Cloud Experts Documentation

Using Cluster Logging Forwarder in ARO with Azure Monitor (>=4.13)

Last edited
Published
Authors
Paul Czarkowski, 
Thatcher Hubbard
Tags: ARO

This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.

NOTE: Starting from version 5.9, OpenShift Logging supports native forwarding to Azure Monitor and Azure Log Analytics, which is available on clusters running OpenShift 4.13 or higher. Please note that apiVersion was changed from logging.openshift.io/v1 to observability.openshift.io/v1 on OpenShift Logging 6.0, which is the version used on this guide. For clusters running OpenShift 4.12 or earlier, see the legacy setup document here for help with configuration.

If you’re running Azure Red Hat OpenShift (ARO), you may want to be able to view and query the logs the platform and your workloads generate in Azure Monitor. With the release of the Cluster Logging Operator version 5.9, this can be done in a single step with some YAML configuration.

Prepare your ARO cluster

  1. Deploy an ARO cluster

  2. Follow the OpenShift documentation for installing the OpenShift Logging Operator for your version of OpenShift. These instructions cover the various methods (CLI, Web Console) of installation.

  3. Set some environment variables

Set up ARO Monitor workspace

  1. Add the Azure CLI log extensions

  2. Create resource group

    If you plan to reuse the same group as your cluster skip this step

  3. Create workspace

  4. Create a secret for your Azure workspace

Configure OpenShift

  1. Create a Secret to hold the shared key:

  2. Give permissions for the serviceaccount used in the openshift-logging namespace:

  3. Create a ClusterLogForwarder resource. This will contain the configuration to forward to Azure Monitor:

See the logging pipeline documentation for the specifics of how to add audit logs to this configuration.

  1. Check the ClusterLogForwarder instance status:
screenshot of clf instance status

Check for logs in Azure

Wait 5 to 15 minutes

  1. Query our new Workspace

or

  1. Log into Azure Azure Log Insightsexternal link (opens in new tab) or you can login into portal and search for Log Analytics workspace

    screenshot of Log analytics workspace

  2. Select your workspace

    screenshot of scope selection

  3. Run the Query

    screenshot of query results
Back to top

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat