Hey everyone! I'm looking for advice on how to handle Kubernetes audit logs. We're going to need to store and analyze them for legal compliance, but they can be pretty massive. How do you approach this? Do you store everything, or is there some filtering you do? Also, what storage solutions have you found effective? I'd love to hear any specific insights or numbers you might have!
2 Answers
Storing everything isn't usually practical due to the sheer size of the logs. It's better to filter them based on your compliance needs. For storage, consider using Elasticsearch—it’s great for indexing and searching through logs easily.
Have you thought about using Grafana Loki? It's a good option for log management in Kubernetes environments.
Do you send all logs to Loki? I'm curious about how much data you're able to store there.
I get that, but it can be tricky to figure out what's actually necessary to keep. I'm all for filtering, though!