Skip to content

Latest commit

 

History

History
136 lines (92 loc) · 5.58 KB

File metadata and controls

136 lines (92 loc) · 5.58 KB

Application Logging with Kibana

Video Walkthrough Thumbnail

Video walkthrough

Objectives:

After completing this section, you should know how to view application logs in Kibana, navigate the list of fields, and create/save queries.

Setup

We will setup a sample application that will produce a log entry every 5 seconds.

Create a new application

 oc -n [-dev] new-app --name logging-app \
 --context-dir=openshift-201/materials/logging \
 https://github.com/BCDevOps/devops-platform-workshops

You should see output similar to the follow:

...output omitted...
    imagestream.image.openshift.io "logging-app-jmacdonald" created
    buildconfig.build.openshift.io "logging-app-jmacdonald" created
    deployment.apps "logging-app-jmacdonald" created
    service "logging-app-jmacdonald" created
--> Success
...output omitted...

Follow Build

Use the oc -n [-dev] logs command to check the build logs from the logging-app build:

oc -n [-dev] logs -f bc/logging-app
...output omitted...
Writing manifest to image destination
Storing signatures
...output omitted...
Push successful

Kibana

Accessing Kibana

You can access Kibana directly at this url or it is also accessible from the OpenShift console.

Note: If you receive an unauthorized error (e.g. {"statusCode":401,"error":"Unauthorized","message":"Authentication Exception"}), follow steps here to fix: https://stackoverflow.developer.gov.bc.ca/a/119/16

Select the running pod that was just created:

pod-logs-1

Navigate to the Logs tab and click the Show in Kibana link

pod-logs-2

First time Setup

If this is your first time logging in to Kibana you may see a screen to setup a search index. See the steps in the Logging and Visualizations 101 lab here.

View Logs

To view logs click on the Discover tab on the left navigation pane.

kibana-discover

By default you will see something like this:

kibana-main

  1. Index Pattern you created above.
  2. Fields selected to show (_source is selected by default)
  3. Available Fields to add to your display
  4. Log entries that match the filter, search, etc.
  5. Current activity given the time frame chosen
  6. Search bar used to search for specific entries
  7. Time frame chosen for the logs shown (default is last 15 minutes)

Fields

Let's select 2 fields for viewing from the Available fields panel on the left.

  1. kubernetes.container_name - this is the name of the container running in kubernetes. This should be logging-app
  2. message - is the message from our application

Your screen should look similar to following:

kibana-selected-fields

Queries

Let's say we are only interested in the messages with the number 10 in them. Change the search terms to be the following:

kubernetes.container_name:"logging-app" AND message:10

NOTE if you aren't seeing results it may have been more than 15 minutes since the entry with the number 10 was logged. If so, change the timeframe in the upper right corner to Last 30 minutes or higher if needed.

kibana-search-10

Notice Kibana highlights your search term.

If you want to save your query (including the selected fields) click the save button at the top.

kibana-save-search

Filters

If you plan on doing a Google type search you can use a query. If you are selecting a possible value from a drop down like the kubernetes.container_name it can be faster to use a filter.

Clear out the text in your search bar and then click the Add a filter + button just below the search bar:

kibana-add-filter

Choose the kubernetes.container_name for the field, is as the operator and logging-app as the value and then click save.

kibana-filter

You should now only see your entries in the list similar to the query we performed above. You can also save this filter by clicking the save button at the top just like we did with the query.

Conclusion

There are many fields available to choose from. Feel free to experiment with adding other fields to your results. For example you could add the kubernetes.container_image to your list if you are interested in looking at which version of the app the logs are from.

The queries we did in this lab are pretty simple. Take a look at the Kibana Query Language for more information on how to write complex queries.

Clean up

To clean up the lab environment run the following command to delete all of the resources we created:

oc -n [-dev] delete all -l app=logging-app

deployment.apps "logging-app" deleted
buildconfig.build.openshift.io "logging-app" deleted
imagestream.image.openshift.io "logging-app" deleted

Next topic - Best Practices of Image Management