume of logs being sent to an output. Not being able to predict or control the volume of logs being sent to an output can result in logs being lost. If there is a system outage and log buffers are accumulated without user control, this can also cause long recovery times and high latency when the connection is restored.
As an administrator, you can limit logging rates by configuring flow control mechanisms for your logging.
13.1.1. Benefits of flow control mechanisms
- The cost and volume of logging can be predicted more accurately in advance.
- Noisy containers cannot produce unbounded log traffic that drowns out other containers.
- Ignoring low-value logs reduces the load on the logging infrastructure.
- High-value logs can be preferred over low-value logs by assigning higher rate limits.
13.1.2. Configuring rate limits
Rate limits are configured per collector, which means that the maximum rate of log collection is the number of collector instances multiplied by the rate limit.
Because logs are collected from each node’s file system, a collector is deployed on each cluster node. For example, in a 3-node cluster, with a maximum rate limit of 10 records per second per collector, the maximum rate of log collection is 30 records per second.
Because the exact byte size of a record as written to an output can vary due to transformations, different encodings, or other factors, rate limits are set in number of records instead of bytes.
You can configure rate limits in the
ClusterLogForwarder- Output rate limit
- Limit the rate of outbound logs to selected outputs, for example, to match the network or storage capacity of an output. The output rate limit controls the aggregated per-output rate.
- Input rate limit
- Limit the per-container rate of log collection for selected containers.
13.1.3. Configuring log forwarder output rate limits
You can limit the rate of outbound logs to a specified output by configuring the
ClusterLogForwarderPrerequisites
- You have installed the Red Hat OpenShift Logging Operator.
- You have administrator permissions.
Procedure
Add a
limit value to themaxRecordsPerSecondCR for a specified output.ClusterLogForwarderThe following example shows how to configure a per collector output rate limit for a Kafka broker output named
:kafka-exampleExample
ClusterLogForwarderCRapiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: # ... spec: # ... outputs: - name: kafka-example1 type: kafka2 limit: maxRecordsPerSecond: 10000003 # ...- 1
- The output name.
- 2
- The type of output.
- 3
- The log output rate limit. This value sets the maximum Quantity of logs that can be sent to the Kafka broker per second. This value is not set by default. The default behavior is best effort, and records are dropped if the log forwarder cannot keep up. If this value is
0, no logs are forwarded.
Apply the
CR:ClusterLogForwarderExample command
$ oc apply -f <filename>.yaml
13.1.4. Configuring log forwarder input rate limits
You can limit the rate of incoming logs that are collected by configuring the
ClusterLogForwarderPrerequisites
- You have installed the Red Hat OpenShift Logging Operator.
- You have administrator permissions.
Procedure
Add a
limit value to themaxRecordsPerSecondCR for a specified input.ClusterLogForwarderThe following examples show how to configure input rate limits for different scenarios:
Example
ClusterLogForwarderCR that sets a per-container limit for containers with certain labelsapiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: # ... spec: # ... inputs: - name: <input_name>1 application: selector: matchLabels: { example: label }2 containerLimit: maxRecordsPerSecond: 03 # ...- 1
- The input name.
- 2
- A list of labels. If these labels match labels that are applied to a pod, the per-container limit specified in the
maxRecordsPerSecondfield is applied to those containers. - 3
- Configures the rate limit. Setting the
maxRecordsPerSecondfield to0means that no logs are collected for the container. Setting themaxRecordsPerSecondfield to some other value means that a maximum of that number of records per second are collected for the container.
Example
ClusterLogForwarderCR that sets a per-container limit for containers in selected namespacesapiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: # ... spec: # ... inputs: - name: <input_name>1 application: namespaces: [ example-ns-1, example-ns-2 ]2 containerLimit: maxRecordsPerSecond: 103 - name: <input_name> application: namespaces: [ test ] containerLimit: maxRecordsPerSecond: 1000 # ...- 1
- The input name.
- 2
- A list of namespaces. The per-container limit specified in the
maxRecordsPerSecondfield is applied to all containers in the namespaces listed. - 3
- Configures the rate limit. Setting the
maxRecordsPerSecondfield to10means that a maximum of 10 records per second are collected for each container in the namespaces listed.
