Documentation forSolarWinds Observability SaaS

Update Kubernetes cluster logs collection

When a Kubernetes cluster is monitored by SolarWinds Observability SaaS, all logs and events from the Kubernetes (K8s) cluster are collected by default and available in the Logs Explorer.

The configuration can be changed when installing or updating the SWO K8s Collector Helm chart on a cluster. To change which logs are collected from a K8s cluster, provide a custom otel.logs.filter.log_record value in the values.yaml using the OTTL syntax. See Add a Kubernetes cluster.

The following is an example that scrapes logs from both the kube-* and my-custom-namespace namespaces.

otel:
   logs:
     filter:
       log_record:
         - not(IsMatch(resource.attributes["k8s.namespace.name"], "^(kube-.*)|(my-custom-namespace)$"))

The following is an example that collects logs only from the my-custom-namespace namespace and discards logs from an Istio proxy sidecar about successful HTTP requests.

otel:
   logs:
     filter:
       log_record:
         - not(IsMatch(resource.attributes["k8s.namespace.name"], "^my-custom-namespace$"))
         - |
           resource.attributes["k8s.container.name"] == "istio-proxy" and
           IsMatch(body, "\\[[^\\]]*\\] \"\\S+ \\S+ HTTP/\\d(\\.\\d)*\" 200.*")

Update Kubernetes cluster logs collection for SWO K8s Collector 3.4.2 and earlier

The below information is valid for SWO K8s Collector versions prior to 4.0.0. Plan on upgrading the SWO K8s Collector, and avoid using deprecated features.

When a Kubernetes cluster is monitored by SolarWinds Observability SaaS, some logs and events from the Kubernetes (K8s) cluster are collected by default and available in the Logs Explorer. To avoid processing an excessive amount of data, the default setting for the SWO K8s Collector only collects logs from the internal K8s container.

The default configuration uses a filter to include logs from the kube-* namespace. The configuration can be changed when installing or updating the SWO K8s Collector Helm chart on a cluster. To change which logs are collected from a K8s cluster, provide a custom otel.logs.filter value in the values.yaml. See Add a Kubernetes cluster.

The following is an example that scrapes logs from both the kube-* and my-custom-namespace namespaces.

otel:
  logs:
    filter:
      include:
        match_type: regexp
        record_attributes:
          - key: k8s.namespace.name
            value: ^(kube-.*)|(my-custom-namespace)$

The following is an example that scrapes logs from all namespaces.

otel:
  logs:
    filter:
      include:
        match_type: regexp
        record_attributes:
          - key: k8s.namespace.name
            value: ^.*$