This diagram illustrates the systems that are typically used to parse log data on OpenShift. Fluentd collects the log data from the containers and passes the log data onto Elastic Search. Optionally, Kibana can be used as a tool that may make it easier to visualize the logs.
This is similar to the ELK stack (Elastic Search, Logstash, Kibana), but would actually be the EFK stack (Elastic Search, Fluentd, Kibana).
Instead of using Logstash or Fluentd, filebeat can be used to collect the log data from the containers.
The oc get pods command can be used list the filebeat pods in whatever project filebeat has been deployed to, which is kube-system by default.
oc get pods -n kube-system
Something like this should be returned.
NAME READY STATUS RESTARTS AGE
filebeat-2ll47 1/1 Running 0 47d
filebeat-4bf2j 1/1 Running 37 18d
filebeat-4btc5 1/1 Running 0 47d
filebeat-4lpk7 1/1 Running 39 18d
filebeat-5srrs 1/1 Running 1 47d
filebeat-5zsds 1/1 Running 39 18d
filebeat-6v4jk 1/1 Running 0 47d
filebeat-7wnzv 1/1 Running 0 47d
filebeat-c4ddh 1/1 Running 0 47d
filebeat-dk9dp 1/1 Running 0 47d
filebeat-h2228 1/1 Running 0 47d
filebeat-lcrkp 1/1 Running 461 47d
filebeat-mmszn 1/1 Running 2251 47d
filebeat-n48jw 1/1 Running 506 47d
filebeat-n62pm 1/1 Running 3942 47d
filebeat-pj2w9 1/1 Running 1 47d
filebeat-qwmfr 1/1 Running 39 18d
filebeat-rc87z 1/1 Running 0 47d
filebeat-rzv8h 1/1 Running 0 47d
filebeat-tcnkd 1/1 Running 0 47d
filebeat-wcfg9 1/1 Running 1 47d
filebeat-wg8nc 1/1 Running 0 47d
filebeat-wrqsd 1/1 Running 0 47d
filebeat-x7bvn 1/1 Running 0 47d
filebeat-z7twl 1/1 Running 0 47d
filebeat-zwlw8 1/1 Running 1 47d
The oc logs command can be used to view the logs in the filebeat pods.
oc logs pod/filebeat-2ll47
Did you find this article helpful?
If so, consider buying me a coffee over at 