k8s/Azure/KustoLogs
- Queries in Azure Kusto Query language.
Find logs for specific pod/namespace
let _podInventory = ( KubePodInventory | where Namespace has "MyNamespace-prd" | where ContainerName has_any ('container1', 'container2' , 'container3' ) ); ContainerLog //| where TimeGenerated < ago(4d) | where TimeGenerated between( datetime("2020-06-18 02:00:00 ") .. now()) | join kind=inner _podInventory on $left.ContainerID == $right.ContainerID | project LogEntry, Name1, Namespace , ContainerName, TimeGenerated, ClusterId, PodRestartCount
Optimise with https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/lookupoperator