Logs from EKS cluster

The PetAdoptions EKS Logs are collected by the fluentd daemonset running in the EKS nodes. The CloudWatch log groups that we will be interacting with today were automatically created by Container Insights when it was configured. They are appear in the console with the following syntax:

  • /aws/containerinsights/*cluster-name*/application
  • /aws/containerinsights/*cluster-name*/dataplane
  • /aws/containerinsights/*cluster-name*/host
  • /aws/containerinsights/*cluster-name*/performance
  1. In the AWS Management Console on the Services menu, click CloudWatch.
  2. In the left navigation menu under Logs, click on Log groups.
  3. In the Filter log groups search bar, type in petsite.

EKS Metrics

  1. Click on the log group that ends with performance.

This will take you to a page that shows you the different log streams within the log group.

  1. Select the first log stream by clicking the name.

You should see performance logs originating from the node.

  1. Type CloudWatchMetrics (case sensitive) into the Filter events search box.

  2. Click on an arrow from the first column in the table to expand a log.

Along with the performance log data, you will also see that there are metrics present in Embedded Metric Format.

Visit the Embedded Metric Format (EMF) module if you would like to learn more about EMF.

Your screen should look similar to the screen shot below. From here you can view and analyze the metric log data.

EKS Metrics

Using Logs Insights to query log data

CloudWatch Logs Insights supports a query language that you can use to perform queries on your log groups.

Visit the Logs Insights module for a deeper dive on this topic.

  1. In the left navigation menu under Logs, click on Insights.
  2. Click the select log group(s) search/drop down and type petsite.
  3. Select the log group /aws/containerinsights/PetSite/application.
  4. Delete the query that is already in the query editor and copy and paste in the following query:
fields @timestamp, @message
| filter @message like 'puppy'
| sort @timestamp desc
| limit 200

Running the query above returns log data that contains the string puppy in the log message.

EKS LogInsightsQuery

This concludes this section. You may continue on to the next section.