LinuxCommandLibrary

kubetail

Tail logs from multiple Kubernetes pods

TLDR

Tail the logs of multiple pods (whose name starts with "my_app") in one go

$ kubetail [my_app]
copy

Tail only a specific container from multiple pods
$ kubetail [my_app] [[-c|--container]] [my_container]
copy

To tail multiple containers from multiple pods
$ kubetail [my_app] [[-c|--container]] {my_container_1] [[-c|--container]] {my_container_2]
copy

To tail multiple applications at the same time separate them by comma
$ kubetail [my_app_1],[my_app_2]
copy

SYNOPSIS

kubetail <pod_name_regex> [-n <namespace>] [-l <label_selector>] [-j <container_name>] [-s <since_time>] [-c <lines>] [--grep <regex>] [--exclude <regex>] [--no-color] [--timestamps] [<options>]

PARAMETERS

<pod_name_regex>
    A regular expression to match pod names. If no regex is provided, it typically lists available pods or requires a selector.

-n, --namespace <namespace>
    Specify the Kubernetes namespace to search for pods. Defaults to the current active namespace.

-l, --selector <label_selector>
    A Kubernetes label selector (e.g., 'app=my-app,env=prod') to filter pods. Can be used instead of or in conjunction with a pod name regex.

-j, --container <container_name>
    Specify a specific container name within the pods to tail logs from. Useful for multi-container pods.

-s, --since <since_time>
    Retrieve logs older than a specific duration (e.g., '1h', '5m', '30s') or from an absolute timestamp.

-c, --lines <lines>
    Show only the last N lines of logs from each pod. Similar to 'tail -n'.

--grep <regex>
    Filter log lines, showing only those that match the specified regular expression.

--exclude <regex>
    Filter log lines, excluding those that match the specified regular expression.

--no-color
    Disable colorized output. By default, kubetail colors logs per pod/container.

--timestamps
    Show timestamps in the log output. This can be combined with kubectl's timestamp option for full timestamps.

--skip-older-than <duration>
    Skip pods that haven't produced logs in the specified duration (e.g., '1h', '10m').

--follow, -f
    Follow new logs as they are written. This is the default behavior and doesn't usually need to be specified.

--tail <lines>
    An alias for --lines.

DESCRIPTION

kubetail is a powerful command-line utility designed to simplify log monitoring for Kubernetes users.
Unlike the standard kubectl logs command which typically focuses on a single pod or container, kubetail allows you to aggregate and follow logs from multiple Kubernetes pods and containers simultaneously. This is particularly useful in microservice architectures where an application might be composed of many replicated pods or interdependent services spread across a namespace.

The tool works by leveraging the underlying kubectl logs -f command for each matching pod and then interleaving their output into a single, consolidated stream. It intelligently colors the output based on the pod or container name, making it easy to distinguish logs from different sources. kubetail supports powerful filtering capabilities, including regular expression matching to include or exclude specific log lines, and time-based filtering to retrieve logs from a specific period. It significantly enhances the debugging and operational visibility experience within a Kubernetes cluster by presenting a unified log view, eliminating the need to manually switch between multiple terminal windows or run complex scripts.

CAVEATS

kubetail is not a native Linux command or part of the standard kubectl distribution. It is an external shell script that must be installed separately. It relies heavily on kubectl being installed and configured correctly to connect to a Kubernetes cluster.
While powerful, tailing logs from a very large number of pods simultaneously can consume significant resources on the client machine and may overwhelm the terminal output without proper filtering. Its functionality is essentially a wrapper around multiple concurrent kubectl logs -f calls.

INSTALLATION

kubetail is typically installed via package managers like Homebrew (brew install kubetail) on macOS, or through the kubectl plugin manager krew (kubectl krew install tail, note that krew's plugin is called tail).
Alternatively, the shell script can be downloaded directly from its GitHub repository and placed in your system's PATH.

COMMON USAGE PATTERNS

Beyond basic regex matching, kubetail is frequently used with label selectors (kubetail -l app=my-service) to target specific deployments. For debugging, combining with --since (e.g., kubetail my-app -s 5m --grep "ERROR") helps narrow down recent issues.
The automatic colorization significantly aids in distinguishing logs from different replicas or services within a single view.

HISTORY

kubetail was created by Johan Haleby and quickly gained popularity within the Kubernetes community due to its intuitive approach to a common problem: distributed log monitoring. It was developed as a simple yet effective shell script to address the limitations of kubectl logs for multi-pod deployments.
Its open-source nature allowed it to be adopted and improved upon by contributors. While not an official Kubernetes project, it has become a de facto standard tool for many developers and operations teams and is often distributed via package managers like Homebrew or through the kubectl plugin manager krew, signifying its widespread adoption and utility.

SEE ALSO

kubectl(1), tail(1), grep(1), less(1)

Copied to clipboard