Update Kubernetes cluster logs collection

When a Kubernetes cluster is monitored by SolarWinds Observability, some logs and events from the Kubernetes (K8s) cluster are collected by default and available in the Logs Explorer. To avoid processing an excessive amount of data, the default setting for the SWO K8s Collector only collects logs from the internal K8s container.

The default configuration uses a filter to include logs from the kube-* namespace. The configuration can be changed when installing or updating the SWO K8s Collector Helm chart on a cluster. To change which logs are collected from a K8s cluster, provide a custom otel.logs.filter value in the values.yaml. See Add a Kubernetes cluster.

The following is an example that scrapes logs from both the kube-* and my-custom-namespace namespaces.

otel:
  logs:
    filter:
      include:
        match_type: regexp
        record_attributes:
          - key: k8s.namespace.name
            value: ^(kube-.*)|(my-custom-namespace)$

The following is an example that scrapes logs from all namespaces.

otel:
  logs:
    filter:
      include:
        match_type: regexp
        record_attributes:
          - key: k8s.namespace.name
            value: ^.*$

Search SolarWinds Support

Update Kubernetes cluster logs collection