openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 00:48:01 +01:00
Code Issues Releases Activity
Files
f7a24b39697c7cf161db94de606a27e5bec2b43e
openshift-docs/modules/cluster-logging-visualizer-indices.adoc
Michael Burke 788cd0eec1 Adding topic for logs in Kibaba
2020-11-30 16:19:32 -05:00

47 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * logging/cluster-logging-visualizer.adoc
[id="cluster-logging-visualizer-indices_{context}"]
= Defining Kibana index patterns
An index pattern defines the Elasticsearch indices that you want to visualize. To explore and visualize data in Kibana, you must create an index pattern.
.Prerequisites
* A user must have the `cluster-admin` role, the `cluster-reader` role, or both roles to view the *infra* and *audit* indices in Kibana. The default `kubeadmin` user has proper permissions to view these indices.
+
If you can view the pods and logs in the `default`, `kube-` and `openshift-` projects, you should be able to access the these indices. You can use the following command to check if the current user has appropriate permissions:
+
[source,terminal]
----
$ oc auth can-i get pods/log -n <project>
----
+
.Example output
[source,terminal]
----
yes
----
+
[NOTE]
====
The audit logs are not stored in the internal {product-title} Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the `default` output for audit logs.
====
* Elasticsearch documents must be indexed before you can create index patterns. This is done automatically, but it might take a few minutes in a new or updated cluster.
.Procedure
To define index patterns and create visualizations in Kibana:
. In the {product-title} console, click the Application Launcher {launch} and select *Logging*.
. Create your Kibana index patterns by clicking *Management* -> *Index Patterns* -> *Create index pattern*:
** Users must manually create index patterns to see logs for their projects. Users should create a new index pattern named *app* and use the `@timestamp` time field to view their container logs.
** Admin users must create index patterns for the *app*, *infra*, and *audit* indices using the `@timestamp` time field.
. Create Kibana Visualizations from the new index patterns.
View Git Blame Copy Permalink