红帽全球峰会This documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.5.3. 关于向量
Vector 是一个日志收集器,是作为日志记录子系统的 Fluentd 的一个替代方案。
以下输出受支持:
-
elasticsearch.一个外部 Elasticsearch 实例。elasticsearch输出可以使用 TLS 连接。 -
kafka.Kafka 代理。kafka输出可以使用不安全的或 TLS 连接。 -
loki。Loki,可横向扩展、高度可用、多租户日志聚合系统。
5.3.1. 启用向量
默认不启用向量。使用以下步骤在 OpenShift Container Platform 集群上启用向量。
向量不支持 FIPS 启用集群。
先决条件
- OpenShift Container Platform: 4.11
- Red Hat OpenShift 的 logging 子系统: 5.4
- 禁用 FIPS
流程
编辑
openshift-logging项目中的ClusterLogging自定义资源(CR):oc -n openshift-logging edit ClusterLogging instance
$ oc -n openshift-logging edit ClusterLogging instanceCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
为
ClusterLogging自定义资源(CR)添加logging.openshift.io/preview-vector-collector: enabled注解。 -
在
ClusterLogging自定义资源(CR)中添加vector作为集合类型。
5.3.2. 收集器功能
| 功能 | Fluentd | Vector |
|---|---|---|
| 应用程序容器日志 | ✓ | ✓ |
| 特定于应用程序的路由 | ✓ | ✓ |
| 命名空间划分应用程序特定路由 | ✓ | ✓ |
| Infra 容器日志 | ✓ | ✓ |
| Infra 日志 | ✓ | ✓ |
| kube API 审计日志 | ✓ | ✓ |
| OpenShift API 审计日志 | ✓ | ✓ |
| 打开虚拟网络 (OVN) 审计日志 | ✓ | ✓ |
| 功能 | Fluentd | Vector |
|---|---|---|
| Elasticsearch v5-v7 | ✓ | ✓ |
| Fluent 转发 | ✓ | |
| Syslog RFC3164 | ✓ | |
| Syslog RFC5424 | ✓ | |
| Kafka | ✓ | ✓ |
| Cloudwatch | ✓ | ✓ |
| Loki | ✓ | ✓ |
| 功能 | Fluentd | Vector |
|---|---|---|
| Elasticsearch 证书 | ✓ | ✓ |
| Elasticsearch 用户名/密码 | ✓ | ✓ |
| Cloudwatch keys | ✓ | ✓ |
| Cloudwatch STS | ✓ | |
| Kafka 证书 | ✓ | ✓ |
| Kafka 用户名/密码 | ✓ | ✓ |
| Kafka SASL | ✓ | ✓ |
| Loki bearer 令牌 | ✓ | ✓ |
| 功能 | Fluentd | Vector |
|---|---|---|
| ViaQ 数据模型 - 应用程序 | ✓ | ✓ |
| ViaQ 数据模型 - infra | ✓ | ✓ |
| ViaQ 数据模型 - infra(journal) | ✓ | ✓ |
| ViaQ 数据模型 - Linux 审计 | ✓ | ✓ |
| ViaQ 数据模型 - kube-apiserver 审计 | ✓ | ✓ |
| ViaQ 数据模型 - OpenShift API 审计 | ✓ | ✓ |
| ViaQ 数据模型 - OVN | ✓ | ✓ |
| loglevel Normalization | ✓ | ✓ |
| JSON 解析 | ✓ | ✓ |
| 结构化索引 | ✓ | ✓ |
| 多行错误检测 | ✓ | |
| multicontainer/ split 索引 | ✓ | ✓ |
| Flatten 标签 | ✓ | ✓ |
| CLF 静态标签 | ✓ | ✓ |
| 功能 | Fluentd | Vector |
|---|---|---|
| Fluentd readlinelimit | ✓ | |
| Fluentd 缓冲 | ✓ | |
| - chunklimitsize | ✓ | |
| - totallimitsize | ✓ | |
| - overflowaction | ✓ | |
| - flushthreadcount | ✓ | |
| - flushmode | ✓ | |
| - flushinterval | ✓ | |
| - retrywait | ✓ | |
| - retrytype | ✓ | |
| - retrymaxinterval | ✓ | |
| - retrytimeout | ✓ |
| 功能 | Fluentd | Vector |
|---|---|---|
| 指标 | ✓ | ✓ |
| Dashboard | ✓ | ✓ |
| 警报 | ✓ |
| 功能 | Fluentd | Vector |
|---|---|---|
| 全局代理支持 | ✓ | ✓ |
| x86 支持 | ✓ | ✓ |
| ARM 支持 | ✓ | ✓ |
| PowerPC 支持 | ✓ | ✓ |
| IBM Z 支持 | ✓ | ✓ |
| IPv6 支持 | ✓ | ✓ |
| 日志事件缓冲 | ✓ | |
| 断开连接的集群 | ✓ | ✓ |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}