Splunk Search

Are Splunk-metrics needed to search logs for pods?

New Member

Hi,

When I perform any search in Splunk, the left side has Interesting Fields and Selected fields showing a list of the attributes returned.
If I select pod from the Selected fields (currently showing "35" against it), I am shown the top log producing pods in our Kubernetes cluster.

But when I click into the top pod that, according to this, has generated over 100,000 log events today, no results are shown and instead, a message: "No results found. Try increasing the time range".

We have only installed the logging Helm chart, not the metrics one, since this is a daemonset that runs on every node and we only need logging.

Thanks.

0 Karma