Log Monitoring in Kubernetes
Dynatrace Log Monitoring supports collecting logs from Kubernetes container orchestration systems via OneAgent.
How auto-discovery works
For Kubernetes version 1.14+, OneAgent auto-discovers log messages written to the containerized application's stdout/stderr streams. Logs written directly to pods are not discovered by OneAgent. Kubernetes Engine saves these log streams to a file in the
/var/log/pods directory on the Kubernetes node. OneAgent auto-discovers these log files from that path.
Requirements for auto-discovery of Kubernetes logs:
- Docker, containerd, or CRI-O container runtime is used.
- The process running in the container is an important process.
- Logs are written to the container's stdout/stderr streams.
- The log file in
/var/log/podsexists for a minimum of one minute after container execution is finished.
Connecting logs with Kubernetes properties and annotations
Before you start, deploy Dynatrace Operator and enable Kubernetes API monitoring.
As OneAgent discovers logs from
/var/log/pods path on Kubernetes node, it connects specific logs to corresponding pods based on the pod
uid from the file path.
In addition, OneAgent enchances these logs with the following Kubernetes metadata:
This metadata is used to map the logs to the entity model of Kubernetes clusters, namespaces, workloads, and pods. As a result, the logs are present in the Kubernetes entity model on the Dynatrace platform.
As an alternative to OneAgent-based log collection, you can stream logs to Dynatrace with FluentD from Kubernetes and OpenShift: