Visualize Kubernetes Events: Store in Elasticsearch and Dashboard with Grafana
This guide explains how to store Kubernetes event data in Elasticsearch, configure Logstash and Ruby filters for timestamp correction, and create a Grafana dashboard to visualize and analyze cluster events for improved monitoring and troubleshooting.
This article introduces a solution for storing Kubernetes event data in Elasticsearch and visualizing it with Grafana, enabling long‑term retention and powerful analysis for cluster health monitoring.
Prerequisites
Grafana deployed and accessible.
Elasticsearch deployed and accessible.
Kubernetes‑event‑exporter service deployed and running.
Logstash service deployed and running.
Grafana ↔ Elasticsearch Integration
Follow these steps to create a Grafana dashboard that displays Kubernetes events stored in Elasticsearch.
1. Create Dashboard
2. Transform Data
3. Center Align Fields & Select Columns
4. Left‑Align Event Details
5. Sort by Event Time
Tip: The
createdAtfield generated by the event exporter is in UTC; add an 8‑hour offset to reflect the local time.
<code>date {
match => ["createdAt", "ISO8601"]
target => "createdAt"
}
ruby {
code => "event.set('createdAt', event.get('createdAt') + 8*3600)"
}
</code>Result
Conclusion
By leveraging Elasticsearch’s storage capabilities and Grafana’s flexible visualization, you can enhance Kubernetes cluster monitoring, speed up fault diagnosis, and obtain data‑driven insights for performance optimization, turning monitoring into a proactive tool for maintaining a healthy, transparent environment.
Linux Ops Smart Journey
The operations journey never stops—pursuing excellence endlessly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.