Measure Log Ingestion by Organization

This guide describes how to measure log ingestion by organization.

In RedHat OpenShift Logging (EFK) Stack as Logging Solution we decided to offer Elasticsearch on a fair-use policy. This guide helps finding organizations with higher than expected log volumes.

Prerequisites

Administrator access to the APPUiO Zone

Measure Log Ingestion by Organization

Navigate to Observe → Metrics in the sidebar of the OpenShift console.

Use the following query to measure log ingestion by organization.

sum by(organization, namespace, cluster_id) (
  label_replace(
    increase(log_collected_bytes_total[24h]),
    "namespace",
    "$1",
    "exported_namespace",
    "(.*)"
  )
  *
  on (namespace)
  group_left(organization)
  label_replace(
    kube_namespace_labels{label_appuio_io_organization!=""},
    "organization",
    "$1",
    "label_appuio_io_organization",
    "(.*)"
  )
)