OK Log is a distributed and coördination-free log management system for big ol' clusters. It's an on-prem solution that's designed to be a sort of building block: easy to understand, easy to operate, and easy to extend.
Tag, version, base image, Dockerfile link:
v0.3.2,v0.3.2-linux-amd64,alpine:3.8(v0.3.2/Dockerfile)latest,v0.3.2-linux-amd64,alpine:3.8(Dockerfile)v0.3.1,v0.3.1-linux-amd64,alpine:3.8(v0.3.1/Dockerfile)v0.3.0,v0.3.0-linux-amd64,alpine:3.8(v0.3.0/Dockerfile)v0.2.2,v0.2.2-linux-amd64,alpine:3.8(v0.2.2/Dockerfile)v0.2.1,v0.2.1-linux-amd64,alpine:3.8(v0.2.1/Dockerfile)v0.2.0,v0.2.0-linux-amd64,alpine:3.8(v0.2.0/Dockerfile)v0.1.3,v0.1.3-linux-amd64,alpine:3.8(v0.1.3/Dockerfile)v0.1.2,v0.1.2-linux-amd64,alpine:3.8(v0.1.2/Dockerfile)
(Note that the latest denotes the most recent stable release, not necessarily the most recent release of OK Log.)
(Original Dockerfile modified from lendico/oklog. All credits to lendico-seong. See notes for change requests.)
Quickly create an ingeststore:
docker run -d \
-p 7650:7650 \
-p 7651:7651 \
-p 7653:7653 \
-p 7659:7659 \
--name oklog_ingest_store \
oklog/oklog:latest ingeststore -store.segment-replication-factor 1
(To mount the data directory please use -v /path/to/dir:/data).
Please see the OK Log README.md for more advanced and useful deployments.
Quickly forward logs (requires a binary exectuable from the releases):
tail -f /var/log/*.log | oklog forward tcp://<store/ingeststore>:7651
(Since v0.1.3 (latest) you can use the -prefix <tag> -prefix <label> repeatable flag to prepend annotations to logs.)
Quickly forward docker daemon logs:
docker run -d \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--name logspout \
gliderlabs/logspout syslog+tcp://<store/ingeststore>:7651
Please see Integrations within the OK Log wiki.
Quick query:
docker exec -it oklog /bin/ash
./oklog query -stats
./oklog query -from 2h -q "e"
Or you can query a store or ingeststore with binary from releases:
oklog query -store tcp://<store/ingeststore>:7650 -from 1h -q "e"
Since v0.2.0 you can register a steamed query via a long-lived HTTP/1.1 connection to a OK Log process running in store or ingeststore modes:
curl -iv <store/ingeststore>:7650/store/stream?q=e
Or you can stream with binary executable from releases:
oklog stream -store <store/ingeststore>:7650 -from 1h -q "e"
(A note on running an OK Log container in stream mode: Be careful of log looping when pumping logs from the Docker daemon on the same host, as this will burn through storage!)
Please see PR #34 for more information.
Since v0.2.1 you can view a prototype web UI at http://<store/ingeststore>:7650/ui/.
This represents a set of unofficial Dockerfiles and images containing the OK Log binary. All credits for OK Log should go to peterbourgon and the OK Log contributors / maintainers.
If you have any problems with OK Log, then please raise an issue here. Any suggestions or enhancements to do with the Dockerfiles or images, then please raise a new issue here. Alternatively, alterations or additions can be included in a new PR here. All feedback is welcome.