Differences between revisions 1 and 5 (spanning 4 versions)

k8s/Azure/KustoLogs

Queries in Azure Kusto Query language.

Find logs for specific pod/namespace

let _podInventory = ( KubePodInventory 
       | where Namespace has "MyNamespace-prd" 
       | where ContainerName has_any ('container1', 'container2' , 'container3' )
);
ContainerLog
//| where TimeGenerated < ago(4d)
| where TimeGenerated between( datetime("2020-06-18 02:00:00 ") .. now())
| join kind=inner _podInventory on $left.ContainerID == $right.ContainerID
| project LogEntry, Name1, Namespace , ContainerName, TimeGenerated, ClusterId, PodRestartCount

Optimise with https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/lookupoperator

CategoryLogging

-  ⇤ ← Revision 1 as of 2020-06-10 06:17:35 → 
  Size: 497
  Editor: PieterSmit
  Comment:
+   ← Revision 5 as of 2020-06-24 18:57:44 → ⇥
  Size: 727
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 7:
-let _podInventory = ( KubePodInventory | where Namespace contains "namespace-prd" | where ContainerName contains "MyContainerName" );
+let _podInventory = ( KubePodInventory 
       | where Namespace has "MyNamespace-prd"         | where ContainerName has_any ('container1', 'container2' , 'container3' )
);
-Line 9:
+Line 12:
-| where TimeGenerated < ago(7d)
+//| where TimeGenerated < ago(4d)
| where TimeGenerated between( datetime("2020-06-18 02:00:00 ") .. now())
-Line 11:
+Line 15:
-| limit 5000
-Line 15:
+Line 18:
+ * Optimise with https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/lookupoperator

----
CategoryLogging