Splunk Search

Get source logs from pod

jocteau
New Member

Hello,

I'm really a newbie with Splunk and just started to use it.
First, can someone recommend me good tutorials about Splunk?

And second, we have Splunk logging our whole infrastructure (jobs failing, crons, daemons, API calls etc...). I already set up  a dashboard to monitor everything. But now I would like to be able to get the whole output of a "pod".
For example: 

Screen Shot 2021-02-10 at 5.14.07 PM.png

I would like to get the same output as when I click on `Event Actions > Show Source` but only for the pod:
`cron-prod-campaignactivator-1612980360-49zss`.
How would look like my query? 

Thank you in advance,
Jeremy

Labels (1)
0 Karma

bowesmana
SplunkTrust
SplunkTrust

your query would be

index=eks sourcetype=fluent pod=cron-prod-campaignactivator-1612980360-49zss
| table _raw

Is that what you want to see?

As far as Splunk tutorials go, have a look at Splunk fundamentals 1 free course

https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html

 

jocteau
New Member

Hi Bowesmana!

when I try to run this query, I sadly don't get any results, should I run it in a different place?

Screen Shot 2021-02-11 at 1.30.32 PM.png

 

0 Karma

bowesmana
SplunkTrust
SplunkTrust

@jocteau 

Your original post, and my reply show the index value as eks. Looks like you have a typo, as you have put

index=ek

 

0 Karma
Get Updates on the Splunk Community!

Index This | What did the zero say to the eight?

June 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...