At the end of November, we’ll be migrating the Sematext Logs backend from Elasticsearch to OpenSearch

Kubectl Logs

August 20, 2024

Table of contents

Kubectl Logs

Kubectl Logs is a command-line tool for retrieving and displaying container logs from pods. It’s an essential feature for developers and system administrators working with Kubernetes clusters, allowing them to monitor and troubleshoot applications in real time.

Kubectl Logs command Function

The primary function of Kubectl Logs is to provide access to container log data, which is crucial for debugging and monitoring Kubernetes applications. Using kubectl logs, developers can track application behavior, diagnose issues, and gain insights into the performance of their containerized applications. This tool is indispensable for maintaining the health and stability of Kubernetes deployments.

Key Flags and Options

  • -f, –follow: Continuously stream the logs as they are generated.
  • -p, –previous: Print the logs of the previous instance of the container.
  • -c, –container: Specify the container name to view logs from.
  • –since: Only show logs since a specific time.
  • –tail: Show only the last specified number of lines.
  • –all-containers: Print logs from all containers in the pod.

Kubectl Log message format

The format of kubectl logs message output is generally plain text. It directly reflects the output of the container’s standard output and standard error streams.

Key Points:

  • No specific formatting: The output doesn’t adhere to a predefined structure.
  • Plain text: The logs are presented as human-readable text.
  • Timestamp information: Some containers or applications might include timestamps within their log messages. However, kubectl logs doesn’t inherently add timestamps to the output. You can use the –timestamps flag to add timestamps to the output.
  • Error messages: Error messages are typically displayed as plain text within the log stream.

Example:

2024-08-19 14:19:02 INFO: Request received: GET /users/123
2024-08-19 14:19:02 DEBUG: Retrieving user data from database
2024-08-19 14:19:03 INFO: User data found: {"id": 123, "name": "John Doe", "email": "johndoe@example.com"}
2024-08-19 14:19:03 INFO: Rendering user profile template

Basic Syntax

The fundamental structure of the kubectl logs command is:

kubectl logs <pod-name>

This command retrieves and displays the logs from the default container within the specified pod.

For example, to view logs from a pod named ‘my-pod’, you would run:

kubectl logs my-pod

If a pod contains multiple containers, you’ll need to specify the container name using the -c flag.

Kubectl Logs command Use Cases

Use Cases for the kubectl logs Command

The kubectl logs command is a powerful tool for troubleshooting and monitoring Kubernetes applications. Here’s an expanded list of practical use cases, along with unique code examples to help you make the most of this command:

1. Debugging Crashing Pods

When a pod is frequently crashing or restarting, the first step is to inspect its logs for error messages or stack traces. This can reveal issues like configuration errors, missing dependencies, or runtime exceptions.

kubectl logs my-crashing-pod

If you want to automatically restart the pod after inspecting the logs, you might chain commands:

kubectl logs my-crashing-pod && kubectl delete pod my-crashing-pod

2. Monitoring for Specific Errors or Warnings

In a production environment, you may need to monitor specific errors or warnings in real time. Combining kubectl logs with grep helps filter out critical issues like “ERROR” or “WARN”.

kubectl logs my-app-pod | grep -i "ERROR"

To monitor both “ERROR” and “WARN” levels simultaneously:

kubectl logs my-app-pod | grep -E "ERROR|WARN"

3. Tailing Logs in Real-Time

For live monitoring, especially during deployments or troubleshooting, the -f flag allows you to tail the logs, showing new log entries as they appear.

kubectl logs -f my-app-pod

If you’re watching a multi-container pod:

kubectl logs -f my-pod -c my-container

4. Fetching Logs from a Specific Container in a Multi-Container Pod

In pods running multiple containers, you can target a specific container to fetch its logs, helping isolate issues within a particular component.

kubectl logs my-pod -c my-container

For example, if you have a pod with an nginx container and an app container:

kubectl logs my-pod -c nginx

5. Aggregating Logs for a Set of Pods

Using label selectors, you can aggregate logs from a group of pods, which is useful for getting an overview of a service or application.

