Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Google Cloud Platform (GCP) Kubernetes Engine data connector allows you to monitor containerized applications, track performance metrics, and detect potential threats across your GKE environment.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | SecurityInsights |
| Basic log | Yes |
| Ingestion-time transformation | No |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| AuditID | string | An identifier used for tracking the audit trail of the request. |
| _BilledSize | real | The record size in bytes |
| ClusterName | string | Name of the GKE cluster from which the log originated. |
| ComponentLocation | string | Location or zone of the component (e.g., us-central1-a) within the cluster. |
| ComponentName | string | Name of the component or microservice generating the log (e.g., kube-apiserver). |
| ComputeResourceName | string | Name of the compute resource (e.g., VM instance) related to the log entry. |
| HttpVerb | string | The HTTP method used in the request (e.g., GET, POST). |
| InsertId | string | A unique identifier for the log entry, used to deduplicate log records. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| Labels | dynamic | Dynamic field containing various labels associated with the log entry. |
| Latency | string | Request latency duration (e.g., time taken to complete the request). |
| Location | string | Geographical region or zone of the GKE cluster or resource. |
| LogName | string | The full resource name of the log to which this log entry belongs, typically includes project and log type. |
| Message | string | The content of the log message. |
| Pid | string | Process ID associated with the log entry, if available. |
| ProjectID | string | Google Cloud project ID associated with the log entry. |
| Protocol | string | The protocol used for the request, such as HTTP. |
| ReceiveTimestamp | datetime | The timestamp when the log entry was received by the logging system. |
| ResponseCode | int | HTTP status code returned in the response (e.g., 200, 403). |
| Severity | string | The severity level of the log (e.g., INFO, WARNING, ERROR). |
| SourceFile | string | The source file where the log was generated, if available from sourceLocation. |
| SourceLine | string | The line number in the source file where the log was generated. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| SrcIP | string | Source IP address of the client making the request. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp indicating when the log event was created or generated by the source system |
| Type | string | The name of the table |
| URI | string | The requested URI path extracted from the log message. |
| UserAgent | string | The user agent string from the client that made the request. |