Observability Logs
This page explains how to retrieve observability logs using the kdb Insights Enterprise Command Line Interface (CLI).
The kxi obs logs command provides a simple and efficient way to access logs from the system, making it easier for users without Kubernetes access or those who prefer using the CLI.
Running the kxi obs logs command calls all the logs in the system. If there are too many logs, the action could fail due to a timeout. Use additional options to refine the results. For example, running the following command returns all the errors in the system:
kxi obs logs --level ERROR
You can use the --help command to provide information regarding the additional options.
Usage: kxi obs logs [OPTIONS]
Get logs for a process running on insights.
╭─ Options for logs ───────────────────────────────────────────────────────────╮
│ --aggregate Aggregate all log messages │
│ based on their log level. │
│ --by-pod Group by pod name & log │
│ level. `aggregate` must be │
│ set with this flag. │
│ --pretty/--json Pretty print response json. │
│ --watch -w Watch logs continuously. │
│ Until interrupted. │
│ --component TEXT Regex to be applied to │
│ workload name. │
│ --container TEXT Filter on name of workload │
│ container. │
│ --corr TEXT Filter log messages based │
│ on 'correlator' field. │
│ --label TEXT Comma separated list of │
│ labels and values to filter │
│ pods. │
│ --level [TRACE|DEBUG|INFO|WARN|WAR Minimum log level to │
│ NING|ERROR|FATAL] return. │
│ [default: INFO] │
│ --log-component TEXT Filter based on the log │
│ message 'component' field. │
│ --pod TEXT Filter on name of workload │
│ pod. │
│ --search TEXT Simple string search of log │
│ message field. Case │
│ insensitive. │
│ --since-seconds INTEGER A relative time in secs │
│ before the current time │
│ from which to show logs. │
│ --since-time TEXT An RFC3339 timestamp from │
│ which to show logs. │
│ --tail-lines INTEGER The number of lines from │
│ the end of the logs to show │
│ for each container. │
│ --timeout INTEGER Timeout in seconds for │
│ request │
│ --workload TEXT Limit results to components │
│ identified as being related │
│ to given workload. │
│ --namespace -n TEXT Kubernetes namespace │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Options for kxi ────────────────────────────────────────────────────────────╮
│ --debug Enable debug logging. │
│ --version Show the version and │
│ exit. │
│ --hostname,--ingress-ho TEXT Hostname of kdb │
│ st Insights deployment │
│ --profile TEXT Name of configuration │
│ profile to use. │
│ --realm TEXT Name of Keycloak realm │
│ --serviceaccount-id TEXT Service account ID to │
│ request an access token │
│ with │
│ --serviceaccount-secret TEXT Service account secret │
│ to request an access │
│ token with │
│ --usage [microservices|enterpr kdb Insights deployment │
│ ise] type: │
│ enterprise/microservic… │
│ --verbose -v INTEGER RANGE Increase verbosity │
│ level │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --help Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────╯
Use examples
To refine the results, you can use the command with a range of attributes and options that are displayed when running the --help command, as shown in the note above. Here are a few examples of using the command with different attributes:
The --workload option
When using the kxi obs logs command, workload refers to the package name. Add --workload and the package name to the command to see the logs related to a given package, as shown below:
kxi obs logs --workload package-name
The --log-component option
Add --log-component to the kxi obs logs command to filter based on the logs field called component.
In this context, component refers to the logs field whereas the --component option is used as a regex that's applied to the workload name.
For example, to get the logs for REST, run the command as follows:
kxi obs logs --log-component REST
The --component option
When using the --component option with the kxi obs logs command, component refers to a regex on the pod name, like dap, rt, sm or similar.
Here are a few examples:
-
Retrieve the logs for all the packages that include the word 'test' in their name:
kxi obs logs --component test -
Retrieve the logs for all the Data Access Processes (DAPs). All DAP pod names include
dap:kxi obs logs --component dap -
Retrieve the logs for all Storage Manager (SM) as
smis found in all Storage Manager pod names:kxi obs logs --component sm
The --since-seconds option
Use the --since-seconds option with the kxi obs logs command to specify a relative time in seconds before the current time. It determines the starting point from which logs are displayed.
This option defaults to the last 30 minutes. If you don't specify a value, the system uses this default time. However, you can override this default and specify your own custom time window for the logs. For example, --since-seconds 180 shows logs from the past 3 minutes, whereas --since-seconds 3600 shows logs from the past 60 minutes.
Log retention and availability
Logs are available until the pod containers are deleted. Kubernetes stores logs on the cluster nodes, but if log files exceed a certain size that is configured by Kubernetes, older logs may be removed. For healthy containers with low log volume, older logs may be available. However, if errors cause rapid log growth, only more recent logs may be retained. For older logs, refer to your logging stack if configured.
Further reading
Refer to the logging documentation for more information on the logging tool.