Information about the containers and pods on your cluster may be obtained using the
kubectl logs command. These logs allow you to know the performance of your applications, whether they are failing or healthy, and are particularly useful for debugging and troubleshooting purposes.
In this article, we will see how to use the kubectl logs command to get information from existing resources in a Kubernetes cluster.
Before we dive in, let's first take a quick look at what Kubectl is and how exactly it works.
Kubectl is pronounced
Kube-control or as
kube-cuttle. It is a command-line tool for Kubernetes that lets you control or communicate with Kubernetes clusters or resources you create by using the Kube API.
Take a look at how this works in the background.
You issue a
kubectl command, for example,
kubectl logs. Kubectl connects to the Kube API server, which verifies and authenticates the request you made. The Kube API server, in return, responds to you as a client/user with the requested data or information after it has completed authentication and validation. This requested data is obtained from the
etcd server, which serves as the Kubernetes database. Etcd server stores information regarding the cluster, such as the nodes, pods, configs, secrets, etc.
Every information presented to you when you run a kubectl command is gotten from the
etcd server. The Kube API server acts as a messenger for delivering your requests. This is how kubectl as a command line tool lets you interact with your cluster or resources.
For more insight, it would be beneficial to look at the Kubernetes architecture.
Simply put, a log is a text record of an event or incident that took place at a specific time.
There are few possibilities of figuring out what went wrong when your software crashes, and you need logging information. This is why logs are very important.
An integrated tool for reading logs is kubectl log. It might not be the greatest choice for production scenarios because this is a manual process. Your business needs will determine which tool is best for viewing your Kubernetes logs.
The kubectl log command is the command that displays information about the background activities or events completed or ongoing in your resources. It is used to view container logs for debugging. Because container applications are packaged in pods, if an application is failing or misbehaving, the next line of action would be to check the logs of the container(s) in that pod to know why.
Debugging your Kubernetes resources depends on your logs. With the knowledge provided by this command, you can restart your pod by making the necessary adjustments or repairs.
To access the logs for a specific resource, you can first get a list of the resources that are part of your cluster.
To get a list of available pods in your cluster, run the below command:
$ kubectl get pods event-simulator 1/1 Running 0 18m nginx-76d6c9b8c-8f9m7 1/1 Running 0 69s pod 0/1 ContainerCreating 0 5s pod-example 0/1 ImagePullBackOff 0 20m sample-flask-5d67d8d556-t8t77 0/1 ErrImageNeverPull 0 26m sample-flask-645d95f4b4-vbztg 0/1 ErrImageNeverPull 0 29m webapp 1/1 Running 4 (39d ago) 42d webapp-release-0-5 1/1 Running 4 (39d ago) 42d
After getting a list of all existing pods, the logs of those pods can be seen individually by running
# This returns a snapshot of the logs from the pod kubectl logs [pod name]
If you want to stream or follow the logs in a pod, you can use the below command
$ kubectl logs -f event-simulator [2022-11-29 04:12:17,262] INFO in event-simulator: USER3 is viewing page1 [2022-11-29 04:12:18,264] INFO in event-simulator: USER4 logged out [2022-11-29 04:12:19,266] INFO in event-simulator: USER2 is viewing page2 [2022-11-29 04:12:20,268] INFO in event-simulator: USER2 is viewing page2 [2022-11-29 04:12:21,270] INFO in event-simulator: USER4 logged out [2022-11-29 04:12:22,271] WARNING in event-simulator: USER5 Failed to Login as the account is locked due to MANY FAILED ATTEMPTS. [2022-11-29 04:12:22,272] INFO in event-simulator: USER1 is viewing page3 [2022-11-29 04:12:23,274] INFO in event-simulator: USER3 is viewing page1 [2022-11-29 04:12:24,276] INFO in event-simulator: USER4 is viewing page1 [2022-11-29 04:12:25,278] WARNING in event-simulator: USER7 Order failed as the item is OUT OF STOCK. [2022-11-29 04:12:25,278] INFO in event-simulator: USER1 logged out [2022-11-29 04:12:26,280] INFO in event-simulator: USER4 is viewing page1 [2022-11-29 04:12:27,282] WARNING in event-simulator: USER5 Failed to Login as the account is locked due to MANY FAILED ATTEMPTS. [2022-11-29 04:12:27,283] INFO in event-simulator: USER2 is viewing page2 [2022-11-29 04:12:28,285] INFO in event-simulator: USER1 logged out
-f flag helps you to stream the log's life. As events happen in that resource, it is streamed on your screen. If you do not want to follow the logs, you can administer the command without the
-f flag, as shown previously.
If there are multiple containers running in a pod, it is advisable to specify the name of the container you need logs from in your
kubectl logs command otherwise, the command will fail.
To follow the logs for a particular container in a pod, use the below syntax:
kubectl logs [POD name] [-c CONTAINER name] [--follow] [flags]
- You can refer to the Kubernetes log documentation to learn more about different flags that can be used.
To display all containers logs in a pod, use the below command
kubectl logs [pod-name] --all-containers=true
- The container name is not required if the pod only contains one container.
By adding the -p flag, you can obtain logs for a Pod that was previously running.
kubectl logs -p [pod-name]
As discussed, you can get logs of containers using the
kubectl log command, this is a manual log inspection that happens mostly locally.
In production environments, when you have a stable cluster deployed and running, it's possible to forget the logs and assume everything is working fine easily. Also, since containers in pods are ephemeral, in situations where the pods get restarted, you lose logs for those containers, which may contain critical data to be analyzed later.
A helpful solution to this problem would be to use a distributed logging solution like Signoz.
SigNoz is a full-stack open source Application Performance Monitoring tool that you can use for monitoring logs, metrics, and traces. Having all the important telemetry signals under a single dashboard leads to less operational overhead. Users can also access telemetry data with richer context by correlating these signals.
SigNoz uses a columnar database ClickHouse to store logs, which is very efficient at ingesting and storing logs data. Columnar databases like ClickHouse are very effective in storing log data and making it available for analysis.
Big companies like Uber have shifted from the Elastic stack to ClickHouse for their log analytics platform. Cloudflare too was using Elasticsearch for many years but shifted to ClickHouse because of limitations in handling large log volumes with Elasticsearch.
SigNoz uses OpenTelemetry for instrumenting applications. OpenTelemetry, backed by CNCF, is quickly becoming the world standard for instrumenting cloud-native applications. Kubernetes also graduated from CNCF.
The logs tab in SigNoz has advanced features like a log query builder, search across multiple fields, structured table view, JSON view, etc.
You can also view logs in real time with live tail logging.
With advanced Log Query Builder, you can filter out logs quickly with a mix and match of fields.
SigNoz can be installed on macOS or Linux computers in just three steps by using a simple install script.
The install script automatically installs Docker Engine on Linux. However, on macOS, you must manually install Docker Engine before running the install script.
git clone -b main https://github.com/SigNoz/signoz.git cd signoz/deploy/ ./install.sh
You can visit our documentation for instructions on how to install SigNoz using Docker Swarm and Helm Charts.
If you liked what you read, then check out our GitHub repo 👇