Placeholders in indexes and sources

You can apply dynamic index names in the configurations to forward logs or stats to a specific index, based on the meta fields. For example, you can define an index as

[input.files]

index = oc_{{openshift_namespace}}

Similarly you can change the source of all the forwarded logs like

[input.files]

source = /{{openshift_namespace}}/{{::coalesce(openshift_daemonset_name, openshift_deployment_name, openshift_statefulset_name, openshift_cronjob_name, openshift_job_name, openshift_replicaset_name, openshift_pod_name)}}/{{openshift_pod_name}}/{{openshift_container_name}}

Support for containerd runtime

Collectord now supports docker, CRI-O and containerd runtimes for Kubernetes and OpenShift. Make sure to download latest configuration for Kubernetes to be able to use containerd runtime, new volumes have been added to reference containerd unix socket.

Exclude fields from forwarded events

If you want to reduce amount of fields forwarded with every event you can set which fields you want to ignore like

[output.splunk]

excludeFields.openshift_pod_ip = true

Logs dashboard improvement

All filters also affects drop downs in other fields. For example, selecting a cluster will filter suggestion for Pods only from selected cluster.

Links

You can find more information about other minor updates by following links below.

Release notes

• Monitoring OpenShift - Release notes
• Monitoring Kubernetes - Release notes
• Monitoring Docker - Release notes

Upgrade instructions

• Monitoring OpenShift v5 - Upgrade
• Monitoring Kubernetes v5 - Upgrade
• Monitoring Docker v5 - Upgrade

Installation instructions

• Monitoring OpenShift - Installation
• Monitoring Kubernetes - Installation
• Monitoring Docker - Installation