Thursday, July 15, 2021

#868 OIC and Logging Analytics - steps towards fleet management

This post covers the scenario of aggregating the logs of OIC instances from different regions within the one tenancy. In my case, OIC1 is in UK South(London) and OIC2 is in US West(Phoenix). So how best to approach this?

We've seen in a previous post how easy it is to push the OIC Activity Stream logs to OCI Logging Service. That is the starting point for us.

So back to our use-case - this is the high level flow - 














OIC1 London Activity Stream Logs to OCI Logging - 








Logs to Object Storage - 





Replication to Phoenix Object Storage - 











Create Log Collection Rule - following documentation here








Step 1 is to assign the permissions required to collect logs from Object Storage - 

allow service loganalytics to read buckets in compartment yourcompartment

allow service loganalytics to read objects in compartment yourcompartment

Allow group yourGroup to manage all-resources IN compartment OICPMCompartment where any {request.permission='LOG_ANALYTICS_OBJECT_COLLECTION_RULE_CREATE',request.permission='LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS',request.permission='LOG_ANALYTICS_ENTITY_UPLOAD_LOGS',request.permission='LOG_ANALYTICS_SOURCE_READ',request.permission='BUCKET_UPDATE',request.permission='LOG_ANALYTICS_OBJECT_COLLECTION_RULE_DELETE'}

Step 2 - create the Rule via OCI CLI -

oci log-analytics object-collection-rule create --from-json <json_file_name> --namespace-name <namespace_name>

My json file is called create.json -


 








The file contents - 













The response - 

























The setup to push the OIC Activity Stream Logs from OIC2 in Phoenix is that described in the previous post - Enable log at OIC instance level, create Service Connector to push the logs to OCI Logging Analytics. 

Ok, so now let's execute some requests to both OIC instances -

10 requests to AA-Hello-World in Phoenix.












10 requests to AA-HiWelt in London -












I check out the logs in OCI Logging Analytics - 

























I call also see a high level comparison between the 2 OIC instances - 
































Later, I do a check comparing the data with that from the OIC Monitoring console -















As you can see, my phoenix instance processed 449 flows in the last 15 minutes.
The data from OIC Monitoring for the same period - 










A small difference in the timings, due to me taking screenshots!














No comments: