Grep for specific text from kubernetes multiple pods

2/17/2021

I have two pods running for a specific service. I want to get logs related to both the pods and check for specific text.

For that I used ,as described here:

kubectl logs -l app=my-app -c my-app-container --since=25m | grep -i "search-text" |wc -l

This does not output anything, even though there are matching text for search-text

Then tried with deployments

kubectl logs deployment/my-app-deployment -c my-app-container --since=90m | grep -i "search-text" |wc -l

How can I search for this specific string in all related pods?

kubectl logs my-pod-1 -c my-app-container --since=90m | grep -i "search-text" |wc -l, this gives the proper count.

References :

Get all Logs from a specific container in a replica set <br> how to get logs of deployment from kubernetes

-- Sachith Muhandiram
grep
kubernetes
kubernetes-pod
logging
wc

1 Answer

3/3/2021

kubectl logs is limited to viewing a single pod’s logs at a time. However, you can use the -l flag to use a selector (label query) to filter on. For example:

kubectl logs -l app=nginx -l app=php 

Use -c flag if you need to see container logs. More supported flags and examples can be found here.

When you are able to see the logs from desired Pods/Containers it is time to use grep to filter out the output. For example, I got some logs from a Pod:

~$ kubectl logs nginx-app-b8b875889-4nn52
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up

and I would like to only see lines with the word "configuration", so I execute:

$ kubectl logs nginx-app-b8b875889-4nn52 | grep configuration
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration

or if I would like to count lines with the word "info" than:

$ kubectl logs nginx-app-b8b875889-4nn52 | grep info |wc -l
2

More details can be found in the grep manual. Bear in mind that if you don't specify arguments like --since= or --tail= and the Pod your are trying to view logs from is running for some longer period of time the results may be misleading.

Normally, I would also suggest to use 3rd party tools like Stern or Kubetail which are more powerful than simple kubectl logs but in your use case combining both:

  • kubectl logs -l

and:

  • | grep

is the way to go.

EDIT:

Also make sure you are greping from the proper resources. From your question it seems that you run kubectl logs deployment/my-app-deployment and than kubectl logs my-pod-1 -c my-app-container which does not correspond to the my-app-deployment deployment. List all deployments, pods and labels to be confident that you check the right resource. Use:

kubectl get deploy,pods --show-labels 
-- Wytrzymały Wiktor
Source: StackOverflow