Scribd
Upload
5 views5 pages

GSPDQLLB200 DQL Practice Kubernetes Logs

Uploaded by

Carioca2011
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views5 pages

GSPDQLLB200 DQL Practice Kubernetes Logs

Uploaded by

Carioca2011
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

DQL Practice

Kubernetes Logs
Practice DQL - Labs
CONTENTS
1. Introduction ........................................................................................................................................3
1.1 Requirements .......................................................................................................................................................................... 3
1.2 Prerequisites ........................................................................................................................................................................... 3
2. Build a Query for Kubernetes Logs ....................................................................................................3
⚙ 2.1 Fetch and Display .............................................................................................................................................................. 3
⚙ 2.2 Filter for Kubernetes Logs .............................................................................................................................................. 3
⚙ 2.3 Add a Field for CloudProvider ....................................................................................................................................... 4
⚙ 2.4 Combine the Fields........................................................................................................................................................... 4
Appendix A: Answer Key ...........................................................................................................................5

2
1. Introduction
This lab will lead you through the creation of a DQL query that returns Kubernetes logs.

1.1 Requirements
You will need a GrailTM enabled Dynatrace environment where Kubernetes is monitored. Log Monitoring must
be enabled with logs ingested.

1.2 Prerequisites
You will need a general understanding of DQL basics. If you have not had experience creating DQL queries,
please review the DQL Basics course here.

2. Build a Query for Kubernetes Logs


For each step, try to use your DQL knowledge to construct the query on your own. An answer key with the
entire query is available at the end.

⚙ 2.1 Fetch and Display


1. Fetch logs from the last two hours.
2. Add a filter to remove logs where the log source (log.source) is null.
3. Display only these fields in the results: timestamp, log.source, content, loglevel
Your results should look something like this:

⚙ 2.2 Filter for Kubernetes Logs


1. Add a filter for the log source as either "eks" or "gke"
2. Run the query to check the results.
3. Modify the filter so it adds a field instead, named "Kubernetes" with a result of "Kubernetes" if the
log source is either "eks" or "gke". Hint: use fieldsAdd and an 'if' statement.
4. Run the query to check the results. How has this changed the logs that are returned?
5. Now modify the query to only return the logs where the Kubernetes field is not null.
The final results should be similar to:

3
⚙ 2.3 Add a Field for CloudProvider
1. Similar to 2.2, use the log.source to determine if the cloud provider is AWS (eks) or GCP (gke) and add
it as a field named "CloudProvider"
2. Remove the log.source field as CloudProvider will be displayed instead.

⚙ 2.4 Combine the Fields


1. Add a new field to combine the fields we added. For example, the new field would read
"Kubernetes on GCP"

2. Add the count of logs based on your new field.


Your final results should be similar to:

4
Appendix A: Answer Key
2.1 Fetch and Display
fetch logs, from:now() - 2h
| filter isNotNull(log.source)
| fields timestamp, log.source, content, loglevel

2.2 Filter for Kubernetes Logs


Add:
| filter log.source == "eks" or log.source == "gke"

Then modify that last line to:


| fieldsAdd Kubernetes = if(log.source == "eks" or log.source == "gke","Kubernetes")

Then add:
| filter isNotNull(Kubernetes )

2.3 Add a Field for CloudProvider


Add these lines:
| fieldsAdd CloudProvider = if(log.source == "eks", "AWS", else: if(log.source == "gke", "GCP"))
| fieldsRemove log.source

2.4 Combine the Fields


Add the line:
| fieldsAdd log.on.cloud = concat(Kubernetes, " on " , CloudProvider)
| summarize total=count(), by: log.on.cloud

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy