I don’t know how k8s works; but if there is a way to execute just one command in a container and then exit out of it like chroot; wouldn’t it be possible to just use xargs with a list of the container names?

Since you are talking about pods, you are obviously emitting all your logs on stdout and stderr, and you have of course also labeled your pods nicely, so grepping all 36 pods is as easy as kubectl logs -l <label-key>=<label-value> | grep <search-term>

This is what I was thinking. And you can’t really graph out things over time on a graph which is really critical for a lot of workflows.

I get that Splunk and Elastic or unwieldy beasts that take way too much maintenance for what they provide for many orgs but to think grep is replacement is kinda crazy.

Just write a bash script to loop over them.

Stern has been around for ever. You could also just use a shared label selector with kubectl logs and then grep from there. You make it sound difficult if not impossible, but it’s not. Combine it with egrep and you can pretty much do anything you want right there on the CLI

for X in $(seq -f host%02g 1 9); do echo $X; ssh -q $X “grep the shit”; done

:)

But yeah fair, I do actually use a big data stack for log monitoring and searching… it’s just way more usable haha

You can run the logs command against a label so it will match all 36 pods

Let me introduce you to syslogd.

But well, it’s probably overkill, and you almost certainly just need to log on a shared volume.

That’s why tmux has synchronize-panes!