Exclude 5 Namespaces

Exclude logs from 5 namespaces in 5 minutes.

  2 minute read  

Overview

In a large enterprise that uses Kubernetes for orchestrating its multiple services there may be several namespaces created for different environments and purposes. You may want to monitor the log information from active development, testing, and production environments closely to ensure stability and rapid issue resolution. However, for cost efficiency, compliance, or security reasons, you may choose not to ingest logs from certain namespaces that are not critical to immediate operations or contain sensitive data that should not be stored or analyzed in the log management system. For example, suppose you want to exclude the following namespaces from having their logs ingested:

  • dev-sandbox
  • qa-released
  • security-audit
  • training
  • backup

To do this, you configure your Kubernetes source node to exclude logs from those namespaces, while ingesting logs from all others.

Note: You should only have one Kubernetes source node per cluster to ensure that the logs you don’t want are not ingested by the other node.

Prerequisites

To configure which namespaces to monitor and not to monitor, you need an Edge Delta account with a Pipeline configuration that already contains a Kubernetes source node. This is the configuration in which you will configure the Kubernetes source node. For example, the default configuration contains a Kubernetes source node.

Configure the Kubernetes Source

You specify which namespace to exclude using the component identifier k8s.namespace.name=

  1. In the Edge Delta App, click Pipelines.
  2. Select the fleet you want to edit and click View/Edit Pipeline.
  3. Click Edit Mode.
  4. Double-click the Kubernetes source node
  1. Paste the following values in the Kubernetes Exclude field one at a time.
k8s.namespace.name=dev-sandbox
  1. Repeat the previous step for each of the following namespaces:
k8s.namespace.name=qa-released

k8s.namespace.name=security-audit

k8s.namespace.name=training

k8s.namespace.name=backup
  1. Click Save Changes
  2. Click Review Changes.
  3. Click Save Changes.

Logs from the configured namespaces will no longer be ingested.