kubectl logs -l app=my-app

To aggregate logs for pods running a specific version of an application:

kubectl logs -l app=my-app,version=v2

6. Viewing Historical Logs with the –previous Flag

If a pod was restarted, you can view the logs from its previous instance, which is critical for understanding why the restart occurred.

kubectl logs my-restarted-pod --previous

For troubleshooting a Job that failed and was automatically restarted:

kubectl logs my-job-pod --previous

7. Exporting Logs for Offline Analysis

For detailed analysis, you might want to export logs to a file or send them to an external analysis tool.

kubectl logs my-app-pod > my-app-logs.txt

To save logs from all pods matching a label selector to individual files:

for pod in $(kubectl get pods -l app=my-app -o jsonpath='{.items[*].metadata.name}'); do kubectl logs $pod > ${pod}-logs.txt; done

8. Investigating Logs from Completed or Failed Pods

For pods that have completed their lifecycle, such as Jobs or CronJobs, you can still fetch logs to understand what occurred during their run.

kubectl logs job/my-completed-job

To get logs from a CronJob that failed:

kubectl logs -l job-name=my-failed-cronjob

9. Investigating Slow Performance Issues

If an application is experiencing slow performance, checking logs can help identify long-running requests, timeouts, or performance bottlenecks.

kubectl logs my-app-pod | grep "timeout"

To analyze slow database queries logged by your application:

kubectl logs my-app-pod | grep "Slow query"

10. Checking for Configuration Issues

Configuration errors, such as incorrect environment variables or misconfigured services, often appear in application logs. This makes kubectl logs a crucial tool for initial troubleshooting.

kubectl logs my-app-pod | grep "configuration error"

To validate environment variable setup:

kubectl exec my-app-pod -- env | grep "DB_HOST"

11. Combining Logs with Other Tools

To get more comprehensive insights, combine kubectl logs with other tools like jq for JSON parsing, awk for text processing, or tee for simultaneous viewing and saving of logs.

kubectl logs my-app-pod -o json | jq '.message' | tee app-logs.txt

These expanded use cases demonstrate the versatility of the kubectl logs command in various real-world scenarios, providing you with powerful tools to monitor, troubleshoot, and manage your Kubernetes applications effectively.

Kubectl Logs Quick Reference

Here are some basic Kubectl Logs commands:

View logs from a specific pod

kubectl logs <pod-name>

View logs from a specific container in a pod:

kubectl logs <pod-name> -c <container-name>

View the last few lines of logs (kubectl tail logs):

kubectl logs --tail=<number> <pod-name>

View logs generated after a certain time:

kubectl logs --since=<time> <pod-name>

Follow logs in real-time (kubectl logs follow):

kubectl logs -f <pod-name>

Filtering and Searching Kubectl Logs

To filter logs using keywords or patterns:

Use grep with kubectl logs:

kubectl logs <pod-name> | grep <keyword>

Combine with tail for recent matches:

kubectl logs --tail=100 <pod-name> | grep <keyword>

Watch for specific log patterns (kubectl watch logs):

kubectl logs -f <pod-name> | grep --line-buffered <keyword>

Remember that while kubectl tail is not an official command, you can achieve similar functionality using kubectl logs –tail. Additionally, kubectl log tail and kubectl tail log are variations that users might search for, but they’re not correct syntax.

For continuous monitoring, consider using kubectl logs follow or its shorthand kubectl logs -f. This is similar to the concept of tail -f in Unix systems, which is why some users might search for “tail kubernetes logs” or “kubernetes tail logs”.

When troubleshooting, kubectl logs since can be particularly useful. For example:

kubectl logs --since=1h <pod-name>

This command shows logs from the last hour, helping you focus on recent events.

Java Logging Basics: Concepts, Tools, and Best Practices

Imagine you're a detective trying to solve a crime, but...

Best Web Transaction Monitoring Tools in 2024

Websites are no longer static pages.  They’re dynamic, transaction-heavy ecosystems...

17 Linux Log Files You Must Be Monitoring

Imagine waking up to a critical system failure that has...