OKD cluster logging includes a web console for visualizing collected log data. Currently, OKD deploys the Kibana console for visualization.

Using the log visualizer, you can:

  • Search and browse your data using the Discover tab.

  • Chart and map your data using the Visualize tab.

  • Create and view custom dashboards using the Dashboard tab.

Use and configuration of the Kibana interface is beyond the scope of this documentation. For more information, on using the interface, see the Kibana documentation.

The audit logs are not stored in the internal OKD Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the default output for audit logs.

Launching the log visualizer

OKD uses Kibana as the log visualizer. Kibana is a browser-based console to query, discover, and visualize your logs through histograms, line graphs, pie charts, heat maps, built-in geospatial support, and other visualizations.

Prerequisites
  • To list the infra and audit indices in Kibana, a user must have the cluster-admin role, the cluster-reader role, or both roles. The default kubeadmin user has proper permissions to list these indices.

    If you can view the Pods and logs in the default project, you should be able to access the these indices. You can use the following command to check if the current user has proper permissions:

    $ oc auth can-i get pods/logs -n default
    Example output
    yes

    The audit logs are not stored in the internal OKD Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the default output for audit logs.

Procedure

To launch Kibana:

  1. In the OKD console, click the Application Launcher app launcher and select Logging.

  2. Log in using the same credentials you use to log in to the OKD console.

    The Kibana interface launches.

If you get a security_exception error in the Kibana console and cannot access your Kibana indices, you might have an expired OAuth token. If you see this error, log out of the Kibana console, and then log back in. This refreshes your OAuth tokens and you should be able to access your indices.

Defining Kibana index patterns

An index pattern defines the Elasticsearch indices that you want to visualize. To explore and visualize data in Kibana, you must create an index pattern.

Prerequisites
  • A user must have the cluster-admin role, the cluster-reader role, or both roles to list the infra and audit indices in Kibana.

    For example:

    $ oc auth can-i get pods/logs -n default
    Example output
    yes

    The audit logs are not stored in the internal OKD Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the default output for audit logs.

  • Elasticsearch documents must be indexed before you can create index patterns. This is done automatically, but it might take a few minutes in a new or updated cluster.

Procedure

To define index patterns and create visualizations:

  1. Launch Kibana by clicking the Application Launcher app launcher and select Logging.

  2. Create your Kibana index patterns:

    • Regular users must manually create index patterns to see logs for their projects. Users should create a new index pattern named app and use the @timestamp time field to view their container logs.

    • Admin users need to create index patterns for the app, infra, and audit indices using the @timestamp time field.

  3. Create Kibana Visualizations from the new index patterns.