Chapter 1. Default logging alerts


Logging alerts are installed as part of the Red Hat OpenShift Logging Operator installation. Alerts depend on metrics exported by the log collection and log storage backends. These metrics are enabled if you selected the option to Enable Operator recommended cluster monitoring on this namespace when installing the Red Hat OpenShift Logging Operator.

Default logging alerts are sent to the OpenShift Container Platform monitoring stack Alertmanager in the openshift-monitoring namespace, unless you have disabled the local Alertmanager instance.

You can access the Alerting user interface (UI) through the Administrator perspective of the OpenShift Container Platform web console.

Prerequisites

  • You have administrator permissions.
  • You have access to the OpenShift Container Platform web console.

Procedure

  • From the Administrator perspective, go to Observe Alerting. The three main pages in the Alerting UI in this perspective are the Alerts, Silences, and Alerting rules pages.

1.2. Red Hat OpenShift Logging Operator alerts

The following alerts are generated by the Vector collector. You can view these alerts in the OpenShift Container Platform web console.

Expand
Table 1.1. Vector collector alerts
AlertMessageDescriptionSeverity

CollectorNodeDown

Prometheus could not scrape vector <instance> for more than 10m.

Vector is reporting that Prometheus could not scrape a specific Vector instance.

Critical

DiskBufferUsage

Collectors potentially consuming too much node disk, <value>

Collectors are consuming too much node disk on the host.

Warning

CollectorHigh403ForbiddenResponseRate

High rate of "HTTP 403 Forbidden" responses detected for collector <instance> in namespace <namespace> for output <label>. The rate of 403 responses is <rate> over the last 2 minutes, persisting for more than 5 minutes. This could indicate an authorization issue.

At least 10% of sent requests responded with "HTTP 403 Forbidden" for collector "<intance>" in namespace <namespace> for the output "<output>".

Critical

1.3. Loki Operator alerts

The following alerts are generated by the Loki Operator. You can view these alerts in the OpenShift Container Platform web console.

Expand
Table 1.2. Loki Operator alerts
AlertMessageDescriptionSeverity

LokiRequestErrors

{{ $labels.job }} {{ $labels.route }} is experiencing <value>% errors.

At least 10% of requests result in 5xx server errors.

critical

LokiStackWriteRequestErrors

<value>% of write requests from {{ $labels.job }} in <namespace> are returned with server errors.

At least 10% of write requests to the lokistack-gateway result in 5xx server errors.

critical

LokiStackReadRequestErrors

<value>% of query requests from {{ $labels.job }} in <namespace> are returned with server errors.

At least 10% of query requests to the lokistack-gateway result in 5xx server errors.

critical

LokiRequestPanics

{{ $labels.job }} is experiencing an increase of <value> panics.

A panic was triggered.

critical

LokiRequestLatency

{{ $labels.job }} {{ $labels.route }} is experiencing <value>s 99th percentile latency.

The 99th percentile is experiencing latency higher than 1 second.

critical

LokiTenantRateLimit

{{ $labels.job }} {{ $labels.route }} is experiencing 429 errors.

At least 10% of requests are received the rate limit error code.

warning

LokiStorageSlowWrite

The storage path is experiencing slow write response rates.

The storage path is experiencing slow read response rates.

warning

LokiWritePathHighLoad

The write path is experiencing high load.`

The write path is experiencing high load causing backpressure storage flushing.

warning

LokiReadPathHighLoad

The read path is experiencing high load.

The read path has a high volume of queries, causing longer response times.

warning

LokiDiscardedSamplesWarning

Loki in namespace "<namespace>" is discarding samples in the "<tenant>" tenant during ingestion. Samples are discarded because of "<reason>" at a rate of <value> samples per second.

Loki is discarding samples during ingestion because they fail validation.

warning

LokistackSchemaUpgradesRequired

The LokiStack "{{ $labels.stack_name }}" in namespace "<namespace>" is using a storage schema configuration that does not contain the latest schema version. It is recommended to update the schema configuration to update the schema version to the latest

One or more of the deployed LokiStacks contains an outdated storage schema configuration.

warning

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat