In this article, I will walk through how to fetch the Kubernetes container events from Azure Log Analytics.
Assumption:
The Azure Kubernetes Service is already set with the Log Analytics workspace.
Background:
In current project the microservice application deployed in AKS pod had high restart count.
Information:
 Usually if we setup and install, the Kuberentes in local, we can list the events of the container using 
<pre><code>kubectl get events
</code></pre> In Azure AKS containers the events are shipped to the Log Analytics Workspace.
Viewing the Container events
<ul>
<li>From portal, navigate to <code>Log Analytics Workspace</code> and select configured workspace.</li>
<li>From the Queries listed, select the <code>Containers</code> option, pick the <code>Kubernetes Events</code> and click the <code>run</code> button</li>
<li>Once the Query editor is opened up, include the query below and the result provides the list of events over time.</li>
</ul>
<pre><code>// Kubernetes events 
// Lists all the Kubernetes events. 
KubeEvents
| where TimeGenerated &gt; ago(2d) 
| where not(isempty(Namespace))
| where Namespace contains "namespace-of-aks-to-fetch-event"
| where Name contains "pod-name" //pod or deployment name 
| top 200 by TimeGenerated desc
</code></pre><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1642484607736/D6XOSfkBS.png" alt="image.png" />
The query can be tweaked per requirement.

In this article, I will walk through how to fetch the Kubernetes container events from Azure Log Analytics.

**Assumption:**

The Azure Kubernetes Service is already set with the Log Analytics workspace.

**Background:**
In current project the microservice application deployed in AKS pod had high restart count.

**Information:**
  Usually if we setup and install, the Kuberentes in local, we can list the events of the container using 
```
kubectl get events
```

 In Azure AKS containers the events are shipped to the Log Analytics Workspace.

**Viewing the Container events**


-  From portal, navigate to `Log Analytics Workspace` and select configured workspace.
-  From the Queries listed, select the `Containers` option, pick the `Kubernetes Events` and click the `run` button
- Once the Query editor is opened up, include the query below and the result provides the list of events over time.

```
// Kubernetes events 
// Lists all the Kubernetes events. 
KubeEvents
| where TimeGenerated > ago(2d) 
| where not(isempty(Namespace))
| where Namespace  contains "namespace-of-aks-to-fetch-event"
| where Name contains "pod-name"  //pod or deployment name 
| top 200 by TimeGenerated desc
```

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1642484607736/D6XOSfkBS.png)

The query can be tweaked per requirement.

Fetching Azure Kubernetes Service (AKS) Events from Azure Log Analytics Workspace

An active learner... tech enthusiast.. Software developer lead..
