PesalaPavan
commented
3 months ago @sheeeng Thanks for your feedback! We will investigate and update as appropriate.
Open sheeeng opened 3 months ago
PesalaPavan
commented
3 months ago @sheeeng Thanks for your feedback! We will investigate and update as appropriate.
sheeeng
commented
3 months ago The default join kind is innerunique, as explained from documentation, but to no avail. No logs were found.
let startTimestamp = ago(7d);
KubePodInventory
| where TimeGenerated > startTimestamp
| project ContainerID, PodName=Name, Namespace
| where PodName contains "eraser-aks-aksdefault" and Namespace startswith "kube-system"
| distinct ContainerID, PodName
| join kind=innerunique
(
ContainerLog
| where TimeGenerated > startTimestamp
)
on ContainerID
// at this point before the next pipe, columns from both tables are available to be "projected". Due to both
// tables having a "Name" column, we assign an alias as PodName to one column which we want
| project TimeGenerated, PodName, LogEntry, LogEntrySource
| summarize by TimeGenerated, LogEntry
| order by TimeGenerated desc
ManoharLakkoju-MSFT
commented
3 months ago @Nickomang Can you please check and add your comments on this doc update request as applicable.
ManoharLakkoju-MSFT
commented
3 months ago @sheeeng Thanks for bringing this to our attention. I'm going to assign this to the document author so they can take a look at it accordingly
CocoWang-wql
commented
1 week ago Hello @sheeeng some information needed:
1.The ages of the eraser pods
2.Do you know the next scanning time? Can you use below commands to check the logs in 10 minutes after eraser pod working. If the logs are returned, let's check in the log analytics workspace.
kubectl logs -n kube-system
I have followed all preceding steps accordingly.
The steps inside
Copy the following query into the table, replacing name with eraser-aks-xxxxx (worker pod name)returns no logs on my side.Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.