Outcold Solutions LLC

Monitoring Docker, OpenShift and Kubernetes - Version 5.14 - containerd, templates for indexes and sources

January 27, 2020

Placeholders in indexes and sources

You can apply dynamic index names in the configurations to forward logs or stats to a specific index, based on the meta fields. For example, you can define an index as


index = oc_{{openshift_namespace}}

Similarly you can change the source of all the forwarded logs like


source = /{{openshift_namespace}}/{{::coalesce(openshift_daemonset_name, openshift_deployment_name, openshift_statefulset_name, openshift_cronjob_name, openshift_job_name, openshift_replicaset_name, openshift_pod_name)}}/{{openshift_pod_name}}/{{openshift_container_name}}

Support for containerd runtime

Collectord now supports docker, CRI-O and containerd runtimes for Kubernetes and OpenShift. Make sure to download latest configuration for Kubernetes to be able to use containerd runtime, new volumes have been added to reference containerd unix socket.

Exclude fields from forwarded events

If you want to reduce amount of fields forwarded with every event you can set which fields you want to ignore like


excludeFields.openshift_pod_ip = true

Logs dashboard improvement

All filters also affects drop downs in other fields. For example, selecting a cluster will filter suggestion for Pods only from selected cluster.

You can find more information about other minor updates by following links below.

Release notes

Upgrade instructions

Installation instructions

docker, kubernetes, openshift, splunk

About Outcold Solutions

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer certified Splunk applications, which give you insights across all containers environments. We are helping businesses reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications, which help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer one solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance.