Kubectl Logs Tail | How to Tail Kubernetes Logs
The kubectl logs tail command is a tool that allows users to stream the logs of a pod in real-time while using Kubernetes. This command is particularly useful for debugging and monitoring applications, as it enables users to view log output as it is generated and quickly identify any issues or problems with their application.
In this article, we will see how to use the kubectl logs tail command to stream logs, the benefits of using the command, and an advanced tool for streaming logs.
Before we get started, let's quickly review some essential Kubernetes concepts.
What is kubectl?
Kubectl is the Kubernetes command-line tool that enables users to execute commands and interact with their Kubernetes cluster for everyday management tasks. With kubectl, users can perform various tasks related to the administration and maintenance of their cluster and applications, such as creating and updating deployments, scaling replicas, rolling out new features, etc.
What is the kubectl logs command?
The kubectl logs command is a useful tool for accessing and viewing the logs of pods in a Kubernetes cluster. With this command, you can retrieve the log output of a pod and display it in the terminal for inspection.
Syntax for the kubectl logs command usage:
$ kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]
The kubectl logs command provides various flags that can be used to tailor its functionality to your needs.
Some common options for kubectl logs include:
--follow: Continuously stream the logs as they are generated.--tail: Specify the number of lines of log output to display.--since: Only show log output generated within a certain duration.--timestamps: Add timestamps to the log output.
A full list of all flag options by the command can be found on the official Kubernetes documentation page.
The tail flag
The tail flag can be used in conjunction with the kubectl logs command to stream the latest logs in real-time, rather than returning all the logs at once. It can be used to specify the number of log lines to show from the end of the logs for a specific container in a pod.
Let's look at different ways to use the tail command with the kubectl logs command:
Using the tail command with the pod name
The syntax for usage:
kubectl logs --tail=[number] [pod-name]
This will show the most recent [number] lines of output from the container in the specified pod.
An example is shown below;
# Display only the most recent 10 lines of output in pod nginx
$ kubectl logs --tail=10 nginx
2023/01/05 08:16:27 [notice] 1#1: using the "epoll" event method
2023/01/05 08:16:27 [notice] 1#1: nginx/1.23.3
2023/01/05 08:16:27 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/01/05 08:16:27 [notice] 1#1: OS: Linux 5.15.0-52-generic
2023/01/05 08:16:27 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/01/05 08:16:27 [notice] 1#1: start worker processes
2023/01/05 08:16:27 [notice] 1#1: start worker process 30
2023/01/05 08:16:27 [notice] 1#1: start worker process 31
2023/01/05 08:16:27 [notice] 1#1: start worker process 32
2023/01/05 08:16:27 [notice] 1#1: start worker process 33
In the below example, the tail number has been set to 15
# Display only the most recent 15 lines of output in pod nginx
$ kubectl logs --tail=15 nginx
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/01/05 08:16:27 [notice] 1#1: using the "epoll" event method
2023/01/05 08:16:27 [notice] 1#1: nginx/1.23.3
2023/01/05 08:16:27 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/01/05 08:16:27 [notice] 1#1: OS: Linux 5.15.0-52-generic
2023/01/05 08:16:27 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/01/05 08:16:27 [notice] 1#1: start worker processes
2023/01/05 08:16:27 [notice] 1#1: start worker process 30
2023/01/05 08:16:27 [notice] 1#1: start worker process 31
2023/01/05 08:16:27 [notice] 1#1: start worker process 32
2023/01/05 08:16:27 [notice] 1#1: start worker process 33
Using the tail command for all containers in a pod
The syntax for usage:
kubectl logs --tail=[number] --all-containers [pod-name]
This will show the most recent [number] lines of output from all containers in the specified pod.
Using the tail command for a specific container in a pod
The syntax for usage:
kubectl logs --tail=[number] -c [container-name] [pod-name]
This will show the most recent [number] lines of output from a specific container in the specified pod.
Using the tail flag with the f flag
The syntax for usage:
kubectl logs --tail=[number] -f [pod-name] or
kubectl logs -f --tail=[number] [pod-name]
This will stream the logs from the container in the specified pod and show the most recent [number] lines of output. New lines will be shown as they are written.
An example can be seen below;
$ kubectl logs -f --tail=10 queue
INFO | Apache ActiveMQ 5.14.3 (localhost, ID:queue-41599-1672906401588-0:1) started
INFO | For help or more information please see: <http://activemq.apache.org>
WARN | Store limit is 102400 mb (current store usage is 0 mb). The data directory: /apache-activemq-5.14.3/data/kahadb only has 31771 mb of usable space. - resetting to maximum available disk space: 31771 mb
WARN | Temporary Store limit is 51200 mb (current store usage is 0 mb). The data directory: /apache-activemq-5.14.3/data only has 31771 mb of usable space. - resetting to maximum available disk space: 31771 mb
INFO | No Spring WebApplicationInitializer types detected on classpath
INFO | ActiveMQ WebConsole available at <http://0.0.0.0:8161/>
INFO | ActiveMQ Jolokia REST API available at <http://0.0.0.0:8161/api/jolokia/>
INFO | Initializing Spring FrameworkServlet 'dispatcher'
INFO | No Spring WebApplicationInitializer types detected on classpath
INFO | jolokia-agent: Using policy access restrictor classpath:/jolokia-access.xml
Using the tail flag with the p flag
The syntax for usage:
kubectl logs --tail=[number] -p [pod-name] or
kubectl logs -p --tail=[number] [pod-name]
This will show the most recent [number] lines of output from the previously terminated container in the specified pod.
An example is shown below;
$ kubectl logs -p --tail=10 queue
INFO | Connector mqtt stopped
INFO | Connector ws stopped
INFO | PListStore:[/apache-activemq-5.14.3/data/localhost/tmp_storage] stopped
INFO | Stopping async queue tasks
INFO | Stopping async topic tasks
INFO | Stopped KahaDB
INFO | Apache ActiveMQ 5.14.3 (localhost, ID:queue-39515-1672238886867-0:1) uptime 11 minutes
INFO | Apache ActiveMQ 5.14.3 (localhost, ID:queue-39515-1672238886867-0:1) is shutdown INFO | Closing org.apache.activemq.xbean.XBeanBrokerFactory$1@5bcab519: startup date [Wed Dec 28 14:48:01 UTC 2022]; root of context hierarchy
INFO | Destroying Spring FrameworkServlet 'dispatcher'
Using the tail flag with the since flag
Syntax for usage:
kubectl logs --tail=[number] --since=[duration] [pod-name]
This will show the most recent [number] lines of logs written in the past [duration], for example, 1h, from the container in the specified pod.
$ kubectl logs --tail=5 --since=1h nginx
2023/01/05 08:16:27 [notice] 1#1: start worker processes
2023/01/05 08:16:27 [notice] 1#1: start worker process 30
2023/01/05 08:16:27 [notice] 1#1: start worker process 31
2023/01/05 08:16:27 [notice] 1#1: start worker process 32
2023/01/05 08:16:27 [notice] 1#1: start worker process 33
Benefits of the kubectl logs tail command
The kubectl logs --tail command offers the ability to stream the most recent logs in real-time, making it an invaluable tool for debugging issues within a pod. By providing a live view of the logs as they are generated, this command enables users to quickly identify and troubleshoot problems as they arise. For instance, if an error is occurring in a container, kubectl logs --tail can be used to stream the logs and search for error messages or other indicators of the issue at hand.
In addition to its usefulness in debugging, kubectl logs --tail can also serve as a means of monitoring the output of long-running processes. By streaming the logs of such processes, users can track the progress of a task and identify any potential issues as they occur. This feature can be particularly helpful in keeping tabs on the status of tasks that take an extended period of time to complete.
Use cases of kubectl logs tail command
Here are some use cases where `kubectl logs tail`` command can be useful:
Debugging Application Issues: Quickly inspecting recent log entries to diagnose issues or errors in a specific pod.
Monitoring Real-Time Events: Observing real-time log outputs for applications during critical operations or deployments.
Troubleshooting Kubernetes System Components: Checking logs of Kubernetes system pods to diagnose cluster-level issues.
Quick Log Checks: Performing rapid, ad-hoc log inspections without the need for complex logging infrastructure.
Post-Deployment Verification: Verifying application behavior immediately after deployment by reviewing recent logs.
Incident Response: In the event of an incident, quickly tailing logs to understand recent changes or errors.
Final Thoughts
kubectl logs tail is a useful command for accessing and following the logs of a running container in a Kubernetes cluster. While it can be a convenient way to view and troubleshoot logs in real-time, it may not be the most efficient or comprehensive solution for managing logs in a production environment. These limitations include the lack of built-in features for organizing, storing, or analyzing logs, and the lack of options for filtering or highlighting specific log events. In addition, the command does not provide any alerting or notification capabilities and does not integrate with other tools or platforms for log management or analysis.
To overcome these limitations, consider using a third-party log management system like SigNoz, which provides a centralized platform for storing, analyzing, and visualizing logs from multiple sources. SigNoz can help you to gain insights into the performance and health of your Kubernetes applications, and identify and resolve issues more efficiently.
Kubectl log analysis with SigNoz
SigNoz is a cloud-native observability platform that provides comprehensive logs and metrics management and tracing capabilities for Kubernetes clusters. It offers a robust platform for log analysis and monitoring in Kubernetes clusters, making it easy to collect, search, analyze, and visualize logs generated by pods and containers.
One of the key features offered by SigNoz is the ability to analyze logs generated by kubectl. This is accomplished by forwarding the cluster logs to SigNoz, which then automatically ingests and indexes the logs. This allows users to query and analyze the logs in real-time through the SigNoz web interface or API.
SigNoz's logs tab offers numerous advanced features, including a log query builder, the ability to search through multiple fields, a structured table view, and the option to view logs in JSON format.
With SigNoz, you have the ability to analyze logs in real-time, allowing for quick searching, filtering, and visualization as they are generated. This can aid in uncovering patterns, trends, and potential issues and resolving them in a timely manner.
The advanced Log Query Builder feature in SigNoz allows you to filter logs quickly by using a combination of different fields.
Getting started with SigNoz
SigNoz can be installed on macOS or Linux computers in just three steps by using a simple install script.
The install script automatically installs Docker Engine on Linux. However, on macOS, you must manually install Docker Engine before running the install script.
git clone -b main <https://github.com/SigNoz/signoz.git>
cd signoz/deploy/
./install.sh
You can visit our documentation for instructions on how to install SigNoz using Docker Swarm and Helm Charts.
Related Posts
Using Kubectl Logs | How to view Kubernetes Pod Logs? | SigNoz
