Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!
Starting with MOSK 25.2, the MOSK documentation set will cover all product layers, including MOSK management (formerly MCC). This means everything you need will be in one place. The separate MCC documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.
StackLight logging indices¶
Available since MCC 2.26.0 (17.1.0 and 16.1.0)
StackLight logging indices are managed by OpenSearch data streams, which are introduced in OpenSearch 2.6. It is a convenient way to manage insert-only pipelines such as log message collection. The solution consists of the following elements:
Data stream objects that can be referred to as alias:
Audit - dedicated for Container Cloud, MKE, and host audit logs, ensuring data integrity and security.
System - replaces Logstash for system logs, provides a streamlined approach to log management.
Write index - current index where ingestion can be performed without removing a data stream.
Read indices - indices created after the rollover mechanism is applied.
Rollover policy - creating new write index for data stream based on the size of shards
Example of an initial index list:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .ds-audit-000001 30q4HLGmR0KmpRR8Kvy5jw 1 1 2961719 0 496.3mb 248mb
green open .ds-system-000001 5_eFtMAFQa6aFB7nttHjkA 1 1 2476 0 6.1mb 3mb
Example of the index after the rollover is applied to the audit index:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .ds-audit-000001 30q4HLGmR0KmpRR8Kvy5jw 1 1 9819913 0 1.5gb 784.8mb
green open .ds-audit-000002 U1fbs0i9TJmOsAOoR7cERg 1 1 2961719 0 496.3mb 248mb
green open .ds-system-000001 5_eFtMAFQa6aFB7nttHjkA 1 1 2476 0 6.1mb 3mb
Audit and system index templates¶
The following table contains a simplified template of the audit and system indices. The user can perform aggregation queries over keyword fields.
Field |
Type |
Description |
---|---|---|
|
date |
Time when a log event was produced, if available in the parsed message. Otherwise time when the event was ingested. |
|
keyword |
Identifier of the Docker container that the application generating the event was running in. |
|
text |
Name of the Docker image defined as |
|
keyword |
Name of the Docker container that the application generating the event was running in. |
|
keyword |
Source of the event: |
|
keyword |
Name of the application that produced the message. |
|
keyword |
Name of the host that the message was collected from. |
|
keyword |
Path on the host to the source file for the message if the message was not produced by the application running in the container or system unit. |
|
keyword |
Severity level of the event taken from the parsed message content. |
|
text |
Unparsed content of the event message. |
|
flat_object |
Kubernetes metadata labels of the pod that runs the Docker container of the application. |
|
keyword |
Kubernetes namespace where the application pod was running. |
|
keyword |
Kubernetes pod name of the pod running the application Docker container. |
|
keyword |
Type of orchestrator: |
The following table contains a simplified template of extra fields for the system index that are not present in the audit template.
Field |
Type |
Description |
---|---|---|
|
keyword |
IP address of the HTTP request destination. |
|
keyword |
Name of the OpenStack service that the HTTP request was sent to. |
|
long |
Request duration in nanoseconds. |
|
keyword |
Request ID generated by OpenStack. |
|
keyword |
HTTP request method. |
|
keyword |
Path of the HTTP URL request. |
|
long |
HTTP status code of the response. |
|
keyword |
IP address of the HTTP request source. |
System index mapping to the Logstash index¶
The following table lists mapping of the system index fields to the Logstash ones:
System |
Logstash Removed in MCC 2.26.0 (17.1.0 and 16.1.0) |
---|---|
|
|
|
|
|
|
|
|
|
n/a |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
n/a |
|
|
|
|
|
|
|
|
|
|
|
n/a |