Apply the
CR:ClusterLogForwarderExample command
$ oc apply -f <filename>.yaml
13.2. Filtering logs by content
Collecting all logs from a cluster might produce a large amount of data, which can be expensive to transport and store.
You can reduce the volume of your log data by filtering out low priority data that does not need to be stored. Logging provides content filters that you can use to reduce the volume of log data.
Content filters are distinct from
inputinputLog data volume can be reduced by using one of the following methods:
13.2.1. Configuring content filters to drop unwanted log records
When the
dropPrerequisites
- You have installed the Red Hat OpenShift Logging Operator.
- You have administrator permissions.
-
You have created a custom resource (CR).
ClusterLogForwarder
Procedure
Add a configuration for a filter to the
spec in thefiltersCR.ClusterLogForwarderThe following example shows how to configure the
CR to drop log records based on regular expressions:ClusterLogForwarderExample
ClusterLogForwarderCRapiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: # ... spec: filters: - name: <filter_name> type: drop1 drop:2 - test:3 - field: .kubernetes.labels."foo-bar/baz"4 matches: .+5 - field: .kubernetes.pod_name notMatches: "my-pod"6 pipelines: - name: <pipeline_name>7 filterRefs: ["<filter_name>"] # ...- 1
- Specifies the type of filter. The
dropfilter drops log records that match the filter configuration. - 2
- Specifies configuration options for applying the
dropfilter. - 3
- Specifies the configuration for tests that are used to evaluate whether a log record is dropped.
- If all the conditions specified for a test are true, the test passes and the log record is dropped.
-
When multiple tests are specified for the filter configuration, if any of the tests pass, the record is dropped.
drop - If there is an error evaluating a condition, for example, the field is missing from the log record being evaluated, that condition evaluates to false.
- 4
- Specifies a dot-delimited field path, which is a path to a field in the log record. The path can contain alpha-numeric characters and underscores (
a-zA-Z0-9_), for example,.kubernetes.namespace_name. If segments contain characters outside of this range, the segment must be in quotes, for example,.kubernetes.labels."foo.bar-bar/baz". You can include multiple field paths in a singletestconfiguration, but they must all evaluate to true for the test to pass and thedropfilter to be applied. - 5
- Specifies a regular expression. If log records match this regular expression, they are dropped. You can set either the
matchesornotMatchescondition for a singlefieldpath, but not both. - 6
- Specifies a regular expression. If log records do not match this regular expression, they are dropped. You can set either the
matchesornotMatchescondition for a singlefieldpath, but not both. - 7
- Specifies the pipeline that the
dropfilter is applied to.
Apply the
CR by running the following command:ClusterLogForwarder$ oc apply -f <filename>.yaml
Additional examples
The following additional example shows how you can configure the
dropapiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
# ...
spec:
filters:
- name: important
type: drop
drop:
test:
- field: .message
notMatches: "(?i)critical|error"
- field: .level
matches: "info|warning"
# ...In addition to including multiple field paths in a single
testtesttestapiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
# ...
spec:
filters:
- name: important
type: drop
drop:
test:
- field: .kubernetes.namespace_name
matches: "^open"
test:
- field: .log_type
matches: "application"
- field: .kubernetes.pod_name
notMatches: "my-pod"
# ...13.2.2. Configuring content filters to prune log records
When the
prunePrerequisites
- You have installed the Red Hat OpenShift Logging Operator.
- You have administrator permissions.
-
You have created a custom resource (CR).
ClusterLogForwarder
Procedure
Add a configuration for a filter to the
spec in thepruneCR.ClusterLogForwarderThe following example shows how to configure the
CR to prune log records based on field paths:ClusterLogForwarderImportantIf both are specified, records are pruned based on the
array first, which takes precedence over thenotInarray. After records have been pruned by using theinarray, they are then pruned by using thenotInarray.inExample
ClusterLogForwarderCRapiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: # ... spec: filters: - name: <filter_name> type: prune1 prune:2 in: [.kubernetes.annotations, .kubernetes.namespace_id]3 notIn: [.kubernetes,.log_type,.message,."@timestamp"]4 pipelines: - name: <pipeline_name>5 filterRefs: ["<filter_name>"] # ...- 1
- Specify the type of filter. The
prunefilter prunes log records by configured fields. - 2
- Specify configuration options for applying the
prunefilter. TheinandnotInfields are specified as arrays of dot-delimited field paths, which are paths to fields in log records. These paths can contain alpha-numeric characters and underscores (a-zA-Z0-9_), for example,.kubernetes.namespace_name. If segments contain characters outside of this range, the segment must be in quotes, for example,.kubernetes.labels."foo.bar-bar/baz". - 3
- Optional: Any fields that are specified in this array are removed from the log record.
