Limiting scope of Elasticsearch logging

Bryan_Dobson · January 11, 2021, 9:18pm

Rancher Version: 2.4.5

I am looking for a method to limit the number of logs being sent to Elasticsearch to simply the pods. Recently I enabled the default settings from our cluster which resulted in 600GB of data being sent to Elasticsearch every 30 minutes. Which as you can imagine, is not helpful and harmful to the network.

Limiting to pod logs, which I am most concerned about, and or just finding a way not to send anything and everything to ES would be great.

Thank you

Bryan_Dobson · January 14, 2021, 5:52pm

Quick update.

Unchecking the box for System Logs does help with the volume, but only a very small amount. After I was still seeing the cluster sending Elasticsearch more than 1 million records in the span of three minutes which is still far too much to be of any use for a cluster of this size.