How to tail all logs in a kubernetes cluster

5/3/2019

I tried this command:

kubectl logs --tail

I got this error/help output:

Error: flag needs an argument: --tail


Aliases:
logs, log

Examples:
  # Return snapshot logs from pod nginx with only one container
  kubectl logs nginx

  # Return snapshot logs for the pods defined by label app=nginx
  kubectl logs -lapp=nginx

  # Return snapshot of previous terminated ruby container logs from pod web-1
  kubectl logs -p -c ruby web-1

  # Begin streaming the logs of the ruby container in pod web-1
  kubectl logs -f -c ruby web-1

  # Display only the most recent 20 lines of output in pod nginx
  kubectl logs --tail=20 nginx

  # Show all logs from pod nginx written in the last hour
  kubectl logs --since=1h nginx

  # Return snapshot logs from first container of a job named hello
  kubectl logs job/hello

  # Return snapshot logs from container nginx-1 of a deployment named nginx
  kubectl logs deployment/nginx -c nginx-1

ummm I just want to see all the logs, isn't this a common thing to want to do? How can I tail all the logs for a cluster?

-- Alexander Mills
amazon-eks
aws-eks
eks
kubectl
kubernetes

5 Answers

6/3/2019

For your applications data, you probably just want to tail all the pods in the cluster.

But if you want logs for the control-plane of a cluster - you can use: https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-eks-now-delivers-kubernetes-control-plane-logs-to-amazon-/

-- Alexander Mills
Source: StackOverflow

5/4/2019

If you don't mind using a third party tool, kail does exactly what you're describing.

Streams logs from all containers of all matched pods. [...] With no arguments, kail matches all pods in the cluster.

-- Antoine Cotten
Source: StackOverflow

11/19/2019

kail from the top answer is Linux and macOS only, but Stern also works on Windows.

It can do pod matching based on e.g. a regex match for the name, and then can follow the logs.

To follow ALL pods without printing any prior logs from the default namespace you would run e.g.:

stern ".*" --tail 0

For absolutely everything, incl. internal stuff happening in kube-system namespace:

stern ".*" --all-namespaces --tail 0

Alternatively you could e.g. follow all login-.* containers and get some context with

stern "login-.*" --tail 25
-- Janne Enberg
Source: StackOverflow

5/4/2019

The only thing you can do is to get logs of multiple pods using label selectors like this:

kubectl logs -f -l app=nginx -l app=php 

For getting all logs of the entire cluster you have to setup centralized log collection like Elasticsearch, Fluentd and Kibana. Simplest way to do it is installation using Helm charts like described here: https://linux-admin.tech/kubernetes/logging/2018/10/24/elk-stack-installation.html

-- Vasily Angapov
Source: StackOverflow

5/3/2019

I have hardly ever seen anyone pulling all logs from entire clusters, because you usually either need logs to manually search for certain issues or follow (-f) a routine, or collect audit information, or stream all logs to a log sink to have them prepared for monitoring (e.g. prometheus).

However, if there's a need to fetch all logs, using the --tail option is not what you're looking for (tail only shows the last number of lines of a certain log source and avoids spilling the entire log history of a single log source to your terminal).

For kubernetes, you can write a simple script in a language of your choice (bash, Python, whatever) to kubectl get all --show-all --all-namespaces and iterate over the pods to run kubectl -n <namespace> logs <pod>; but be aware that there might be multiple containers in a pod with individual logs each, and also logs on the cluster nodes themselves, state changes in the deployments, extra meta information that changes, volume provisioning, and heaps more.

That's probably the reason why it's quite uncommon to pull all logs from an entire cluster and thus there's no easy (shortcut) way to do so.

-- jbndlr
Source: StackOverflow