Applying Filters while Monitoring Kubernetes Resources

Argus discovers all Kubernetes resources that are monitored by LogicMonitor. In addition, you can use Argus to exclude resources from monitoring.

You can add resource filters in the Argus configuration files under the filter parameters. The rule engine evaluates rules sequentially; when the first rule is met and is evaluated as true, the rule engine breaks the rules evaluation, and the resource is excluded. A set of rules are grouped according to resource types.

Following is the sample configuration:

    - name =~ "nginx"
    - namespace == "kube-system"
    - name =~ "nginx"
    - namespace == "default"

LogicMonitor uses the open-source Govaluate library for evaluating the filter expressions.  For more information on the syntax of the filter expressions, see  Govaluate expressions manual.

Rule Engine Variables

You can write filter rules using the following variables that are made available to the rule engine:

Variable NameValueValue DatatypeComments
nameResource NameString
namespaceResource NamespaceStringEmpty, if the resource is not namespace scoped
Resource labels with their keys as variable namesResource Labels values against its keysString
Resource annotations with their keys as variable namesResource Annotations values against its keysStringIn case of the same key in annotations and labels, the label value gets higher precedence and is used for evaluation

Rule Writing Guidelines

1. Rules must be written in single-quoted strings to avoid parsing errors across YAML conversions.

2. There must be no distinction such as include rules and exclude rules. If the rule is evaluated as true that means resources will get excluded.

Note: In some cases, if you want to simplify the rule, then you can write the include rule and invert its value to make it an exclude rule.

For example:
If you want to monitor only resources of a single namespace “frontend” then the rule
is'!(ns == "frontend")'

Note: Regex expressions may not work in some cases, which include dots (.) and hyphens (-) in expressions.

Available Operators to Write Rules

==EqualityExact string matchns == "default"
!=InequalityIs not equal to the exact stringname != "nginx"
=~Regex matchRegex having dot and hyphen may not work in some casesname =~ "nginx"
Resources having prefixes as Nginx in their name, then the resources will get excluded
!~Inverted regex patternEquivalent to !(<regex>)name !~ “nginx” equivalent to !(name =~ “nginx”)
Resources that do not have Nginx in the name will be excluded
&&Logical ANDShort circuits if the left side expression is falsens == "default" && name =~ "nginx". This will exclude resources of the default namespace that has Nginx in the name
||Logical ORShort circuits if the left side evaluates to true.Although the operator is available, you must write another rule if the left side and right side are not logically connected, as the set of rules are OR’ed.
inMembership in arrayPerforms equality == to check membershipns in ("kube-system", "kube-public")
This will exclude the resources of mentioned namespaces
()Parenthesis to group
In This Article