Differences between revisions 3 and 5 (spanning 2 versions)

k8s/Azure/KustoLogs

Queries in Azure Kusto Query language.

Find logs for specific pod/namespace

let _podInventory = ( KubePodInventory 
       | where Namespace has "MyNamespace-prd" 
       | where ContainerName has_any ('container1', 'container2' , 'container3' )
);
ContainerLog
//| where TimeGenerated < ago(4d)
| where TimeGenerated between( datetime("2020-06-18 02:00:00 ") .. now())
| join kind=inner _podInventory on $left.ContainerID == $right.ContainerID
| project LogEntry, Name1, Namespace , ContainerName, TimeGenerated, ClusterId, PodRestartCount

Optimise with https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/lookupoperator

CategoryLogging

-  ⇤ ← Revision 3 as of 2020-06-14 20:35:24 → 
  Size: 562
  Editor: PieterSmit
  Comment:
+   ← Revision 5 as of 2020-06-24 18:57:44 → ⇥
  Size: 727
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 12:
-| where TimeGenerated < ago(4d)
+//| where TimeGenerated < ago(4d)
| where TimeGenerated between( datetime("2020-06-18 02:00:00 ") .. now())
-Line 14:
+Line 15:
-| limit 5000
 Line 18:
+ * Optimise with https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/lookupoperator