BestHub
Sign in
Cloud Native 12 min read

Master Real-Time Kubernetes Logs with Kubetail and Stern

Learn how to efficiently monitor Kubernetes workloads by deploying log agents and using two powerful real‑time log aggregation tools—Kubetail and Stern—including installation steps, usage examples, and detailed command‑line options for filtering, coloring, and exporting logs across multiple pods and containers.

Efficient Ops
Efficient Ops
Efficient Ops
Master Real-Time Kubernetes Logs with Kubetail and Stern

Usually when deploying K8S services, a log system is integrated to monitor service operation. To collect logs, a log collection agent is deployed on each node and sends logs to a centralized storage.

Container log storage methods include:

Standard output (stdout/stderr) – the simplest method but lacks classification and filtering.

Container log files – can be tailed in real time, but requires managing file size and quantity.

Log collectors (Fluentd, Logstash) – aggregate logs from multiple containers, adding configuration complexity.

Log drivers (json-file, syslog) – provided by Docker/Kubernetes to forward logs to remote destinations, also with configuration overhead.

Two highly useful real‑time multi‑container log viewing tools are introduced: Kubetail and Stern .

1. Kubetail

Bash script to tail Kubernetes logs from multiple pods at the same time

Kubetail is a simple shell script that aggregates logs from multiple pods, supports colored output and conditional filtering.

1.1 Installation

Homebrew:

<code># install kubetail using brew
$ brew tap johanhaleby/kubetail && brew install kubetail</code>

Linux:

<code># download and install
$ wget https://raw.githubusercontent.com/johanhaleby/kubetail/master/kubetail
$ chmod +x kubetail
$ cp kubetail /usr/local/bin</code>

zsh plugin:

<code># oh‑my‑zsh
$ cd ~/.oh-my-zsh/custom/plugins/
$ git clone https://github.com/johanhaleby/kubetail.git kubetail
$ vim ~/.zshrc   # add kubetail to plugins
$ source ~/.zshrc</code>

1.2 Usage

Example commands:

<code># show all pods
$ kubectl get pods -n test
# tail logs from two pods
$ kubetail app2
$ kubetail app1,app2
# specify container
$ kubetail app2 -c container1
# use regex
$ kubetail "^app1|.*my-demo.*" --regex
# color options
$ kubetail app2 -k pod
$ kubetail app2 -k line
$ kubetail app2 -k false</code>

Common command‑line flags:

Flag

Meaning

-n

Specify namespace name

-c

Specify container name in a multi‑container pod

-k

Enable colored output (pod, line, false)

-b

Use line‑buffered mode (default false)

-l

Label filter to ignore pod names

-t

Since time (e.g., 5s, 2m, 3h, default 10s)

2. Stern

Multi pod and container log tailing for Kubernetes

Stern, written in Go, aggregates logs from multiple pods and containers with colored output and filtering. It is no longer actively maintained, so use with caution.

2.1 Installation

Homebrew:

<code># install stern
$ brew install stern</code>

Linux:

<code># download and install
$ wget https://github.com/wercker/stern/releases/download/1.11.0/stern_linux_amd64
$ chmod +x stern_linux_amd64
$ mv stern_linux_amd64 /usr/local/bin</code>

zsh plugin:

<code># bash completion
$ brew install bash-completion
$ source <(brew --prefix)/etc/bash-completion
$ source <(stern --completion=bash)
# zsh completion
$ source <(stern --completion=zsh)</code>

2.2 Usage

Example commands:

<code># tail all pods in default namespace
$ stern .
# tail specific container
$ stern app2 --container container1
# specify namespace
$ stern app2 --namespace namespace1
# exclude a container
$ stern --namespace namespace1 --exclude-container container1 .
# tail logs from last 15 minutes
$ stern app2 -t --since 15m
# filter by label across all namespaces
$ stern --all-namespaces -l run=nginx
# select pods by label
$ stern frontend --selector release=canary
# output as JSON and pipe to jq
$ stern backend -o json | jq .
# raw output
$ stern backend -o raw
# custom template
$ stern --template '{{.Message}} ({{.Namespace}}/{{.PodName}}/{{.ContainerName}})' backend
# colored template
$ stern --template '{{.Message}} ({{.Namespace}}/{{color .PodColor .PodName}}/{{color .ContainerColor .ContainerName}})' backend</code>

Common flags:

Flag

Default

Purpose

--container
.*

Container name (regex) when multiple containers in pod

--exclude-container

Container name to exclude (regex)

--container-state
running

Tail containers with given state

--timestamps

Print timestamps

--since

Return logs newer than given duration

--context

Kubernetes context to use

--exclude

Log lines to exclude (regex)

--namespace

Kubernetes namespace to use

--kubeconfig
~/.kube/config

Path to kubeconfig file

--all-namespaces

Tail across all namespaces

--selector

Label selector to filter pods

--tail
-1

Number of lines from end of logs to show (default all)

--color
auto

Force color output (auto, always, never)

--output
default

Predefined output format (default, raw, json)

template

Custom template for log lines

3. References

johanhaleby/kubetail

wercker/stern

Two highly useful Kubernetes real‑time log viewing tools

cloud-nativekubernetesLog Monitoringcli-toolskubetailstern
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment