LinuxCommandLibrary

kubectl-logs

Fetch container logs in Kubernetes

TLDR

Show logs for a single-container pod

$ kubectl logs [pod_name]
copy

Show logs for a specified container in a pod
$ kubectl logs [[-c|--container]] [container_name] [pod_name]
copy

Show logs for all containers in a pod
$ kubectl logs --all-containers=[true] [pod_name]
copy

Stream pod logs
$ kubectl logs [[-f|--follow]] [pod_name]
copy

Show pod logs newer than a relative time like 10s, 5m, or 1h
$ kubectl logs --since [relative_time] [pod_name]
copy

Show the 10 most recent logs in a pod
$ kubectl logs --tail [10] [pod_name]
copy

Show all pod logs for a given deployment
$ kubectl logs [[deploy|deployment]]/[deployment_name]
copy

SYNOPSIS

kubectl logs [options] POD | TYPE/NAME [container]

PARAMETERS

-f, --follow
    Follow log output in real-time, streaming new entries as they arrive.


-p, --previous
    Show logs from the previous terminated instance of the container.


-c, --container=string
    Target a specific container in multi-container pods.


--all-containers=bool
    Dump logs from all containers in the pod, prefixed by name.


--limit-bytes=int
    Maximum bytes read per log line (0 for unlimited).


--timestamps=bool
    Prepend timestamps to each log line.


--since=duration
    Logs newer than duration (e.g., 5s, 2m, 3h).


--since-time=timestamp
    Logs after ISO8601 timestamp (e.g., 2023-01-01T00:00:00Z).


--tail=int
    Lines from end of logs (-1 for all, default).


-n, --namespace=string
    Specify namespace (default current).


-l, --selector=string
    Selector for multiple pods (logs aggregated).


-v, --v=level
    Increase verbosity (0-9).


DESCRIPTION

kubectl logs is a powerful Kubernetes command-line tool for fetching logs from pods and containers, essential for debugging and monitoring applications in a cluster.

It retrieves stdout and stderr streams from container runtimes like Docker or containerd. Users specify a pod name, optionally a container if the pod has multiple, and flags to filter or format output. Common use cases include real-time log tailing during troubleshooting, reviewing crash logs from previous container instances, or limiting output for large logs.

The command integrates seamlessly with Kubernetes namespaces and selectors, supporting resource types beyond pods like deployments via TYPE/NAME. Logs are aggregated from the node's kubelet, respecting pod security contexts. It's non-interactive by default but supports streaming with -f.

Requires valid kubeconfig and cluster permissions (get logs RBAC). Output can be piped to tools like grep or jq for analysis. Ideal for DevOps workflows, CI/CD pipelines, and operational dashboards.

CAVEATS

Requires cluster read access (logs verb). Init container logs only if named. No support for privileged containers without RBAC. Logs rotate; old data may be lost. Performance impact on large clusters with -f.

EXAMPLES

kubectl logs my-pod - Basic pod logs.
kubectl logs -f -c app my-pod - Follow app container.
kubectl logs -p my-pod - Previous instance.
kubectl logs --tail=100 my-pod - Last 100 lines.
kubectl logs -l app=myapp -n prod - Multi-pod selector.

OUTPUT PIPING

Combine with Unix tools: kubectl logs my-pod | grep ERROR or kubectl logs my-pod --timestamps | jq .

HISTORY

Debuted in Kubernetes v0.1 (2014), stabilized in v1.0 (2015). Enhanced with selectors in v1.18, timestamps in v1.19. Actively maintained by CNCF Kubernetes SIG-CLI.

SEE ALSO

kubectl describe(1), kubectl exec(1), kubectl port-forward(1), journalctl(1), docker logs(1)

Copied to clipboard