Kubernetes Pods LogSource Configuration
Last updated - 29 October, 2025
LogSource is a LogicModule that provides templates to help you enable LM Logs and configure log data collection and forwarding. LogSource contains details about which logs to get and where to get them, and which fields should be considered for parsing. LogSource is available for common sources of log data.
LogicMonitor enables you to configure filter logic for how the system ingests an event based on filters that match the AND or OR operator.
Requirements for Configuring Kubernetes Pods LogSource
To configure Kubernetes Pods LogSource, you need the following:
- The Kubernetes Pods LogSource type uses the LM Collector. When using the LM Collector with LogSource, the LM Collectors installed in your infrastructure must be version EA 31.200 or later. For information on how to upgrade a collector, see Managing Collectors.
- To use the
ORoperator for filters, install EA Collector 38.500 or later on your machine. For more information, see Adding Collector.
Configuration Options
The following describes configuration details specific to the Kubernetes Pods type of LogSource. For general information on how to add a LogSource, see Configuring a LogSource.
Include Filters
You can toggle the Use OR Instead of AND switch to evaluate filters using the AND or OR operator. By default, the Use OR Instead of AND switch is disabled. You can evaluate filters using any of the following operators:
ANDoperator—Filters are evaluated using theANDoperator. The system ingests an event when it matches all specified filters.ORoperator—Toggle the Use OR Instead of AND switch to evaluate filters using theORoperator. The system ingests an event when it matches at least one filter.
You can add filters to include resources of certain types, for example an application. The output matching the filter criteria is forwarded to the log ingestion process.
Available parameters
| Attributes | Comparison operator | Value example |
| Message | Equal, NotEqual, Contain, NotContain, RegexMatch, RegexNotMatch. | Regular expression |
Log Fields
You can configure Log Fields (tags) to send additional metadata with the logs.
Available parameters
| Method | Key example | Value example | Description |
| Static | “Customer” | “Customer_XYZ” | |
| Dynamic(REGEX) | “Host” | “host=*” | The query will run on the message field. |
| LM Property(Token) | “Device” | “##system.deviceId##” | |
| Dynamic Group Regex | “Scheme, Login” | “(https*):\/\/([]a-z]+)” | The query runs on the message field and captures the first group value from Regex. The keys for Dynamic Group Regex can be added as a comma-separated list and values are read from the same number of groups. For the Key and Value example provided in this table, the regex results in metadata for key and value, which is, Scheme and Login. For example, The URL: https://admin:[email protected]/lm/apps/agent/mfsagent:e1?status=Up Scheme: https Login: (username extracted from the message) Note: The Dynamic Group Regex method for log fields is available in EA Collector 36.100 and later versions. |
Example
Configuration example for a Kubernetes Pods type of LogSource.
Basic Information
- Name: Kubernetes_Pods
- Description: Data collection for pod logs from monitored Kubernetes clusters.
- AppliesTo (custom query): system.devicetype == “8”
- Type: LM Logs: Kubernetes Pods
- Group: Kubernetes
