π Logging OpenShift Events to Elasticsearch/LokiStack: A Proof of Concept
π In this post, I want to walk you through building a Proof of Concept (PoC) application that logs OpenShift events from a CRC (CodeReady Containers) environment to Elasticsearch or LokiStack. The goal is to ensure that all events are searchable and easily retrievable for monitoring and troubleshooting purposes.
π‘ What I Want to Achieve
My main objective is to log OpenShift events from my local CRC OpenShift setup into a searchable format using Elasticsearch or LokiStack. This allows for real-time monitoring of logs and events within the OpenShift environment.
π οΈ Tools & Setup
Hereβs a quick overview of the tools used:
-
CRC (CodeReady Containers): To simulate an OpenShift cluster locally.
-
Elasticsearch/LokiStack: For indexing and searching logs.
-
Kibana/Grafana: For log visualization (depending on the stack used).
-
Fluentd: As the logging agent for collecting and forwarding logs.
π Steps to Build the PoC
1. Set up CRC and Access OpenShift Console
First, ensure that CRC is installed and running. Open the OpenShift console to interact with the events and logs:
crc start
crc console
2. Configure Fluentd to Collect Events
Install Fluentd as the logging agent within the OpenShift cluster. Configure Fluentd to watch for events and route them to either Elasticsearch or LokiStack.
@type openshift_events
tag openshift.event
@type elasticsearch
host YOUR_ELASTICSEARCH_HOST
port 9200
index_name openshift-logs
For LokiStack:
@type loki
url http://YOUR_LOKISTACK_HOST:3100
3. Verify Logs in Elasticsearch/LokiStack
Once Fluentd is configured, logs should start flowing into Elasticsearch or LokiStack. You can verify this by checking the logs through Kibana or Grafana dashboards.
π‘ Pro Tip: Ensure you create indices or log streams with proper time filters to avoid missing critical event data.
βΈοΈ Pause and Check the Logs
After configuring everything, itβs important to pause and check the data in Kibana (if using Elasticsearch) or Grafana (if using LokiStack). Make sure the events are searchable and displayed in real-time.
πΌοΈ Hereβs a screenshot of my event log display:
(This image shows how the logs appear in Kibana with searchable fields).
π Visualizing Logs
With the logs flowing into Elasticsearch/LokiStack, you can set up visualizations:
-
Use Kibana for Elasticsearch to create detailed dashboards for monitoring OpenShift event streams.
-
Use Grafana for LokiStack to track logs and monitor trends.
π§ Troubleshooting Tips
-
Fluentd Not Logging?: Ensure that Fluentd has the correct permissions to collect logs and send them to the external systems.
-
No Data in Elasticsearch/LokiStack?: Check if the networking configuration between CRC and your logging system is properly set up.
-
Logs Missing Timestamps?: Make sure that Fluentd configuration includes timestamping for log entries.
π Conclusion
This PoC demonstrates how you can log OpenShift events from a CRC OpenShift cluster to either Elasticsearch or LokiStack, making it easier to search and visualize critical events. With this setup, you can enhance monitoring and quickly identify issues in your OpenShift environment.
π Connect with me:
Letβs connect and explore more about Kubernetes, logging, and cloud technologies!
Imported from rifaterdemsahin.com Β· 2025