From 473fe6e35b1d59bb87311283f5455e249b90534f Mon Sep 17 00:00:00 2001 From: Jeroen VdB Date: Wed, 3 Nov 2021 17:44:10 +0100 Subject: [PATCH 1/3] Create List container logs by container names.kql --- ...List container logs by container names.kql | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql diff --git a/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql b/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql new file mode 100644 index 00000000..da6d8146 --- /dev/null +++ b/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql @@ -0,0 +1,24 @@ +// Author: Jeroen-VdB +// Display name: List container logs by container names +// Description: View container logs of the provided container names. +// Categories: Containers +// Resource types: Kubernetes services +// Solutions: ContainerInsights +// Topic: Container Logs + + +datatable(ContainerName:string)["my-container-name-1","my-container-name-2"] +| join kind=innerunique ( + KubePodInventory + | where ControllerKind in ('DaemonSet', 'Job', 'ReplicaSet') + | where Namespace in ('default') + | where isnotempty(ClusterName) + | where isnotempty(Namespace) + | extend ContainerName = tostring(split(ContainerName, '/')[1]) + | summarize arg_max(TimeGenerated, *) by ContainerName) +on ContainerName +| project ContainerID +| join kind=innerunique ( + ContainerLog) +on ContainerID +| order by TimeGenerated desc From c68e00db070ed3b579922c7fb10062ea345f7e4a Mon Sep 17 00:00:00 2001 From: Jeroen VdB Date: Fri, 17 Dec 2021 17:01:52 +0100 Subject: [PATCH 2/3] Remove filters --- .../Container Logs/List container logs by container names.kql | 3 --- 1 file changed, 3 deletions(-) diff --git a/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql b/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql index da6d8146..d506f803 100644 --- a/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql +++ b/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql @@ -10,10 +10,7 @@ datatable(ContainerName:string)["my-container-name-1","my-container-name-2"] | join kind=innerunique ( KubePodInventory - | where ControllerKind in ('DaemonSet', 'Job', 'ReplicaSet') - | where Namespace in ('default') | where isnotempty(ClusterName) - | where isnotempty(Namespace) | extend ContainerName = tostring(split(ContainerName, '/')[1]) | summarize arg_max(TimeGenerated, *) by ContainerName) on ContainerName From 9a0040844ce9bddde547f7456ffdf9097524f561 Mon Sep 17 00:00:00 2001 From: Jeroen VdB Date: Fri, 17 Dec 2021 17:05:01 +0100 Subject: [PATCH 3/3] Remove more filters --- .../Container Logs/List container logs by container names.kql | 1 - 1 file changed, 1 deletion(-) diff --git a/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql b/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql index d506f803..e5807004 100644 --- a/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql +++ b/Azure Services/Kubernetes services/Queries/Container Logs/List container logs by container names.kql @@ -10,7 +10,6 @@ datatable(ContainerName:string)["my-container-name-1","my-container-name-2"] | join kind=innerunique ( KubePodInventory - | where isnotempty(ClusterName) | extend ContainerName = tostring(split(ContainerName, '/')[1]) | summarize arg_max(TimeGenerated, *) by ContainerName) on ContainerName