Logs Action
Logs action allows you to fetch and query logs from various backends including Loki, CloudWatch, OpenSearch, and Kubernetes.
| Field | Description | Scheme |
|---|---|---|
name* | Step Name |
|
logs | Logs Action | |
delay | A delay before running the action e.g. |
|
filter | Conditionally run an action | CEL with Playbook Context |
runsOn | Which runner (agent) to run the action on | |
templatesOn | Where templating (and secret management) of actions should occur |
|
timeout | Timeout on this action. |
Logs
| Field | Description | Scheme |
|---|---|---|
cloudwatch | CloudWatch logs backend configuration | |
kubernetes | Kubernetes logs backend configuration | |
loki | Loki backend configuration | |
opensearch | OpenSearch logs backend configuration |
Loki
| Field | Description | Scheme |
|---|---|---|
query* | LogQL query |
|
connection | Loki connection details | |
dedupe | Log deduplication settings | |
direction | Query direction |
|
end | End time for query |
|
limit | Maximum number of entries to return |
|
mapping | Field mapping configuration | FieldMappingConfig |
match | CEL expressions to filter logs | []MatchExpression |
password | Basic auth password | |
start | Start time for query |
|
url | Loki URL |
|
username | Basic auth username |
CloudWatch
| Field | Description | Scheme |
|---|---|---|
logGroup* | CloudWatch log group name |
|
accessKey | AWS access key | |
connection | AWS connection details | AWSConnection |
dedupe | Log deduplication settings | |
endTime | End time for query |
|
filterPattern | CloudWatch filter pattern |
|
limit | Maximum number of events to return |
|
logStream | CloudWatch log stream name |
|
mapping | Field mapping configuration | FieldMappingConfig |
match | CEL expressions to filter logs | []MatchExpression |
region | AWS region |
|
secretKey | AWS secret key | |
startTime | Start time for query |
|
OpenSearch
| Field | Description | Scheme |
|---|---|---|
index* | OpenSearch index pattern |
|
connection | OpenSearch connection details | |
dedupe | Log deduplication settings | |
from | Start time for query |
|
mapping | Field mapping configuration | FieldMappingConfig |
match | CEL expressions to filter logs | []MatchExpression |
password | Basic auth password | |
query | OpenSearch query |
|
size | Maximum number of hits to return |
|
sort | Sort configuration | []map[string]any |
timeField | Time field name |
|
to | End time for query |
|
url | OpenSearch URL |
|
username | Basic auth username |
Kubernetes
| Field | Description | Scheme |
|---|---|---|
connection | Kubernetes connection details | KubernetesConnection |
container | Container name |
|
dedupe | Log deduplication settings | |
fieldSelector | Field selector for pods |
|
follow | Follow log output |
|
kubeconfig | Kubeconfig source | |
labelSelector | Label selector for pods |
|
mapping | Field mapping configuration | FieldMappingConfig |
match | CEL expressions to filter logs | []MatchExpression |
namespace | Kubernetes namespace |
|
pod | Pod name |
|
previous | Return previous terminated container logs |
|
since | Only return logs newer than a relative duration |
|
sinceTime | Only return logs after a specific date |
|
tailLines | Number of lines from the end of the logs |
|
timestamps | Include timestamps in log output |
|
Dedupe
Log deduplication removes duplicate log entries based on specified fields.
| Field | Description | Scheme |
|---|---|---|
fields* | Fields to use for deduplication |
|
window | Time window for deduplication |
Output
| Field | Description | Scheme |
|---|---|---|
count | Number of log entries returned |
|
logs | Retrieved log entries | []LogEntry |
Templating
CEL Expressions
The following variables can be used within the CEL expressions of filter, if, delays and parameters.default:
| Field | Description | Schema |
|---|---|---|
config | Config passed to the playbook | ConfigItem |
component | Component passed to the playbook | Component |
check | Canary Check passed to the playbook | Check |
playbook | Playbook passed to the playbook | Playbook |
run | Current run | Run |
params | User provided parameters to the playbook | map[string]any |
request | Webhook request | Webhook Request |
env | Environment variables defined on the playbook | map[string]any |
user.name | Name of the user who invoked the action | string |
user.email | Email of the user who invoked the action | string |
agent.id | ID of the agent the resource belongs to. | string |
agent.name | Name of the agent the resource belongs to. | string |
Conditionally Running Actions
Playbook actions can be selectively executed based on CEL expressions. These expressions must either return
- a boolean value (
trueindicating run the action & skip the action otherwise) - or a special function among the ones listed below
| Function | Description |
|---|---|
always() | run no matter what; even if the playbook is cancelled/fails |
failure() | run if any of the previous actions failed |
skip() | skip running this action |
success() | run only if all previous actions succeeded (default) |
timeout() | run only if any of the previous actions timed out |
delete-kubernetes-pod.yaml---
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: notify-send-with-filter
spec:
parameters:
- name: message
label: The message for notification
default: '{{.config.name}}'
configs:
- types:
- Kubernetes::Pod
actions:
- name: Send notification
exec:
script: notify-send "{{.config.name}} was created"
- name: Bad script
exec:
script: deltaforce
- name: Send all success notification
if: success() # this filter practically skips this action as the second action above always fails
exec:
script: notify-send "Everything went successfully"
- name: Send notification regardless
if: always()
exec:
script: notify-send "a Pod config was created"
Defaulting Parameters
delete-kubernetes-pod.yamlapiVersion:
mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: edit
spec:
title: 'Edit Kustomize Resource'
icon: flux
parameters:
- default: 'chore: update $(.config.type)/$(.config.name)'
name: commit_message
Go Templating
When templating actions with Go Templates, the context variables are available as fields of the template's context object . eg .config, .user.email
Templating Actions
delete-kubernetes-pod.yamlapiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: scale-deployment
spec:
description: Scale Deployment
configs:
- types:
- Kubernetes::Deployment
parameters:
- name: replicas
label: The new desired number of replicas.
actions:
- name: kubectl scale
exec:
script: |
kubectl scale --replicas={{.params.replicas}} \
--namespace={{.config.tags.namespace}} \
deployment {{.config.name}}
Functions
| Function | Description | Return |
|---|---|---|
getLastAction() | Returns the result of the action that just run | Action Specific |
getAction({action}) | Return the result of a specific action | Action Specific |
Reusing Action Results
action-results.yamlapiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: use-previous-action-result
spec:
description: Creates a file with the content of the config
configs:
- types:
- Kubernetes::Pod
actions:
- name: Fetch all changes
sql:
query: SELECT id FROM config_changes WHERE config_id = '{{.config.id}}'
driver: postgres
connection: connection://postgres/local
- name: Send notification
if: 'last_result().count > 0'
notification:
title: 'Changes summary for {{.config.name}}'
connection: connection://slack/flanksource
message: |
{{$rows:=index last_result "count"}}
Found {{$rows}} changes