背景需求
Azure(Global) AKS集群中,需要查询部署服务的历史日志,例如:我部署了服务A,但服务A的上一个版本Pod已经被杀掉由于版本的更新迭代,而我在命令行中只能看到当前版本的pod日志,无法通过kubectl logs 看到应用的历史日志(例如上一个版本的pod日志),但如果这时候需要看,那么就需要手动去写AKS的KQL语句来查询了
查询语句(Azure Global)
##queryPodLogs for Azure Global AKS
let startTimestamp = ago(7d);
//namespace
let aksNameSpace = "shop";
// specific podName
let aksPodName = "shop-backend-dev-j9w";
// specific contaierName
let aksContainerName = "shop-backend-dev";
// queryStartTime(UTC)
// queryEndTime(UTC)
ContainerLogV2
| where TimeGenerated > startTimestamp
| where PodName contains aksPodName and PodNamespace contains aksNameSpace and ContainerName contains aksContainerName
| where TimeGenerated between(datetime("2024-04-27 00:00:00") .. datetime("2024-04-30 05:00:00"))
| project TimeGenerated, PodNamespace, ContainerId, ContainerName, PodName, LogMessage, LogSource
| sort by TimeGenerated desc
查询注意事项
查询前,记得修改下图上红线所划出来的参数值,具体解释都有标注
Tips:
如果不行的话试下我在下面提供的另一条KQL语句,因为在我写KQL语句的这段时间,似乎Azure Monitor这个模块的数据表正在做迁移,最后我是试了上面的语句成功查询出来的,而Azure内部的朋友经过实验他是用以下语句,联表查询到的数据,但我用下面这个语句查出来就一直是空的,查不到任何数据,所以这个可能需要视情况而定。
let startTimestamp = ago(7d);
let aksNameSpace = "shop";
let aksPodName = "shop-backend-dev-j9w";
// let aksContainerName = "shop-backend-dev";
KubePodInventory
| where TimeGenerated > startTimestamp
| project ContainerID, PodName=Name, Namespace, ContainerName
| where PodName contains aksPodName and Namespace contains aksNameSpace
// and ContainerName contains aksContainerName
| distinct ContainerID, PodName, ContainerName
| join
(
ContainerLogV2
| where TimeGenerated between(datetime("2024-04-29 00:00:00") .. datetime("2024-04-29 05:00:00")) //修改时间
)
on ContainerName
| project TimeGenerated, PodName, ContainerName, LogMessage, LogSource
| sort by TimeGenerated desc