OpenSearch logs

By enabling this toolset, HolmesGPT will fetch pod logs from OpenSearch.

You should enable this toolset to replace the default Kubernetes logs toolset if all your kubernetes pod logs are consolidated inside OpenSearch/Elastic. It will make it easier for HolmesGPT to fetch incident logs, including the ability to precisely consult past logs.

Logging Toolsets

Only one logging toolset should be enabled at a time. If you enable this toolset, disable the default kubernetes/logs toolset.

HolmesGPT provides several out-of-the-box alternatives for log access. You can select from these options:

• kubernetes/logs: Access logs directly through Kubernetes. This is the default toolset.
• coralogix/logs: Access logs through Coralogix.
• grafana/loki: Access Loki logs by proxying through a Grafana instance.
• opensearch/logs: Access logs through OpenSearch.
• datadog: Access logs through DataDog.

Configuration

Holmes CLIRobusta Helm Chart

Add the following to ~/.holmes/config.yaml, creating the file if it doesn't exist:

toolsets:
  opensearch/logs:
    enabled: true
    config:
      opensearch_url: https://your-opensearch-cluster.com:443
      index_pattern: fluentd-*
      opensearch_auth_header: "ApiKey your-api-key-here"
      labels:
        pod: "kubernetes.pod_name"
        namespace: "kubernetes.namespace_name"
        timestamp: "@timestamp"
        message: "message"

  kubernetes/logs:
    enabled: false # Disable default Kubernetes logging

holmes:
  toolsets:
    opensearch/logs:
      enabled: true
      config:
        opensearch_url: https://your-opensearch-cluster.com:443 # The URL to your opensearch cluster.
        index_pattern: fluentd-* # The pattern matching the indexes containing the logs. Supports wildcards
        opensearch_auth_header: "ApiKey your-api-key-here" # An optional header value set to the `Authorization` header for every request to opensearch.
        labels: # set the labels according to how values are mapped in your opensearch cluster
          pod: "kubernetes.pod_name"
          namespace: "kubernetes.namespace_name"
          timestamp: "@timestamp"
          message: "message"

    kubernetes/logs:
      enabled: false # HolmesGPT's default logging mechanism MUST be disabled

Update your Helm values and run a Helm upgrade:

helm upgrade robusta robusta/robusta --values=generated_values.yaml --set clusterName=<YOUR_CLUSTER_NAME>

Capabilities

Tool Name	Description
opensearch_fetch_logs	Fetch logs from OpenSearch for specified pods and time ranges
opensearch_search_logs	Search logs in OpenSearch using query patterns