Configuring LogSources for Kubernetes Event Logging
Last updated on 28 March, 2023LogSources is a LogicModule that provide templates to help you enable LM Logs and configure log data collection and forwarding. LogSources contain details about which logs to get and where to get them, and which fields should be considered for parsing. LogSources is available for common sources of log data. The following describes how to set up LogSources for Kubernetes Events Logging.
Requirements
The Kubernetes Events Logging log resource type uses the LM Collector. When using the LM Collector with LogSources, the LM Collectors installed in your infrastructure must be version EA 31.200 or later. For information on how to upgrade a collector, see Managing Collectors.
Configuration Options
The following describes configuration options specific to the Kubernetes Event Logging type of logsource. For information on how to add a logsource, see Creating LogSources.
Include Filters
You can add filters to include resources of certain types, for example an application. The output matching the filter criteria will be forwarded to the log ingestion process.
Available parameters
| Attributes | Comparison operator | Value example | Description |
| Message | Equal, NotEqual, Contain, NotContain, RegexMatch, RegexNotMatch. | ||
| Reason | Equal, NotEqual, Contain, NotContain, RegexMatch, RegexNotMatch. | Free text possible as list is too long. See Kubernetes for examples of event reasons. | |
| Type | Equal, NotEqual. | Normal, Warning. | Options are “Normal” and “Warning”. See Kubernetes for valid event types. A missing “Type” filter means including both “Normal” and “Warning” types. |
Log Fields/Tags
You can configure Log Fields/Tags to send additional metadata with the logs.
Available parameters
| Method | Key example | Value example | Description |
| Static | “Customer” | “Customer_XYZ” | |
| Dynamic(REGEX) | “Host” | “host=*” | The query will run on the message field. |
| LM Property(Token) | “Device” | “##system.deviceId##” | |
| Kubernetes Attribute | Type, Reason. |
Example
Configuration example for a Kubernetes Event Logging type of logsource.
General Information
- Name: Kubernetes_Events
- Description: Data collection template for event logs from monitored Kubernetes clusters.
- AppliesTo (custom query): system.devicetype == “8”
- Type: LM Logs: Kubernetes Event Logging
- Group: Kubernetes
Log Fields/Tags
| Method | Key | Value |
| Attribute | Kubernetes_Reason | Reason |
| Attribute | Event_type | Type |