Skip to main content
Sumo Logic

Lab 3 - Using the Kubernetes App for Investigations

Learn  about our new Dashboards (Beta), learn how to edit existing dashboards, and create new ones that can be stack linked for future investigations

Getting Started

With the use of out-of-the-box dashboards installed with our Kubernetes app, the Explore view gives us the ability to traverse the hierarchy and do cross signal correlation across the Kubernetes environment. In this lab, you will be familiarized with our new Dashboards (Beta), learn how to edit existing dashboards, and create new ones that can be stack linked for future investigations.

Examine an existing dashboard

Dashboard (Beta) is a unique framework that allows you to view logs and metrics data on the same dashboard in an integrated and seamless view. This gives you the same control over how your metrics and log data are visualized. 

  1. First let’s open an Explore tab. On the Home page, click +New.

  2. Select Explore.
    Screen Shot 2019-09-04 at 11.28.44 PM.png

  3. Change your view to the deployment view, under Explore By, click Kubernetes Service View.

  4. Select Kubernetes Deployment View.

  5. Let’s expand down to a particular dashboard, click prod01.travellogic.info 

  6. Click prod-loggen.
    Screen Shot 2019-09-04 at 11.31.00 PM.png

    Notice that as you clicked on the Explore left navigation pane, that the dashboards have been changing. Let's find out why this happens.

  7. Take a look at our Google apps deployment dashboard, click googleapps.

    Screen Shot 2019-09-04 at 11.40.59 PM.png

  8. At the top of the dashboard. There is a grayed-out section under the Dashboard's name. You will see cluster prod01.travellogic.info, namespace prod-loggen, and deployment googleapps. This section captures and displays the path you traversed to in the hierarchy, using the left navigation pane.

    Screen Shot 2019-09-04 at 11.45.01 PM.png

    These are all key value pairs (aka metadata) that have been passed to the Dashboard (Beta), acting as filters controlling what the dashboards displays. Our Dashboards (Beta) are completely customizable to whatever key value pairs you would like to use as filters. You can even trigger off of your own metadata.

  9. Click the lower details icon at the top right of the dashboard and Select Open in Dashboards (Beta).

    Screen Shot 2019-09-08 at 12.51.19 PM.png


    The dashboard we had just navigated to, called Kubernetes - Deployment Overview, will open in a Dashboard (Beta) tab.

    Dashboard.png
    This Dashboard (Beta) is what generated the deployment dashboard that we were just in the Explore tab. The way that it works, is that you can link dashboards to your stack by specifying them. This dashboard has been linked to any deployment. 

Create a Dashboard

Now that you are familiar with the concept of Dashboard (Beta), let’s create our own.

  1. To open a new Dashboard (Beta), on the Home page, click + New.
  2. Select Dashboard from the drop-down list.
  3. Now let’s add a time series panel. Click Add Panel and select Time Series.

    Screen Shot 2019-09-05 at 12.24.54 AM.png

  4. At the metrics window in the From, enter deployment=googleapps.

  5. Click enter.

    Screen Shot 2019-09-05 at 12.26.41 AM.png

  6. Where it says get metric, enter container_cpu_usage_seconds_total.

    Screen Shot 2019-09-05 at 12.27.30 AM.png

  7. Next we will need to select a type of aggregation. Let’s select average. Click no aggregation and select avg from the dropdown menu.
    Screen Shot 2019-09-05 at 12.27.39 AM.png

  8. To edit the title of the dashboard panel, on the top left, click Chart, then on the far right click the gear icon, .

  9. Name the chart, Chart Title Total CPUs Used.

  10. Click Add to Dashboard.

  11. Let’s repeat the steps, but this time create a memory monitoring panel.

  12. Now let’s add a time series panel. Click Add Panel and select Time Series.
    Screen Shot 2019-09-05 at 12.24.54 AM.png

     

  13. At the metrics window in the From, enter deployment=googleapps.

  14. Click enter.

  15. Where it says get metric, enter container_memory_usage_bytes.

  16. Next we will need to select a type of aggregation. Let’s select average. Click no aggregation and select avg from the dropdown menu.

    Screen Shot 2019-09-05 at 12.27.39 AM.png

  17. To edit the title of the dashboard panel, on the top left, click Chart, then on the far right click gear icon,

  18. Name the chart, under Chart Title, type Memory Bytes Used.

    Screen Shot 2019-09-05 at 12.37.08 AM.png

  19. Click Add to Dashboard.

    Screen Shot 2019-09-05 at 12.37.15 AM.png

  20. Let’s save it to our personal workspace folder and give it an identifiable name. Click save icon, .

  21. In the popup window, under Name, enter Googleapp Deployment Stats.

  22. Next you will save to your personal folder. Personal is selected by default, but if not highlighted, select Personal.

