On detecting unusual symptoms in the charts, operators can look into Cloud Logging (documentation) to find clues of it in the log messages. Filtering lets you identify relevant logs, and logs can be exported from Cloud Logging to “sinks” for long-term storage.
You can access Cloud Logging by selecting Logging from the GCP navigation menu. This brings up the Logs Viewer interface:
The Logs Viewer allows you to view logs emitted by resources in the project using search filters provided. The Logs Viewer lets you select standard filters from pulldown menus.
An example: server logs
To view all container logs emitted by pods running in the default namespace, use the Resources and Logs filter fields (these default to Audited Resources and All logs):
- For the resource type, select GKE Container -> cloud-ops-sandbox -> default
- For the log type, select server
The Logs Viewer now displays the logs generated by pods running in the default namespace:
Another example: audit logs
To see logs for all audited actions that took place in the project during the specified time interval:
- For the resource type, select Audited Resources > All services
- For the log type, select** All logs**
- For the time interval, you might have to experiment, depending on how long your project has been up.
The Logs Viewer now shows all audited actions that took place in the project during the specified time interval:
Audit logs contain the records of who did what. For long-term retention of these records, the recommended practice is to create exports for audit logs. You can do that by clicking on Create Sink:
Give your sink a name, and select the service and destination to which you will export your logs. We recommend using a less expensive class of storage for exported audit logs, since they are not likely to be accessed frequently. For this example, create an export for audit logs to Google Cloud Storage.
Click Create Sink. Then follow the prompts to create a new storage bucket and export logs there: