Kubernetes

k8s

Fetches pod logs using the kubectl CLI. Requires kubectl to be installed and configured on the machine running Cruncher.

Params

binaryLocation string

Path to the kubectl binary. Defaults to "kubectl" (resolved from PATH).

context string

The kubectl context to use (e.g. my-cluster). If omitted, the current context in ~/.kube/config is used.

namespace string

The Kubernetes namespace to query. Defaults to "default".

podFilter string

A substring filter applied to pod names when listing pods. Only pods whose name contains this string will be shown and queried.

podOverride object

Per-pod overrides. Keyed by pod name.

messageFieldName - The field to use as the display message for that pod’s logs. Useful when a pod emits JSON logs with a non-standard message key.

Example:

podOverride:
  my-pod-7d9f8b6c4-xk2pq:
    messageFieldName: message

logPatterns array

A list of regex patterns used to extract structured fields from log lines.

Each entry has the form:

- name: <pattern_name>
  pattern: <regex>
  applyTo: [pod-name]
  exclude: [pod-name]
  applyToAll: false
  messageFieldName: <field_name>

name - A human-readable name for this pattern.
pattern - A regex with named capture groups (e.g. (?P<level>[^ ]+)). Captured groups become log fields.
applyTo - List of pod names to apply this pattern to.
exclude - List of pod names to exclude from this pattern.
applyToAll - If true, applies to all pods regardless of applyTo.
messageFieldName - Which captured field to use as the display message.

Output Fields

Each log entry emits the following fields:

Field	Description
`_time`	Timestamp of the log line
`_raw`	Original log line (with ANSI codes)
`ansi_free_line`	Log line with ANSI codes stripped
`pod`	Pod name
`podNamespace`	Kubernetes namespace
`container`	Container name within the pod
`phase`	Pod phase (`Running`, `Succeeded`, etc.)
(captured groups)	Any named capture groups from `logPatterns`

Controller Params

The following dropdowns are available in the Cruncher UI to filter results:

Param	Description
`pod`	Filter by pod name
`namespace`	Filter by namespace
`container`	Filter by container name
`phase`	Filter by pod phase

Notes

kubectl logs does not support --until-time, so the toTime bound is enforced in-process by filtering log timestamps after fetching.
Multi-container pods: each container is queried independently and results are merged in timestamp order.

Examples

Minimal Configuration

profiles:
  default:
    connectors: [k8s]

connectors:
  - name: k8s
    type: k8s
    params: {}

Config with log patterns

profiles:
  default:
    connectors: [k8s]

connectors:
  - name: k8s
    type: k8s
    params:
      context: my-cluster # kubectl context name
      namespace: production
      podFilter: backend # only show pods whose name contains "backend"

      podOverride:
        backend-7d9f8b6c4-xk2pq: # a pod with JSON logs using "message" as the text field
          messageFieldName: message

      logPatterns:
        - name: json-logs
          pattern: '^\{.*\}$'
          applyToAll: true # parse JSON fields from all pods
          messageFieldName: msg

        - name: nginx-access
          pattern: '^(?P<client_ip>[^ ]+) - - \[(?P<time>[^\]]+)\] "(?P<method>[A-Z]+) (?P<path>[^ ]+) [^"]+" (?P<status>\d+) (?P<bytes>\d+)'
          applyTo:
            - frontend-864b9c5d5d-plbhd # apply only to this pod
          messageFieldName: path

🐳

Docker

docker

Query container logs directly from Docker — for local or single-host container workloads