[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]


On Wed, Jun 15, 2016 at 4:01 PM, Srinivas Naga Kotaru (skotaru) <skotaru cisco com> wrote:



While deploying EFK stack, I didn’t toggled ENABLE_OPS_CLUSTER to true. Default value if “false”


Now my EFK stack is fully installed and working fine. Is there any way we can enable OPS logs without deleting whole stack and re create ?

If you do not need to have physical separation of your operations logs and your application logs you can leave it with ENABLE_OPS_CLUSTER as false.  Setting that to true don't add any extra logs, it just creates a second Elasticsearch cluster (the ops cluster) an Ops Kibana instance to serve up the logs within the Elasticsearch ops cluster and tells Fluentd that the operations logs that it is processing go to this new cluster instead.

To be honest, I would recommend reinstalling with ENABLE_OPS_CLUSTER=true and tricking Fluentd to reprocess all your logs as if it were a new installation.  You are missing the ops templates for the different components which will come in handy especially when you want to later scale up the number of ES nodes for a cluster.

Also you have the added benefit that some of your operations logs aren't in the same ES cluster as your application logs (the main benefit for using this deployment option)

You can trick Fluentd into reprocessing logs on its node by
1. Stop Fluentd on that node
2. Delete the "/var/log/es-containers.log.pos" and "/var/log/node.log.pos" files on that node
3. Start Fluentd on that node again, it will act as if it had not processed any log files yet




Srinivas Kotaru

users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]