Exclude 5 Namespaces

Exclude logs from 5 namespaces in 5 minutes.

  2 minute read  

Overview

In a large enterprise that uses Kubernetes for orchestrating its multiple services there may be several namespaces created for different environments and purposes. You may want to monitor the log information from active development, testing, and production environments closely to ensure stability and rapid issue resolution. However, for cost efficiency, compliance, or security reasons, you may choose not to ingest logs from certain namespaces that are not critical to immediate operations or contain sensitive data that should not be stored or analyzed in the log management system. For example, suppose you want to exclude the following namespaces from having their logs ingested:

  • dev-sandbox
  • qa-released
  • security-audit
  • training
  • backup

To do this, you would need to configure your Kubernetes Input node to exclude logs from those namespaces, while ingesting logs from all others.

Note, you should only have one Kubernetes Input node per cluster to ensure that the logs you dont want are not ingested by the other node.

Prerequisites

To configure which namespaces to monitor and not to monitor, you need an Edge Delta account with an agent configuration that already contains a Kubernetes Input node. This is the configuration in which you will configure the Kubernetes Input node. For example, the default configuration contains a Kubernetes Input node.

Configure the Kubernetes Input

You specify which namespace to exclude using the component identifier k8s.namespace.name=

  1. In the Edge Delta App, click Pipelines, and then click Pipelines.
  2. Select the pipeline you want to edit.
  3. Click Edit Mode.
  4. Double-click the Kubernetes Input node
  1. Enter the following text in the Kubernetes Exclude field and press Enter.
k8s.namespace.name=dev-sandbox
  1. Repeat the previous step for each of the following namespaces:
k8s.namespace.name=qa-released 

k8s.namespace.name=security-audit 

k8s.namespace.name=training 

k8s.namespace.name=backup
  1. Click OK
  2. Click Review Changes.
  3. Click Deploy Changes.

Logs from the configured namespaces will no longer be ingested.