Searching Kubernetes Logs Without A Logging Platform

November 22, 2023

kubernetes logging

Searching through pod logs on Kubernetes can be more challenging without a centralized logging platform like Datadog or Splunk.

Here’s how you can do it with kubectl and grep.

You can use kubectl to get logs for multiple containers by using their label:

kubectl logs -n kube-system -l k8s-app=kube-dns

To search the logs, just pipe it to grep:

kubectl logs -n kube-system -l k8s-app=kube-dns | grep -i "error"

If you would like to get a live tail and follow the logs, you can use the -f flag:

kubectl logs -f -n kube-system -l k8s-app=kube-dns

Then, you can pipe it into grep with --line-buffered for continuous output:

kubectl logs -f -n kube-system -l k8s-app=kube-dns | grep --line-buffered -i "error"

Note that there’s a default limit of 5 containers when using the follow flag -f.

You can get around this by setting --max-log-requests=<n>, where n is the number of containers you’d like to follow logs for.

Master GitHub Actions with a Senior Infrastructure Engineer

As a senior staff infrastructure engineer, I share exclusive, behind-the-scenes insights that you won't find anywhere else. Get the strategies and techniques I've used to save companies $500k in CI costs and transform teams with GitOps best practices—delivered straight to your inbox.

Not sure yet? Check out the archive.

Unsubscribe at any time.