Calico Enterprise pushes BGP activity logs to Elasticsearch. To view them, go to the Discovery view, and from the dropdown menu, select
tigera_secure_ee_bgp.* to view the collected BIRD and BIRD6 logs.
The following table details key/value pairs for constructing queries, including their Elasticsearch datatype.
|date||When the log was collected in UTC timestamp format.|
|keyword||The name of the node where log was collected.|
|keyword||Contains one of the following values:|
|text||The message contained in the log.|
Once a set of BGP logs has accumulated in Elasticsearch, you can perform many interesting queries. Depending on the field that you want to query, different techniques are required. For example:
- To view BGP logs only for IPv4 or IPv6, query on the
ip_versionfield and sort by
- To see all logs from a specific node, query on the
- To view events in the cluster, query on the