Filtering out logs
Filter out Component Pack for HCL Connections™ logs so that they are excluded from data collection and are not used in the Kibana dashboard's analytics.
Using Helm, you can instruct Logstash to filter out logs from one or more Component Pack containers.
- By default, all logs from Filebeat and Logstash are filtered out. You can additionally filter out logs from the Component Pack and system containers listed at the end of this topic.
- To filter out additional logs, use the
logstash.filterOut
Helm parameter when installing Elastic Stack, and set it to the list of container names to filter out.
Syntax
When specifying the list of containers for filtering out logs, enclose the list in quotation marks, and use a blank space as the delimiter between names. For example:
logstash.filterOut="sanity"
logstash.filterOut="sanity redis-server"
Examples of Helm commands with the logstash.filterOut
parameter
The following example demonstrates filtering out logs from the "sanity" container:
helm install \
--name=elasticstack extractedFolder/microservices_connections/hybridcloud/helmbuilds/elasticstack-0.1.0-20191122-115449.tgz \
--set \
global.onPrem=true,\
global.image.repository=Docker_registry/connections,\
logstash.filterOut="sanity"
You can also filter out logs from system pods. The following example demonstrates filtering out logs from the "sanity" and "redis-server" containers, plus the "calico-node" pod:
helm install \
--name=elasticstack extractedFolder/microservices_connections/hybridcloud/helmbuilds/elasticstack-0.1.0-20191122-115449.tgz \
--set \
global.onPrem=true,\
global.image.repository=Docker_registry/connections,\
logstash.filterOut="sanity redis-server calico-node"
Filtering out additional logs while Logstash is running
If Logstash is running, you don't have to shut it down to add containers to the
logstash.filterOut
list. Just perform a Helm upgrade and specify the additional
container names you want to filter out. A rolling update will be performed where each pod is
restarted with the new settings in place. The new list replaces the old list, so if you previously
filtered out a container, be sure to include it in the new list.
The following example shows the original Helm command that was used to install Elastic Stack and
filter out the "sanity" log, and the update command that modifies the
logstash.filterOut
list filter out the "sanity" log and the "redis-server" log.
The helm install
command with the original logstash.filterOut
list:
Prior state
helm install \
--name=elasticstack extractedFolder/microservices_connections/hybridcloud/helmbuilds/elasticstack-0.1.0-20191122-115449.tgz \
--set \
global.onPrem=true,\
global.image.repository=Docker_registry/connections,\
logstash.filterOut="sanity"
The helm update
command with the revised logstash.filterOut
list:
helm upgrade \
elasticstack extractedFolder/microservices_connections/hybridcloud/helmbuilds/elasticstack-0.1.0-20191122-115449.tgz \
--set \
global.onPrem=true,\
global.image.repository=Docker_registry/connections,\
logstash.filterOut="sanity redis-server"
You can also change the logstash.filterOut
to stop filtering out logs, as shown
in the following example where the logstash.filterOut
is modified to remove the
"sanity" log so that Sanity can be monitored.
The helm update
command with the logstash.filterOut
list
revised to stop filtering out "sanity" logs:
helm upgrade \
elasticstack extractedFolder/microservices_connections/hybridcloud/helmbuilds/elasticstack-0.1.0-20191122-115449.tgz \
--set \
global.onPrem=true,\
global.image.repository=Docker_registry/connections,\
logstash.filterOut="redis-server"
Component Pack container names
Logs are created for the following containers. You can filter any Component Pack container's logs so that they are not included in the data that is stored in Elasticsearch for analysis in the Kibana dashboard.
- analysisservice
- appregistry-client
- appregistry-service
- bootstrap
- community-suggestions
- elasticsearch-curator
- es-client
- es-data
- es-master
- haproxy
- indexingservice
- itm-services
- kibana
- mail-service
- middleware-graphql
- mongo
- mongo-sidecar
- orient-web-client
- people-idmapping
- people-migrate
- people-relation
- people-scoring
- redis-sentinel
- redis-server
- retrievalservice
- sanity
- sanity-watcher
- solr
- userprefs-service
- zookeeper
System container names
Logs are created for the following system containers.
- calico
- calico-node
- coredns
- etcd
- heapster
- influxdb
- kube-apiserver
- kube-controller-manager
- kube-proxy
- kubernetes-dashboard
- kube-scheduler
- tiller