Use Cases

Shipping Kubernetes Cluster Logs to Google Cloud

Use Case Summary:

In this use case, we ship cluster, container, event and application workload logs from an external Kubernetes cluster to GCP’s  Logs Viewer.


  1. Google Cloud account with Cloud Logging API enabled
  2. Google service account with a service account with the logs writer role assigned with a JSON key file. See roles/logging.logWriter for more information.
  3. Kubernetes Cluster with a storageclass capable of providing persistent volumes
  4. Edit agent.yaml’s configmap (at the top) to include:
  • Your cluster name: an arbitrary value that will be added to each log entry as a label


  1. Service account with permission to the Kubernetes API server
  2. Config map: Contains the Stanza configurations
  3. Persistent volume: Allows the Stanza events agent database to persist between restarts and pod evictions
  4. Statefulset: A single replica statefulset for reading Kubernetes events
  5. Daemonset: For reading logs from each Kubernetes node


Create the credentials secret. Download your Google service accounts JSON key and name it log_credentials.json. NOTE: The file name log_credentials.json is required, as that will be the name of the key that is referenced when parsing logs from the external cluster to Google Cloud.

To install Stanza to Kubernetes workload that is not hosted in GCP. Use the following installation command.

kubectl apply -f

Ensure that Stanza is running using the following command

        Kubectl get pods | grep observiq-agent

Use the following command to open the configuration file and change the configuration


        Sample Configuration:

        Once done, save the configuration

  kubectl apply -f

Expected Output:

Event log sample:

Enriched log sample: