Red Hat SummitRelease notes
Red Hat OpenShift Logging 6.2
Highlights of what is new and what has changed with this OpenShift logging release.
Abstract
The release notes for OpenShift logging summarize all new features and enhancements, notable technical changes, major corrections from the previous version, and any known bugs upon general availability.
Chapter 1. Logging 6.2 Release Notes
Copy linkLink copied to clipboard!
1.1. Logging 6.2.6 Release Notes
Copy linkLink copied to clipboard!
This release includes RHBA-2025:19347.
1.2. Logging 6.2.5 Release Notes
Copy linkLink copied to clipboard!
This release includes RHBA-2025:16075.
1.2.1. Bug fixes
Copy linkLink copied to clipboard!
-
Before this update, the
vector_buffer_byte_sizeandvector_buffer_eventsmetrics incorrectly reported negative values under certain system load and timing conditions. This led to unreliable monitoring, potentially masking buffer issues. With this update, a concurrent, centralized state tracker ensures that these metrics are always reported as non-negative values. This ensures that the metrics correctly report buffer sizes helping with accurate monitoring. (LOG-7593) - Before this update, a change to the container image format caused issues when mirroring the images to image registries that do not support the new format. With this update, the container images are published using the older format again resolving the issue. (LOG-7700)
1.3. Logging 6.2.4 Release Notes
Copy linkLink copied to clipboard!
This release includes RHSA-2025:13241.
1.3.1. Bug Fixes
Copy linkLink copied to clipboard!
-
Before this update, using the
prunefilter to remove Kubernetes metadata fields such as.kubernetes.namespace_namecaused aremappingerror during Syslog output generation. This prevented theappnameandtagfields from being correctly initialized and could prevent forwarding of logs. With this update, this issue is fixed. Improved error handling initializes these fields with an empty string if the source metadata is missing, ensuring successful log processing. (LOG-7267) -
Before this update, a
ClusterLogForwardercustom resource (CR) that was configured for aLokiStackoutput with the OpenTelemetry (OTEL) data model incorrectly passed validation without thetech previewannotation. With this update, aClusterLogForwarderCR that is configured for aLokiStackoutput with the OTEL data model correctly fails validation unless thetech previewannotation is included. (LOG-7280) -
Before this update, the diagnostic tool of the Red Hat OpenShift Logging Operator did not automatically collect certain diagnosis data. With this update, the
operators.openshift.io/must-gather-imageannotation has been added to the Operator’sClusterServiceVersion. As a result, you can now use the--all-imagesflag to automatically collect the Operator’s diagnostic data successfully. (LOG-7304) -
Before this update, you could not create the
AlertingRuleCR for the infrastructure logs without specifying a namespace label. This limitation prevented alerts from being created in certain scenarios. With this update, you can create theRecordingRuleandAlertingRuleCRs in the infrastructure and audit logs without specifying a namespace label. (LOG-7317) -
Before this update, the
ClusterLogForwarderAPI did not validate the URL scheme for Kafka outputs, which could lead to configuration errors. With this update, theClusterLogForwarderAPI validates the URL scheme for Kafka outputs, and the API documentation reflects the valid URL scheme. (LOG-7387) - Before this update, a log record with a malformed timestamp could cause the Vector agent to panic when attempting to forward logs to Loki. With this update, error handling for out-of-range timestamp values has been improved resolving the issue. (LOG-7599)
1.3.2. CVEs
Copy linkLink copied to clipboard!
1.4. Logging 6.2.3 Release Notes
Copy linkLink copied to clipboard!
This release includes RHBA-2025:8138.
1.4.1. Bug Fixes
Copy linkLink copied to clipboard!
- Before this update, the cluster logging installation page contained an incorrect URL to the installation steps in the documentation. With this update, the link has been corrected, resolving the issue and helping users successfully navigate to the documentation. (LOG-6760)
- Before this update, the API documentation about default settings of the tuning delivery mode for log forwarding lacked clarity and sufficient detail. This could lead to users experiencing difficulty in understanding or optimally configuring these settings for their logging pipelines. With this update, the documentation has been revised to provide more comprehensive and clearer guidance on tuning delivery mode default settings, resolving potential ambiguities. (LOG-7131)
-
Before this update, merging data from the
messagefield into the root of a Syslog log event caused inconsistencies with the ViaQ data model. These inconsistencies could overwrite system information, duplicate data, or corrupt the log event. This update makes Syslog parsing and merging consistent with the other output types and resolves the issue (LOG-7185) -
Before this update, log forwarding failed when the cluster-wide proxy configuration included a URL with a username containing an encoded
@symbol; for example,user%40name. This update adds the correct support for URL-encoded values in proxy configurations and resolves the issue. (LOG-7188)
1.4.2. CVEs
Copy linkLink copied to clipboard!
1.5. Logging 6.2.2 Release Notes
Copy linkLink copied to clipboard!
This release includes RHBA-2025:4526.
1.5.1. Bug Fixes
Copy linkLink copied to clipboard!
-
Before this update, logs without the
responseStatus.codefield caused parsing errors in the Lokidistributorcomponent. This happened when using the OpenTelemetry data model. With this update, logs without theresponseStatus.codefield are parsed correctly. (LOG-7012) - Before this update, the Cloudwatch output supported log events up to 256 KB in size. With this update, the Cloudwatch output supports up to 1 MB in size to match the updates published by Amazon Web Services (AWS). (LOG-7013)
-
Before this update,
auditdlog messages with multiplemsgkeys could cause errors in collector pods, because the standardauditdlog format expects a singlemsgfield per log entry that follows themsg=audit(TIMESTAMP:ID)structure. With this update, only the firstmsgvalue is used, which resolves the issue and ensures accurate extraction of audit metadata. (LOG-7014) - Before this update, collector pods would enter a crash loop due to a configuration error when attempting token-based authentication with an Elasticsearch output. With this update, token authentication with an Elasticsearch output generates a valid configuration. (LOG-7017)
1.6. Logging 6.2.1 Release Notes
Copy linkLink copied to clipboard!
This release includes RHBA-2025:3908.
1.6.1. Bug Fixes
Copy linkLink copied to clipboard!
-
Before this update, application programming interface (API) audit logs collected from the management cluster used the
cluster_idvalue from the management cluster. With this update, API audit logs use thecluster_idvalue from the guest cluster. (LOG-4445) -
Before this update, issuing the
oc explain obsclf.spec.filterscommand did not list all the supported filters in the command output. With this update, all the supported filter types are listed in the command output. (LOG-6753) -
Before this update the log collector flagged a
ClusterLogForwarderresource with multiple inputs to a LokiStack output as invalid due to incorrect internal processing logic. This update fixes the issue. (LOG-6758) -
Before this update, issuing the
oc explaincommand for theclusterlogforwarder.spec.outputs.syslogresource returned an incomplete result. With this update, the missing supported types forrfcandenrichmentattributes are listed in the result correctly. (LOG-6869) - Before this update, empty OpenTelemetry (OTEL) tuning configuration caused validation errors. With this update, validation rules have been updated to accept empty tuning configuration. (LOG-6878)
-
Before this update the Red Hat OpenShift Logging Operator could not update the
securitycontextconstraintresource that is required by the log collector. With this update, the required cluster role has been provided to the service account of the Red Hat OpenShift Logging Operator. As a result of which, Red Hat OpenShift Logging Operator can create or update thesecuritycontextconstraintresource. (LOG-6879) -
Before this update, the API documentation for the URL attribute of the
syslogresource incorrectly mentioned the valueudpsas a supported value. With this update, all references toudpshave been removed. (LOG-6896) -
Before this update, the Red Hat OpenShift Logging Operator was intermittently unable to update the object in logs due to update conflicts. This update resolves the issue and prevents conflicts during object updates by using the
Patch()function instead of theUpdate()function. (LOG-6953) - Before this update, Loki ingesters that got into an unhealthy state due to networking issues stayed in that state even after the network recovered. With this update, you can configure the Loki Operator to perform service discovery more often so that unhealthy ingesters can rejoin the group. (LOG-6992)
- Before this update, the Vector collector could not forward Open Virtual Network (OVN) and Auditd logs. With this update, the Vector collector can forward OVN and Auditd logs. (LOG-6997)
1.6.2. CVEs
Copy linkLink copied to clipboard!
1.7. Logging 6.2.0 Release Notes
Copy linkLink copied to clipboard!
This release includes Logging for Red Hat OpenShift Bug Fix Release 6.2.0.
1.7.1. New Features and Enhancements
Copy linkLink copied to clipboard!
1.7.1.1. Log Collection
Copy linkLink copied to clipboard!
-
With this update, HTTP outputs include a
proxyfield that you can use to send log data through an HTTP proxy. (LOG-6069)
1.7.1.2. Log Storage
Copy linkLink copied to clipboard!
- With this update, time-based stream sharding in Loki is now enabled by the Loki Operator. This solves the issue of ingesting log entries older than the sliding time-window used by Loki. (LOG-6757)
- With this update, you can configure a custom certificate authority (CA) certificate with Loki Operator when using Swift as an object store. (LOG-4818)
- With this update, you can configure workload identity federation on Google Cloud Platform (GCP) by using the Cluster Credential Operator in OpenShift 4.17 and later releases with the Loki Operator. (LOG-6158)
1.7.2. Technology Preview
Copy linkLink copied to clipboard!
Important
The OpenTelemetry Protocol (OTLP) output log forwarder is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
-
With this update, OpenTelemetry support offered by OpenShift Logging continues to improve, specifically in the area of enabling migrations from the ViaQ data model to
OpenTelemetrywhen forwarding toLokiStack. (LOG-6146) -
With this update, the
structuredMetadatafield has been removed from Loki Operator in theotlpconfiguration because structured metadata is now the default type. Additionally, the update introduces adropfield that administrators can use to dropOpenTelemetryattributes when receiving data throughOpenTelemetryprotocol (OTLP). (LOG-6507)
1.7.3. Bug Fixes
Copy linkLink copied to clipboard!
-
Before this update, the timestamp shown in the console logs did not match the
@timestampfield in the message. With this update the timestamp is correctly shown in the console. (LOG-6222) -
The introduction of
ClusterLogForwarder6.x modified theClusterLogForwarderAPI to allow for a consistent templating mechanism. However, this was not applied to thesyslogoutput spec API for thefacilityandseverityfields. This update adds the required validation to theClusterLogForwarderAPI for thefacilityandseverityfields. (LOG-6661) -
Before this update, an error in the Loki Operator generating the Loki configuration caused the amount of workers to delete to be zero when
1x.picowas set as theLokiStacksize. With this update, the number of workers to delete is set to 10. (LOG-6781)
1.7.4. Known Issues
Copy linkLink copied to clipboard!
The previous data model encoded all information in JSON. The console still uses the query of the previous data model to decode both old and new entries. The logs that are stored by using the new
OpenTelemetrydata model for theLokiStackoutput display the following error in the logging console:__error__ JSONParserErr __error_details__ Value looks like object, but can't find closing '}' symbol
__error__ JSONParserErr __error_details__ Value looks like object, but can't find closing '}' symbolCopy to Clipboard Copied! Toggle word wrap Toggle overflow You can ignore the error as it is only a result of the query and not a data-related error. (LOG-6808)
-
Currently, the API documentation incorrectly mentions
OpenTelemetryprotocol (OTLP) attributes asincludedinstead ofexcludedin the descriptions of thedropfield. (LOG-6839).
1.7.5. CVEs
Copy linkLink copied to clipboard!
Legal Notice
Copy linkLink copied to clipboard!
Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}