Skip to content

K8

Monitor k8 logs in splunks

`macro_kubernetes_logs` (kubernetes_node_labels="*" OR host="*") host=* kubernetes_container_id=5746401110bd4553a0d4bfca208d725c6e38e22ba86deb5c3f1c800b96602e64 docker_stream=* kubernetes_namespace=production _raw=*fail* | table _time, kubernetes_container_unique_name, docker_stream, _raw