Red Hat SummitChapter 1. Logging 6.3 release notes
1.1. Logging 6.3.1 release notes
This release includes RHBA-2025:16105.
1.1.1. Bug fixes
-
Before this update, the log collector was configured to find the event timestamp at the root of the log record. When forwarding logs to Splunk with a
payloadKeyvalue specified, thetimestampfield was omitted causing timestamp-related warnings. As a consequence, timestamp warnings flooded collector pods, disrupting log forwarding to Splunk. With this update, the log collector uses an internal timestamp field when forwarding logs. This ensures that the correct timestamp is used when forwarding logs to Splunk, resolving the issue. (LOG-7311) -
Before this update, using the prune filter to remove Kubernetes metadata fields such as
.kubernetes.namespace_namecaused a remapping error during Syslog output generation. This prevented theappnameandtagfields from being correctly initialized and could prevent forwarding of logs. With this update, this issue is fixed. Improved error handling initializes these fields with an empty string if the source metadata is missing, ensuring successful log processing. (LOG-7355) - Before this update, a log record with a malformed timestamp could cause the Vector agent to panic when attempting to forward logs to Loki. With this update, error handling for out-of-range timestamp values has been improved resolving the issue. (LOG-7417)
-
Before this update, the loki-gateway did not apply the
ORexpression foropenshift-networktenants in LokiStack. With this update, the loki-gateway correctly applies theORexpression for theopenshift-networktenants in LokiStack. (LOG-7421) -
Before this update, the
vector_buffer_byte_sizeandvector_buffer_eventsmetrics incorrectly reported negative values under certain system load and timing conditions. This led to unreliable monitoring, potentially masking buffer issues. With this update, a concurrent, centralized state tracker ensures that these metrics are always reported as non-negative values. This ensures that the metrics correctly report buffer sizes helping with accurate monitoring.(LOG-7592) - Before this update, a change to the container image format caused issues when mirroring the images to image registries that do not support the new format. With this update, the container images are published using the older format again resolving the issue. (LOG-7699)
1.2. Logging 6.3.0 release notes
This release of OpenShift Logging is supported on OpenShift Container Platform 4.17 and later. This release includes RHBA-2025:11336.
1.2.1. New features and enhancements
1.2.1.1. Log collection
-
With this release, you can configure multiple Amazon Web Services (AWS) outputs with distinct identity and access management (IAM) roles in the
clusterLogForwarderresource. (LOG-6790) - With this release, you can configure affinity rules to control collector scheduling. (LOG-6858)
- With this release, the default values of Splunk metadata keys (that is, index, indexed fields, source, and message payload) are predefined for log forwarders. The values are based on the log type. As a user, you can override these values. (LOG-6859)
1.2.1.2. Log storage
-
With this release, you can use the
forcepathstylefield in the S3 secret. Use this field to configure Loki to use either path style or virtual host style for the S3 access. By default, only AWS endpoints use the virtual host style URL, while others use path-style. (LOG-7024)
1.2.2. Technology preview features
The OpenTelemetry Protocol (OTLP) output log forwarder is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
1.2.3. Bug fixes
- Before this update, collector pods would enter a crash loop due to a configuration error when attempting token-based authentication with an Elasticsearch output. With this update, token authentication with an Elasticsearch output generates a valid configuration. (LOG-5991)
- Before this update, because of a lack of filtering based on the namespace in the Prometheus rules endpoint, user alerts were visible in unrelated namespaces. With this update, rule label filters have been added to the handler configuration. As a result, alert visibility is now restricted to the original namespace. (LOG-6148)
-
Before this update, the Loki API documentation did not specify the required attributes for the
lokistack.spec.tenants.openshift.otlpresource. With this update, the Loki API documentation has been updated to include the missing information. (LOG-6810) -
Before this update, the loki-gateway did not enforce fine-grained authorization on the
/seriesendpoint for theapplicationtenant. As a consequence, users could get unauthorized access to the stream metadata information from different log streams. With this update, the/seriesendpoint uses thematchparameter instead of thequeryparameter to filter the series metadata that is returned for a request. As a result, the loki-gateway correctly enforces fine-grained authorization for the/seriesendpoint for theapplicationtenant. (LOG-6892)
Before this update, restarting Vector collector pods in OpenShift Container Platform clusters created a high volume of requests to the
KubeAPI. As a result, the control plane could become unavailable. With this update, when restarting the collector pods, users can enable kube caching with theuse-apiserver-cacheattribute and configure the DaemonSet rollout strategy with themax-unavailable-rolloutattribute . As a result, the control plane remains stable during collector pod restarts, which reduces API request timeouts. (LOG-7196)ImportantUsing the
use-apiserver-cacheandmax-unavailable-rolloutattributes is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
-
Before this update, a
ClusterLogForwarderCR that was configured for aLokiStackoutput with the OTEL data model incorrectly passed validation without thetech previewannotation. With this update, aClusterLogForwarderCR that is configured for aLokiStackoutput with the OTEL data model correctly fails validation unless thetech previewannotation is included. (LOG-7279)
1.2.4. Known issues
- When you forward logs to a syslog output, the produced message format is inconsistent between Fluentd and Vector log collectors. Vector messages are within quotation marks; Fluentd messages are not. As a consequence, users might experience issues with their tool integrations when they migrate from Fluentd to Vector. (LOG-7007)
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}