Join fellow LogicMonitor users at the Elevate Community Conference and get hands-on with our latest product innovations.

Register Now

Platform

Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

Platform Overview
Infrastructure Monitoring
Cloud Monitoring
Digital Experience
AIOPS

Solutions

Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

Solutions Overview
By Initiative
By Industry

Resources

Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

View Resources
Learn

About us

Get to know LogicMonitor and our team.

About us
Get to know us
Services

Documentation

Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

View Resources
Support
TRY IT FREE
ON DEMAND DEMO

Product Documentation

Kubernetes Event Logging LogSource Configuration

Last updated on 18 September, 2024

LogSource is a LogicModule that provides templates to help you enable LM Logs and configure log data collection and forwarding. LogSource contains details about which logs to get and where to get them, and which fields should be considered for parsing. LogSource is available for common sources of log data. 

Requirements

The Kubernetes Event Logging LogSource type uses the LM Collector. When using the LM Collector with LogSource, the LM Collectors installed in your infrastructure must be version EA 31.200 or later. For information on how to upgrade a collector, see Managing Collectors.

Configuration Options

The following describes configuration details specific to the Kubernetes Event Logging type of LogSource. For general information on how to add a LogSource, see Configuring a LogSource.

Include Filters

You can add filters to include resources of certain types, for example an application. The output matching the filter criteria will be forwarded to the log ingestion process.

Available Parameters

AttributesComparison operatorValue exampleDescription
MessageEqual, NotEqual, Contain, NotContain, RegexMatch, RegexNotMatch.
ReasonEqual, NotEqual, Contain, NotContain, RegexMatch, RegexNotMatch.Free text possible as list is too long. See the Kubernetes documentation for examples of event reasons.
TypeEqual, NotEqual.Normal, Warning.Options are “Normal” and “Warning”. See the Kubernetes documentation for valid event types. A missing “Type” filter means including both “Normal” and “Warning” types.

Log Fields

You can configure Log Fields (tags) to send additional metadata with the logs.

Available parameters

MethodKey exampleValue exampleDescription
Static“Customer”“Customer_XYZ”
Dynamic(REGEX)“Host”“host=*”The query will run on the message field.
LM Property(Token)“Device”“##system.deviceId##”
Kubernetes AttributeType, Reason.
Dynamic Group Regex“Scheme, Login”“(https*):\/\/([]a-z]+)”The query runs on the message field and captures the first group value from Regex. The keys for Dynamic Group Regex can be added as a comma separated list and values are read from same number of groups.
For the Key and Value example provided in this table, the regex results in metadata for key and value, which is, Scheme and Login. For example,
The URL: https://admin:[email protected]/lm/apps/agent/mfsagent:e1?status=Up
Scheme: https
Login: (username extracted from the message)

Note: The Dynamic Group Regex method for log fields is available in EA Collector 36.100 and later versions.

Example

Configuration example for a Kubernetes Event Logging type of LogSource.

Basic Information

  • Name: Kubernetes_Events
  • Description: Data collection for event logs from monitored Kubernetes clusters.
  • AppliesTo (custom query): system.devicetype == “8” 
  • Type: LM Logs: Kubernetes Event Logging
  • Group: Kubernetes

Log Fields

MetodKeyValue
AttributeKubernetes_ReasonReason
AttributeEvent_typeType
In This Article

Start Your Trial

Full access to the LogicMonitor platform.
Comprehensive monitoring and alerting for unlimited devices.