Skip to content

Observability Logs

This page explains how to retrieve observability logs using the kdb Insights Enterprise Command Line Interface (CLI).

The kxi obs logs command provides a simple and efficient way to access logs from the system, making it easier for users without Kubernetes access or those who prefer using the CLI.

Running the kxi obs logs command calls all the logs in the system. If there are too many logs, the action could fail due to a timeout. Use additional options to refine the results. For example, running the following command returns all the errors in the system:

kxi obs logs --level ERROR
You can use the --help command to provide information regarding the additional options.

 Usage: kxi obs logs [OPTIONS]                                                  

 Get logs for a process running on insights.                                    

╭─ Options for logs ───────────────────────────────────────────────────────────╮
│ --aggregate                                      Aggregate all log messages  │
│                                                  based on their log level.   │
│ --by-pod                                         Group by pod name & log     │
│                                                  level. `aggregate` must be  │
│                                                  set with this flag.         │
│ --pretty/--json                                  Pretty print response json. │
│ --watch          -w                              Watch logs continuously.    │
│                                                  Until interrupted.          │
│ --component          TEXT                        Regex to be applied to      │
│                                                  workload name.              │
│ --container          TEXT                        Filter on name of workload  │
│                                                  container.                  │
│ --corr               TEXT                        Filter log messages based   │
│                                                  on 'correlator' field.      │
│ --label              TEXT                        Comma separated list of     │
│                                                  labels and values to filter │
│                                                  pods.                       │
│ --level              [TRACE|DEBUG|INFO|WARN|WAR  Minimum log level to        │
│                      NING|ERROR|FATAL]           return.                     │
│                                                  [default: INFO]             │
│ --log-component      TEXT                        Filter based on the log     │
│                                                  message 'component' field.  │
│ --pod                TEXT                        Filter on name of workload  │
│                                                  pod.                        │
│ --search             TEXT                        Simple string search of log │
│                                                  message field. Case         │
│                                                  insensitive.                │
│ --since-seconds      INTEGER                     A relative time in secs     │
│                                                  before the current time     │
│                                                  from which to show logs.    │
│ --since-time         TEXT                        An RFC3339 timestamp from   │
│                                                  which to show logs.         │
│ --tail-lines         INTEGER                     The number of lines from    │
│                                                  the end of the logs to show │
│                                                  for each container.         │
│ --timeout            INTEGER                     Timeout in seconds for      │
│                                                  request                     │
│ --workload           TEXT                        Limit results to components │
│                                                  identified as being related │
│                                                  to given workload.          │
│ --namespace      -n  TEXT                        Kubernetes namespace        │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Options for kxi ────────────────────────────────────────────────────────────╮
│ --debug                                              Enable debug logging.   │
│ --version                                            Show the version and    │
│                                                      exit.                   │
│ --hostname,--ingress-ho      TEXT                    Hostname of kdb         │
│ st                                                   Insights deployment     │
│ --profile                    TEXT                    Name of configuration   │
│                                                      profile to use.         │
│ --realm                      TEXT                    Name of Keycloak realm  │
│ --serviceaccount-id          TEXT                    Service account ID to   │
│                                                      request an access token │
│                                                      with                    │
│ --serviceaccount-secret      TEXT                    Service account secret  │
│                                                      to request an access    │
│                                                      token with              │
│ --usage                      [microservices|enterpr  kdb Insights deployment │
│                              ise]                    type:                   │
│                                                      enterprise/microservic… │
│ --verbose                -v  INTEGER RANGE           Increase verbosity      │
│                                                      level                   │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --help      Show this message and exit.                                      │
╰──────────────────────────────────────────────────────────────────────────────╯

Use examples

To refine the results, you can use the command with a range of attributes and options that are displayed when running the --help command, as shown in the note above. Here are a few examples of using the command with different attributes:

The --workload option

When using the kxi obs logs command, workload refers to the package name. Add --workload and the package name to the command to see the logs related to a given package, as shown below:

kxi obs logs --workload package-name

The --log-component option

Add --log-component to the kxi obs logs command to filter based on the logs field called component.

In this context, component refers to the logs field whereas the --component option is used as a regex that's applied to the workload name.

For example, to get the logs for REST, run the command as follows:

kxi obs logs --log-component REST

The --component option

When using the --component option with the kxi obs logs command, component refers to a regex on the pod name, like dap, rt, sm or similar.

Here are a few examples:

  1. Retrieve the logs for all the packages that include the word 'test' in their name:

    kxi obs logs --component test
    
  2. Retrieve the logs for all the Data Access Processes (DAPs). All DAP pod names include dap:

    kxi obs logs --component dap
    
  3. Retrieve the logs for all Storage Manager (SM) as sm is found in all Storage Manager pod names:

    kxi obs logs --component sm
    

The --since-seconds option

Use the --since-seconds option with the kxi obs logs command to specify a relative time in seconds before the current time. It determines the starting point from which logs are displayed.

This option defaults to the last 30 minutes. If you don't specify a value, the system uses this default time. However, you can override this default and specify your own custom time window for the logs. For example, --since-seconds 180 shows logs from the past 3 minutes, whereas --since-seconds 3600 shows logs from the past 60 minutes.

Log retention and availability

Logs are available until the pod containers are deleted. Kubernetes stores logs on the cluster nodes, but if log files exceed a certain size that is configured by Kubernetes, older logs may be removed. For healthy containers with low log volume, older logs may be available. However, if errors cause rapid log growth, only more recent logs may be retained. For older logs, refer to your logging stack if configured.

Further reading

Refer to the logging documentation for more information on the logging tool.