IBM Cloud Docs
Configuring whether logs are included or excluded

Configuring whether logs are included or excluded

You can specify whether logs are included or excluded from collection based on a configured path or file name.

Including paths

To specify included paths, complete the following steps:

  1. Log in to the cluster. For more information, see Access your cluster.

  2. In the Logging agent configmap, locate the input-kubernetes.conf section. Then, update the Path parameter to specify the log sources that you want to collect.

    By default, the Logging agent collects logs from a single source located at /var/log/containers/. Make sure that you add the desired log source paths to the Path parameter for your specific requirements. Separate each path with a comma.

    input-kubernetes.conf: |
[INPUT]
    Name              tail
    Tag               kube.*
    Path              /var/log/containers/*.log,/path/to/your/logs/*.log
    Path_Key          file

    Additional log sources can be specified and separated by commas in the Path parameter.

  3. Restart the agent pods.

    For Kubernetes clusters, run:

    kubectl -n ibm-observe rollout restart ds/logs-agent

    For OpenShift clusters, run:

    oc -n ibm-observe rollout restart ds/logs-agent

Excluding paths

To specify paths to be excluded, complete the following steps:

  1. Log in to the cluster. For more information, see Access your cluster.

  2. In the Logging agent configmap, locate the input-kubernetes.conf section. Then, update the Exclude_Path parameter to specify the log sources that you want to exclude from collection. This parameter allows you to specify paths that should be ignored by the Logging agent.

    The Exclude_Path parameter might not be present by default, so you might need to add it if it does not exist. This parameter lets you to specify the paths that should be ignored by the Logging agent.

    input-kubernetes.conf: |
[INPUT]
    Name              tail
    Tag               kube.*
    Path              /var/log/containers/logger-agent-ds-*.log,/path/to/your/logs/*.log
    Path_Key          file
    Exclude_Path      /path/to/your/logs/exclude-1.log,/path/to/your/logs/exclude-2.log

    Additional log sources can be specified and separated by commas in the Exclude_Path parameter.

  3. Restart the agent pods.

    For Kubernetes clusters, run:

    kubectl -n ibm-observe rollout restart ds/logs-agent

    For OpenShift clusters, run:

    oc -n ibm-observe rollout restart ds/logs-agent

Sample

Consider the following example with Exclude_Path specified:

For example, if your directory structure is:

/path/to/your/logs
                ├── app1.log
                ├── app2.log
                ├── exclude-1.log
                └── exclude-2.log

You can modify input-kubernetes.conf section as follows:

input-kubernetes.conf: |
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/logger-agent-ds-*.log,/path/to/your/logs/*.log
        Path_Key          file
        Exclude_Path      /path/to/your/logs/exclude-1.log,/path/to/your/logs/exclude-2.log

In this example:

  • The Path parameter specifies two paths to be included:

    • /var/log/containers/logger-agent-ds-*.log
    • /path/to/your/logs/*.log

  • The Exclude_Path parameter is used to specify two additional paths to be excluded:

    • /path/to/your/logs/exclude-1.log
    • /path/to/your/logs/exclude-2.log

All files within the directory that match the pattern specified in the Path parameter will be collected by the Logging agent, except for those matching the patterns specified in Exclude_Path.