https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972563#M30215 <P>Gregg, thanks a lot for the link to display log messages to Grafana and also Grafana alerting .&nbsp;</P> <P>&nbsp;</P> <P>regarding my original question (export the compute - programming container log), have deployed logging/monitoring a year ago when this was under github DAC, so not have the kubernetes github configured for our logging/monitoring.</P> <P>&nbsp;</P> <P>in Dashboards, I filtered for this container and level,&nbsp; I can export a page at a time, but was not able to export all the events since there are over 2000 pages after applying the filter criteria. is this possible?</P> <P>&nbsp;</P> <P>Thank you for your input!</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 13 Aug 2025 13:46:42 GMT drahorg 2025-08-13T13:46:42Z https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972356#M30201 <P>We have deployed Viya 2024.09LTS, additionally logging and monitoring. I need to report on the events when a specific container got an error during the last 7 days. I know that in Opensearch - Dashboards - Log message with Level (Pods/container) - Filter for kube.container=ContainerName and level=error. I have 2 questions if you can help</P> <P>1. Since there are shown many thousands of pages of these results, how can I export all these to a large Excel or csv/text file so that is easier to filter and look at the results.&nbsp;</P> <P>2. is it possible to send any notifications/alerts when let's say a specific word appear in the message for this criteria (eg&nbsp; Opensearch - Dashboards - Log message with Level (Pods/container) - Filter for kube.container=ContainerName and level=error. if the message contains failure then send an alert and or email). any alerting can be enabled and show in an alerts page?&nbsp;</P> <P>&nbsp;</P> <P>Thanks a lot for your help!</P> Fri, 08 Aug 2025 19:56:53 GMT https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972356#M30201 drahorg 2025-08-08T19:56:53Z https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972434#M30206 The getlogs.py in viya4-monitoring-kubernetes/logging/bin is the easiest way (in my opinion) to pull the relevant lines out. <BR />./getlogs.py -fo csv -l ERROR -c &lt;container-name&gt; -m 10000 -o errors.csv -st 2025-08-04 00:00:00 (7 days ago)<BR />You can also export the results using opensearch dashboards.<BR /><BR />For alerting you would need to use Grafana, which I think would require configuring OpenSearch as a data source for Grafana.<BR /><BR />Display Log Messages in Grafana Dashboards<BR /><A href="https://go.documentation.sas.com/doc/en/obsrvcdc/v_003/obsrvdply/p1bqqaa7r8s06jn1pjexe3ymrckn.htm" target="_blank">https://go.documentation.sas.com/doc/en/obsrvcdc/v_003/obsrvdply/p1bqqaa7r8s06jn1pjexe3ymrckn.htm</A><BR /><BR />You could then build alerts based using the datasource.<BR /><BR />Manage Grafana Alerting<BR /><A href="https://go.documentation.sas.com/doc/en/obsrvcdc/v_003/obsrvug/n1eslak1oy1dq4n1d9nbtuqefwpb.htm" target="_blank">https://go.documentation.sas.com/doc/en/obsrvcdc/v_003/obsrvug/n1eslak1oy1dq4n1d9nbtuqefwpb.htm</A> Mon, 11 Aug 2025 13:38:03 GMT https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972434#M30206 gwootton 2025-08-11T13:38:03Z https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972563#M30215 <P>Gregg, thanks a lot for the link to display log messages to Grafana and also Grafana alerting .&nbsp;</P> <P>&nbsp;</P> <P>regarding my original question (export the compute - programming container log), have deployed logging/monitoring a year ago when this was under github DAC, so not have the kubernetes github configured for our logging/monitoring.</P> <P>&nbsp;</P> <P>in Dashboards, I filtered for this container and level,&nbsp; I can export a page at a time, but was not able to export all the events since there are over 2000 pages after applying the filter criteria. is this possible?</P> <P>&nbsp;</P> <P>Thank you for your input!</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 13 Aug 2025 13:46:42 GMT https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972563#M30215 drahorg 2025-08-13T13:46:42Z https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972567#M30217 I believe both the OpenSearch Dashboards UI and python script have a limit of 10,000 records you can export at a time. Wed, 13 Aug 2025 15:24:03 GMT https://communities.sas.com/t5/Administration-and-Deployment/Capture-events-from-Opensearch-and-setup-alerts/m-p/972567#M30217 gwootton 2025-08-13T15:24:03Z