# Kubernetes Container Logs

### Supported Platforms

<table><thead><tr><th width="213.70703125">Platform</th><th>Metrics</th><th>Logs</th><th>Traces</th></tr></thead><tbody><tr><td>Kubernetes DaemonSet</td><td></td><td>✓</td><td></td></tr><tr><td>OpenShift 4 DaemonSet</td><td></td><td>✓</td><td></td></tr></tbody></table>

### Configuration Table

<table><thead><tr><th width="143.9375">Field</th><th width="281.41015625">Default</th><th>Description</th></tr></thead><tbody><tr><td>Cluster Name*</td><td></td><td>The cluster name that will be added as the <code>k8s.cluster.name</code> resource attribute.</td></tr><tr><td>Log Source</td><td>File</td><td>Where to read logs from. Generally, this is <code>file</code>. <code>file</code> source supports Docker json-file and Containerd cri-o log formats. Options include <code>file</code> and <code>journald</code>.</td></tr><tr><td>File Path(s)</td><td><code>/var/log/containers/\*.log</code></td><td>When log_source is file. File or directory paths to tail for logs. Defaults to all container logs.</td></tr><tr><td>Journald Path*</td><td></td><td>When log_source is journald. The directory containing Journald's log files.</td></tr><tr><td>Exclude File Path</td><td><code>/var/log/containers/bindplane-*-agent-*</code></td><td>File or directory paths to exclude. Generally, the collector's own log should be excluded.</td></tr><tr><td>Start At</td><td>end</td><td>Start reading the logs from the 'beginning' or 'end'.</td></tr><tr><td>Recombine Logs</td><td></td><td>Options for configuring multi line logging. See <a href="#multi-line-logging">Multi Line Logging</a>.</td></tr></tbody></table>

<mark style="color:red;">\*</mark>*<mark style="color:red;">required field</mark>*

### Example Configuration

The Kubernetes Container logs source has one required parameter:

* Cluster Name: The name of the cluster, which will be inserted as the `k8s.cluster.name` resource attribute

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-f582701ec7f577196f45295cdde5c7f45a941319%2Fintegrations-sources-kubernetes-container-logs-image-1.png?alt=media" alt="Bindplane docs - Kubernetes Container Logs - image 1"><figcaption></figcaption></figure>

Once running on a collector, logs will look like this:

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-90e06431cce23aa44ae0c3cdb71010536b74782d%2Fintegrations-sources-kubernetes-container-logs-image-2.png?alt=media" alt="Bindplane docs - Kubernetes Container Logs - image 2"><figcaption></figcaption></figure>

### Multi Line Logging

Multi line logging is useful for re-assembling multi line logs into a single log entry. Multi-line log\
re-assembly requires that all logs emitted by the application are consistent in structure. For example, the logs must start or end in a consistent way, in order to reliably match on the beginning or end of the log. If your application has inconsistent logging, multi-line log re-assembly will behave in irregular ways, such as combining two unique logs into one.

Multi line logging is supported by configuring a selector, selector match expression, and a recombine match expression.

<table><thead><tr><th width="244.5390625">Field</th><th>Description</th></tr></thead><tbody><tr><td>Selector</td><td>The OTTL path to match on.</td></tr><tr><td>Selector Match Expression</td><td>A regular expression used to match the selector.</td></tr><tr><td>Recombine Type</td><td>Whether or not to recombine logs by matching the first or last line in the log.</td></tr><tr><td>Recombine With</td><td>The delimiter used to recombine logs. Defaults a single space or newline character.</td></tr><tr><td>Recombine Match Expression</td><td>The regular expression used to recombine the multi-line log.</td></tr></tbody></table>

#### Example

In this example, there are two Deployments. One is logging XML while the other is logging JSON.

```bash
NAME                    READY   STATUS    RESTARTS      AGE
json-7d4fd9fd99-f29sl   1/1     Running   1 (38m ago)   3h49m
xml-b44858b84-hdbqp     1/1     Running   1 (38m ago)   3h49m
```

The XML logs are a combination of multi-line and single line logs. Each log has a timestamp prefix\
indicating the start of the log.

```xml
2024-07-01 18:49:15 <person>
                      <name>John Doe</name>
  <age>30</age>
</person>
2024-07-01 18:49:15 <person><name>John Doe</name><age>30</age></person>
```

The JSON logs are a combination of multi-line and single line logs. Each log has a trailing `}` without\
a comma, indicating the end of the log.

```json
{
  "timestamp": "2024-07-01 18:51:56",
  "name": "John Doe",
  "user": {
    "name": "John Doe",
    "age": 25
  },
  "location": "New York",
  "type": "Checking",
  "severity": "warn"
}
{"timestamp":"2024-07-01 18:51:56","name":"John Doe","user":{"name":"John Doe","age":25},"location":"New York","type":"Checking","severity":"warn"}
```

Multi-line logging can be configured by matching on the First Entry of the XML logs and the Last Entry\
of the JSON logs. The `k8s.pod.name` resource attribute is used to select the XML and JSON pods.

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-95b9eeb416d733eae00fb8d53a088e4f6c5b7ad8%2Fintegrations-sources-kubernetes-container-logs-image-3.png?alt=media" alt="Bindplane docs - Kubernetes Container Logs - image 3"><figcaption></figcaption></figure>

Once configured, logs will be re-assembled into a single line.

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-af9317cf6b3b8635dccbca69b5518c8a37f0e6c1%2Fintegrations-sources-kubernetes-container-logs-image-4.png?alt=media" alt="Bindplane docs - Kubernetes Container Logs - image 4"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bindplane.com/integrations/sources/kubernetes-container-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.