Kubernetes Search
Query your Kubernetes clusters live, from the Splunk search bar.
Run kubectl-style queries against the live Kubernetes API without leaving Splunk - list resources, stream pod logs, read events, and describe objects across every cluster you register. No agent in the cluster, no ingestion, no extra index storage.
Requirements
Splunk and Kubernetes versions, supported platforms, and what the app needs
→Installation
Install on a search head, assign roles, register a cluster, run your first search
→Concepts
The live-API model, how queries reach your cluster, caching, and limits
→Performance and scale
Search-head footprint, caching, and querying large environments efficiently
→Command reference
Full SPL reference for k8s, k8slogs, k8sevents, k8sdescribe, and k8syaml
→Use cases
Common searches by goal, and how to alert on live cluster state
→Clusters
Register clusters, import a kubeconfig, and configure authentication
→Configuration
Tune request timeouts, fan-out concurrency, cache size, and log verbosity in k8s_search.conf
→Access control
Splunk roles and capabilities, and the three credential models
→Dashboards
The bundled dashboards, built on the live commands
→Licensing
Free tier vs paid, the grace period, and entering a key
→Kubernetes Search vs Monitoring and OpenTelemetry
When to use Kubernetes Search, Monitoring Kubernetes, or OpenTelemetry - and why you'd run more than one
→Troubleshooting
Find logs and diagnose the common failures
→Support
How to get help and what to include in a request
→Release history
Version history for the Kubernetes Search app
→