Kubernetes logs dump for some time range-CodePudding

Is it possible to obtain Kubernetes logs for a dedicated time range?

All I can do right now is to make a dump of about the last-hour log for the single pod using kubectl logs > dump.log cmd.

But for debugging reasons, it's necessary to obtain the logs for the last week. I was unable to find any abilities to do this in Kubernetes logs.

The only thought is to attach some external service like Kibana for the logs collection, but maybe built-in Kubernetes remedies allow to do this?

Thank you.

CodePudding user response：

...the last-hour log for the single pod

To retrieve last 1 hour log you can do this kubectl logs <pod> --since=1h. Asserted from kubectl help for more options:

--since=0s: Only return logs newer than a relative duration like 5s, 2m, or 3h. Defaults to all logs. Only one of since-time / since may be used.

--since-time='': Only return logs after a specific date (RFC3339). Defaults to all logs. Only one of since-time / since may be used.

--tail=-1: Lines of recent log file to display. Defaults to -1 with no selector, showing all log lines otherwise 10, if a selector is provided.

CodePudding user response：

Is it possible to obtain Kubernetes logs for a dedicated time range?

Yes, it is possible and in many different ways.

The only thought is to attach some external service like Kibana for the logs collection, but maybe built-in Kubernetes remedies allow to do this?

Both are possible. However, it all depends on the specific case which will be better. Chris Doyle put it well in his comment:

it would depend on your log retention and roll over strategy you have in your cluster, generally you would need to consider node space especially when nodes are running multiple pods etc. Generally speaking my prefered strategy is to have short retention period on the node side and push log off to a centralised solution like you mentioned with elk, splunk, datadog, loki etc

Of course, the built-in k8s tools will also be able to help you. You have to use a command for that kubectl logs with the properly flags. You can read about all opions in the manual:

This could be most interesting part:

--since=0: Only return logs newer than a relative duration like 5s, 2m, or 3h. Defaults to all logs. Only one of since-time / since may be used. --since-time="": Only return logs after a specific date (RFC3339). Defaults to all logs. Only one of since-time / since may be used.

To display pod logs from the last week you can run the following command:

kubectl logs -n <pod_namespace (optional)>  <pod name> --since 168h