  23. At the bottom of the Save Item popup, click Save As.

    Screen Shot 2019-09-05 at 12.37.26 AM.png

  24. You will see the completed Dashboard called Googleapp Deployment Stats with the two time series panels monitoring aspects of CPU and Memory.

Searching using the Structured Query Builder in Dashboards (Beta)

Now that you are familiar with the concept of creating a Dashboard (Beta), let’s use metrics to search for Kubernetes information.

  1. To open a new Dashboard (Beta), on the Home page, click + New.
  2. Select Dashboard from the drop-down list.
  3. Now let’s add a time series panel. Click Add Panel and select Honeycomb.

    Screen Shot 2019-09-05 at 12.24.54 AM.png

  4. Let's search for the CPU usage per node for our cluster prod01.travellogic.info. At the metrics window in the From, enter cluster=prod01.travellogic.info.

  5.  Screen Shot 2019-10-07 at 3.11.47 PM.png

  6. At the metrics window in the get metric, enter  node_cpu_utlisation:avg1m

  7. In the Preview Table you will see any queries that matched to your request.

  8. Click on the Chart tab. You will see the visual giving the pods that contained.

Screen Shot 2019-10-07 at 3.17.39 PM.png

Find our more about our new dashboards and possibly Sign up for Dashboards (Beta)

Apply Stack Linking

Stack linking is a dashboard level setting that you can use to attach metadata that describes what type of content you are showing on your dashboard. It allows you to attach the dashboard to components that show-up in the hierarchy in the Explore Tab.

Let’s connect our new dashboard, Googleapp Deployment Stats to the kubernetes stack. Recall in steps 1-13 of this lab, when we clicked on googleapps from the Kubernetes - Deployment View we were placed on the Kubernetes- Deployment Overview dashboard. What if we want it to go to our new Googleapp Deployment Stats dashboard instead? 

Let’s direct it to display the Googleapp Deployment Stats dashboard.

  1. In the Googleapp Deployment Stats dashboard tab, to the left of AddPanel, click the details icon.

  2. Select Create Stack Linking.

    Screen Shot 2019-09-05 at 12.42.25 AM.png

  3. In the Dashboard Stack Linking popup, select Key, type deployment.

  4. Under Value(s), type googleapps.

    Screen Shot 2019-09-05 at 12.42.32 AM.png

     

  5. To save the key value pair, click Apply.

  6. To save the dashboard changes we just did, click save icon.

Screen Shot 2019-09-05 at 4.49.42 PM.png

  1. Now let’s open an Explore tab and navigate to googleapps in the deployment view again, just as we did in the beginning of this lab. Yet this time, we should see our applied stack linking.

  2. First refresh the browser to ensure our Explore tab picks up the newly applied stack linking. Click .

  3. Now let’s open an Explore tab. On the Home page, click +New.

  4. Select Explore.

    Screen Shot 2019-09-05 at 12.42.42 AM.png

  5. Change your view to the deployment view, under Explore By, click Kubernetes Service View.

  6. Select Kubernetes Deployment View.

  7. Let’s expand down to a particular dashboard, click prod01.travellogic.info.

  8. Click prod-loggen.

    Screen Shot 2019-09-05 at 12.42.50 AM.png

  9. Now let’s check the stack linking. Click googleapps.

    Screen Shot 2019-09-05 at 12.43.07 AM.png

  10. At the top in Dashboards, click the drop down arrow and select Googleapp Deployment Stats.

    Screen Shot 2019-09-05 at 12.43.36 AM.png

  11. Your newly created dashboard displays, as it has been stack linked to the googleapps deployment. You have attached the deployment googleapps to your new dashboard.

    Screen Shot 2019-09-05 at 12.43.44 AM.png

Quiz

  1. Traversing the hierarchy on the left of the Explore tab displays different dashboards which come out-of-the-box configured for Kubernetes components.  

  2. Stack linking is a dashboard level setting that allows you to filter which dashboards show up across components in the Explorer tab hierarchy.

  3. I can’t display logs, metrics, and events all in one Explore tab.

Summary

Congratulations! You’ve completed these tasks in Part 3 of the Kubernetes Hands-on Labs:

  1. Analyzed an existing Kubernetes dashboard.
  2. Created a dashboard using Dashboard (Beta).
  3. Using the structured query builder in Dashboard (Beta).
  4. Applied stack linking to a dashboard.