- 4
- Optional: Any fields that are not specified in this array are removed from the log record.
- 5
- Specify the pipeline that the
prunefilter is applied to.
Apply the
CR by running the following command:ClusterLogForwarder$ oc apply -f <filename>.yaml
13.3. Filtering logs by metadata
You can filter logs in the
ClusterLogForwarderinputYou can use this feature only if the Vector collector is set up in your logging deployment.
inputinput13.3.1. Filtering application logs at input by including or excluding the namespace or container name
You can include or exclude the application logs based on the namespace and container name by using the
inputPrerequisites
- You have installed the Red Hat OpenShift Logging Operator.
- You have administrator permissions.
-
You have created a custom resource (CR).
ClusterLogForwarder
Procedure
Add a configuration to include or exclude the namespace and container names in the
CR.ClusterLogForwarderThe following example shows how to configure the
CR to include or exclude namespaces and container names:ClusterLogForwarderExample
ClusterLogForwarderCRapiVersion: "logging.openshift.io/v1" kind: ClusterLogForwarder # ... spec: inputs: - name: mylogs application: includes: - namespace: "my-project"1 container: "my-container"2 excludes: - container: "other-container*"3 namespace: "other-namespace"4 # ...Apply the
CR by running the following command:ClusterLogForwarder$ oc apply -f <filename>.yaml
The
excludesincludes13.3.2. Filtering application logs at input by including either the label expressions or matching label key and values
You can include the application logs based on the label expressions or a matching label key and its values by using the
inputPrerequisites
- You have installed the Red Hat OpenShift Logging Operator.
- You have administrator permissions.
-
You have created a custom resource (CR).
ClusterLogForwarder
Procedure
Add a configuration for a filter to the
spec in theinputCR.ClusterLogForwarderThe following example shows how to configure the
CR to include logs based on label expressions or matched label key/values:ClusterLogForwarderExample
ClusterLogForwarderCRapiVersion: "logging.openshift.io/v1" kind: ClusterLogForwarder # ... spec: inputs: - name: mylogs application: selector: matchExpressions: - key: env1 operator: In2 values: [“prod”, “qa”]3 - key: zone operator: NotIn values: [“east”, “west”] matchLabels:4 app: one name: app1 # ...Apply the
CR by running the following command:ClusterLogForwarder$ oc apply -f <filename>.yaml
13.3.3. Filtering the audit and infrastructure log inputs by source
You can define the list of
auditinfrastructureinputPrerequisites
- You have installed the Red Hat OpenShift Logging Operator.
- You have administrator permissions.
-
You have created a custom resource (CR).
ClusterLogForwarder
Procedure
Add a configuration to define the
andauditsources in theinfrastructureCR.ClusterLogForwarderThe following example shows how to configure the
CR to defineClusterLogForwarderandaduitsources:infrastructureExample
ClusterLogForwarderCRapiVersion: "logging.openshift.io/v1" kind: ClusterLogForwarder # ... spec: inputs: - name: mylogs1 infrastructure: sources:1 - node - name: mylogs2 audit: sources:2 - kubeAPI - openshiftAPI - ovn # ...- 1
- Specifies the list of infrastructure sources to collect. The valid sources include:
-
: Journal log from the node
node -
: Logs from the workloads deployed in the namespaces
container
-
- 2
- Specifies the list of audit sources to collect. The valid sources include:
-
: Logs from the Kubernetes API servers
kubeAPI -
: Logs from the OpenShift API servers
openshiftAPI -
: Logs from a node auditd service
auditd -
: Logs from an open virtual network service
ovn
-
Apply the
CR by running the following command:ClusterLogForwarder$ oc apply -f <filename>.yaml
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}