From f05f47bcbdfe012a630fd39f1a9b6878ec89c1c8 Mon Sep 17 00:00:00 2001 From: Costa Tsaousis Date: Sun, 17 Mar 2024 23:07:51 +0200 Subject: [PATCH] Update README.md --- .../README.md | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/docs/observability-centralization-points/logs-centralization-points-with-systemd-journald/README.md b/docs/observability-centralization-points/logs-centralization-points-with-systemd-journald/README.md index 67cad8476064cc..d2c22c1a285684 100644 --- a/docs/observability-centralization-points/logs-centralization-points-with-systemd-journald/README.md +++ b/docs/observability-centralization-points/logs-centralization-points-with-systemd-journald/README.md @@ -1,5 +1,52 @@ # Logs Centralization Points with systemd-journald +```mermaid +stateDiagram-v2 + classDef userFeature fill:#f00,color:white,font-weight:bold,stroke-width:2px,stroke:yellow + classDef usedByNC fill:#090,color:white,font-weight:bold,stroke-width:2px,stroke:yellow + classDef thirdparty fill:#333,color:#aaa,font-weight:normal,stroke-width:1px,stroke:#fff + + logsQuery:::usedByNC + logsDashboard:::userFeature + journald:::thirdparty + journalRemote:::thirdparty + journalUpload:::thirdparty + journalFiles:::thirdparty + logSources:::thirdparty + textFiles:::thirdparty + + journalRemote: systemd-journal-remote + journalUpload: systemd-journal-upload + journalFiles: Store + journalFiles: systemd-journal files + journald: systemd-journald + logSources: Local Logs Sources + log2journal:log2journal + log2journal:Convert text, json, logfmt files + log2journal:to structured journal entries. + logsDashboard: Netdata Dashboards + logsQuery: Query Journal Files + textFiles: Text Log Files + + logSources --> journald: journald API + logSources --> textFiles: write to log files + textFiles --> log2journal: tail log files + log2journal --> journald: journald API + journald --> journalFiles + + journalFiles --> Netdata + journalFiles --> journalUpload + + journalRemote -->journalFiles + journalUpload --> [*]: to a remote journald + [*] --> journalRemote: from a remote journald + + state Netdata { + [*]-->logsQuery + logsQuery --> logsDashboard + } +``` + Logs centralization points can be built using the `systemd-journald` methodologies, by configuring `systemd-journal-remote` (on the centralization point) and `systemd-journal-upload` (on the production system). The logs centralization points and the metrics centralization points do not need to be the same. For clarity and simplicity however, when not otherwise required for operational or regulatory reasons, we recommend to have unified centralization points for both metrics and logs.