This message was deleted.
# logging
a
This message was deleted.
r
I am in the same boat with Rancher Logging chart. It is really hard to debug and find a problem and running issues where I think everything is configured correctly but unable to find a log or something is wrong with debug enabled. I am trying to send to splunk also. I am at the point to send to something locally to just see if it is working.
m
@refined-battery-60852 I did find a log, in the Rancher's fluentd logging component, the other components have no logs. It was looking for a ca even though "insecure" was checked, so I uploaded a ca. I started deleting and recreating some Flows and ClusterFlows, and extra outputs, and it started working some of the time. I think the Flow components might interfere with each other.
r
which CA would that be… Cluster or CA of Splunk endpoint?
m
My posts are kinda ranty looking back over them...apparently this is rage-related
CA of splunk endpoint
r
mine too
thanks for the help
👍 1
m
@refined-battery-60852 You might also try clicking the Update button in the logging operator chart page. That helped. However you would think that everything in the "Events" panel on the cluster page would show up in Splunk, I don't know if that's a valid expectation. Splunk is sure laggy and missing things.
I'm not sure what the utility of this thing is, the regular Rancher UI already has everything structured, you go in and can drill down into application logs, each component is separated already. With Splunk everything is combined into one single firehose and has to be separated again, and yet developers think this thing is going to wipe their butts for them. (more rage)