Elastic
Logs from the ECK stack📜
Pre-requisites📜
- ECK stack deployed
Getting Started📜
- Login to Kibana
- username: elastic
- Password : can be obtained by querying kubectl get secrets -n logging logging-ek-es-elastic-user -o go-template=’{{.data.elastic | base64decode}}’
-
Create an Index by clicking the Management icon in the left menu and clicking Index patterns under Kibana. In the Create Index patterns enter
and click create index pattern. In the the next step Click on the dropdown and select “@timestamp” -
For Search click on Discovery from the side menu
-
In KQL textbox enter
kubernetes.namespace.name : elastic
-
Click Refresh/Update
-
Note: Logs from the monitoring stack can be viewd on Kibana. The default index pattern is logstash-*. Logs for the entire ECK stack can be procured by filtering on the “elastic” namespace.
Further filters that can be used are:
Kibana📜
kubernetes.pod_name
=Kibana Pod Name
to get logs from a specific podkubernetes.container_name
=kibana
to get logs from kibana container
Elasticsearch Pods📜
kubernetes.pod_name
=elastic-es-default-#
to get logs from a specific # podkubernetes.container_name
=elasticsearch
orelastic-internal-init-filesystem
to get logs from a specific container within the pod