Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Google Cloud Platform (GCP) Kubernetes Engine data connector allows you to monitor containerized applications, track performance metrics, and detect potential threats across your GKE environment.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | SecurityInsights |
| Basic log | Yes |
| Ingestion-time transformation | No |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| ApfAdditionalLatency | string | Additional latency due to APF throttling. |
| ApfExecutionTime | string | Time taken to execute the request excluding APF wait time. |
| ApfFs | string | APF Flow Schema. |
| ApfFSeats | int | Final number of seats used after adjustments. |
| ApfISeats | int | Number of seats initially allocated by APF. |
| ApfPl | string | API Priority and Fairness (APF) Priority Level. |
| AuditID | string | Unique identifier for the audit log entry. |
| _BilledSize | real | The record size in bytes |
| ClusterName | string | Name of the Kubernetes cluster. |
| ComponentLocation | string | Region or zone where the API server is located. |
| ComponentName | string | Name of the GKE component generating the log (typically apiserver). |
| ComputeResourceName | string | Name of the compute instance or pod. |
| HttpVerb | string | HTTP method (e.g., GET, POST, PUT, DELETE). |
| InsertId | string | Unique ID for the log entry used to prevent duplication. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| Labels | dynamic | Dynamic field containing various labels associated with the log entry. |
| Latency | string | Total time taken to serve the request. |
| Location | string | GCP region or zone. |
| LogName | string | Name of the log stream, usually indicating the source. |
| Message | string | The content of the log message. |
| Pid | string | Process ID that generated the log entry. |
| ProjectID | string | GCP project ID where the GKE cluster resides. |
| Protocol | string | Protocol used for the request (e.g., HTTP/1.1). |
| ReceiveTimestamp | datetime | Timestamp when GCP Logging received the log. |
| ResponseCode | int | HTTP response status code. |
| Severity | string | Log severity level (e.g., INFO, WARNING, ERROR). |
| SourceFile | string | Source file in the API server codebase where the log originated. |
| SourceLine | string | Line number in the source file. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| SrcIP | string | Source IP address of the client that sent the request. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp indicating when the log event was created or generated by the source system. |
| Type | string | The name of the table |
| URI | string | Full URI of the API request to the Kubernetes API server. |
| UserAgent | string | The User-Agent string sent with the request. |