K
Q

Grep for specific text from kubernetes multiple pods

2/17/2021

I have two pods running for a specific service. I want to get logs related to both the pods and check for specific text.

For that I used ,as described here:

kubectl logs -l app=my-app -c my-app-container --since=25m | grep -i "search-text" |wc -l

This does not output anything, even though there are matching text for search-text

Then tried with deployments

kubectl logs deployment/my-app-deployment -c my-app-container --since=90m | grep -i "search-text" |wc -l

How can I search for this specific string in all related pods?

kubectl logs my-pod-1 -c my-app-container --since=90m | grep -i "search-text" |wc -l, this gives the proper count.

References :

Get all Logs from a specific container in a replica set <br> how to get logs of deployment from kubernetes

-- Sachith Muhandiram
grep
kubernetes
kubernetes-pod
logging
wc

Similar Questions

kubectl run with env var from a secret config
Hide Completed and other finished pods by default
Selenium Hub cannot handle test queue when deployed with Kubernetes
Permission Denied when deploying docker image to Kubernetes Engine
How to create a binary that contains zoneinfo.zip

1 Answer

3/3/2021

kubectl logs is limited to viewing a single pod’s logs at a time. However, you can use the -l flag to use a selector (label query) to filter on. For example:

kubectl logs -l app=nginx -l app=php

Use -c flag if you need to see container logs. More supported flags and examples can be found here.

When you are able to see the logs from desired Pods/Containers it is time to use grep to filter out the output. For example, I got some logs from a Pod:

~$ kubectl logs nginx-app-b8b875889-4nn52
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up

and I would like to only see lines with the word "configuration", so I execute:

$ kubectl logs nginx-app-b8b875889-4nn52 | grep configuration
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration

or if I would like to count lines with the word "info" than:

$ kubectl logs nginx-app-b8b875889-4nn52 | grep info |wc -l
2

More details can be found in the grep manual. Bear in mind that if you don't specify arguments like --since= or --tail= and the Pod your are trying to view logs from is running for some longer period of time the results may be misleading.

Normally, I would also suggest to use 3rd party tools like Stern or Kubetail which are more powerful than simple kubectl logs but in your use case combining both:

  • kubectl logs -l

and:

  • | grep

is the way to go.

EDIT:

Also make sure you are greping from the proper resources. From your question it seems that you run kubectl logs deployment/my-app-deployment and than kubectl logs my-pod-1 -c my-app-container which does not correspond to the my-app-deployment deployment. List all deployments, pods and labels to be confident that you check the right resource. Use:

kubectl get deploy,pods --show-labels
-- Wytrzymały Wiktor
Source: StackOverflow