TechQA.

How to find which pod is taking more data ingestion in AKS cluster using kql query?

757 views Asked by At

I am trying to figure out which pod is producing more billable data ingestion in AKS for log analytics.

I tried several queries and I found only a query that checks the particular node

Is there any query to check the whole pod data ingestion per namespace to find out billable data ingestion?

Thank you?

azure-aks kql azure-log-analytics data-ingestion
Original Q&A
1

There are 1 answers

0
RahulKumarShaw On

The default query shows logs per container, and not per pod as you would expected from a Kubernetes-specific logging system.

You can use below KQL query in Log Analytics Workspace -> View Designer -> click on logs button in the header->Logging AKS Test->Container Log.

let startTimestamp = ago(1h);
KubePodInventory
| where TimeGenerated > startTimestamp
| project ContainerID, PodName=Name
| distinct ContainerID, PodName
| join
(
    ContainerLog
    | where TimeGenerated > startTimestamp
)
on ContainerID
// at this point before the next pipe, columns from both tables are available to be "projected". Due to both 
// tables having a "Name" column, we assign an alias as PodName to one column which we actually want
| project TimeGenerated, PodName, LogEntry, LogEntrySource
| order by TimeGenerated desc

For more information please refer this Document

Related Questions in AZURE-AKS

Related Questions in KQL

Related Questions in AZURE-LOG-ANALYTICS

Related Questions in DATA-INGESTION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions