Configure OpenSearch Log Receiver
This section introduces how to configure the OpenSearch log receiver to send log data to the specified OpenSearch database.
Note |
---|
You can modify the extension configuration to configure the log receiver either during or after the extension installation. The following only introduces how to configure the OpenSearch log receiver when the extension is already installed. |
Prerequisites
You should have the platform-admin role on the KubeSphere platform.
You have obtained the service address and port of OpenSearch.
Configuration Steps
Log in to the KubeSphere web console with a user who has the platform-admin role.
Click Extensions Center.
Click the name of the extension to enter the details page.
Click under the icon, and select Extension Config.
Edit the configuration of WhizardTelemetry Logging and modify the configuration of opensearch under
vector-logging
.vector-logging: sinks: opensearch: # Create opensearch sink or not enabled: true # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/ # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used. metadata: api_version: v8 auth: strategy: basic user: admin password: admin batch: timeout_secs: 5 buffer: max_events: 10000 endpoints: - https://<the opensearch cluster url>:<port> tls: verify_certificate: false
Edit the configuration of WhizardTelemetry Auditing and modify the configuration of opensearch under
kube-auditing
.Note Additionally, you need to enable KubeSphere and Kubernetes auditing. For more information, see the details page of the "WhizardTelemetry Auditing" extension in the Extensions Center.
kube-auditing: sinks: opensearch: # Create opensearch sink or not enabled: true # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/ # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used. # metadata: # api_version: v8 # auth: # strategy: basic # user: admin # password: admin # batch: # timeout_secs: 5 # buffer: # max_events: 10000 # endpoints: # - https://<the opensearch cluster url>:<port> # tls: # verify_certificate: false
Edit the configuration of WhizardTelemetry Events and modify the configuration of opensearch under
kube-events-exporter
.kube-events-exporter: sinks: opensearch: # Create opensearch sink or not enabled: true # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/ # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used. # metadata: # api_version: v8 # auth: # strategy: basic # user: admin # password: admin # batch: # timeout_secs: 5 # buffer: # max_events: 10000 # endpoints: # - https://<the opensearch cluster url>:<port> # tls: # verify_certificate: false
Edit the configuration of WhizardTelemetry Notification and modify the configuration of opensearch under
notification-history
.notification-history: sinks: opensearch: # Create opensearch sink or not enabled: true # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/ # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used. # metadata: # api_version: v8 # auth: # strategy: basic # user: admin # password: admin # batch: # timeout_secs: 5 # buffer: # max_events: 10000 # endpoints: # - https://<the opensearch cluster url>:<port> # tls: # verify_certificate: false
Edit the configuration of WhizardTelemetry Platform Service and ensure that the
endpoints
under each extension is consistent with theendpoints
configuration of the above extensions, so that the KubeSphere platform can correctly query the log data. For more information, see the details page of the "WhizardTelemetry Platform Service" extension in the Extensions Center.At this point, the OpenSearch log receiver configuration is complete. On the Cluster Settings > Log Receivers page, you can see that OpenSearch has been configured as the log receiver for container logs, resource events, audit logs, and notification history.
Feedback
Was this page Helpful?
Receive the latest news, articles and updates from KubeSphere
Thanks for the feedback. If you have a specific question about how to use KubeSphere, ask it on Slack. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.