文档首页> 云日志服务 LTS> 用户指南> 日志应用> CCE日志中心> CCE日志节点操作

更新时间：2024-05-11 GMT+08:00

查看PDF

CCE日志节点操作

CCE日志节点操作仪表盘主要展示节点数趋势、非系统用户操作趋势、create操作状态码分布、delete操作状态码分布等。

前提条件

已采集CCE日志，详情请参见云容器引擎CCE应用日志接入LTS。
日志配置结构化，详情请参见结构化配置。

背景信息

云容器引擎（Cloud Container Engine，简称CCE）提供高度可扩展的、高性能的企业级Kubernetes集群。借助云容器引擎，您可以在华为云上轻松部署、管理和扩展容器化应用程序。

分析网站访问情况

登录云日志服务控制台。
在左侧导航栏中选择“仪表盘 ”。
在仪表盘模板下方，选择“CCE日志节点操作”仪表盘，查看图表详情。

CCE日志节点操作仪表盘中的过滤器说明如下所示：

节点名称，所关联的查询分析语句如下所示：
```
select distinct("objectRef.name")
```
操作用户，所关联的查询分析语句如下所示：
```
select distinct("user.username")
```
状态码，所关联的查询分析语句如下所示：
```
select distinct("responseStatus.code")
```
操作类型，所关联的查询分析语句如下所示：
```
select distinct("verb")
```

重要图表说明

CCE日志节点操作仪表盘中重要图表说明如下所示：

节点数趋势，所关联的查询分析语句如下所示：

SELECT  time_series( TIME_PARSE(LEFT(requestReceivedTimestamp, 23),'yyyy-MM-dd''T''HH:mm:ss.SSS'), 'PT1H', 'yyyy-MM-dd HH', '0' ) as "dt",  count(DISTINCT("objectRef.name")) as "节点数" where "objectRef.resource" = 'nodes'  and "objectRef.subresource" = 'status'  and "verb" in ('update', 'patch') and "user.username" = 'system:node' group by   "dt" order by  "dt" desc limit  10000

非系统用户操作趋势，所关联的查询分析语句如下所示：

SELECT time_series( TIME_PARSE(LEFT(requestReceivedTimestamp, 23),'yyyy-MM-dd''T''HH:mm:ss.SSS'), 'PT1H', 'yyyy-MM-dd HH', '0' ) as "dt", count(*) as "请求", "user.username"  where "objectRef.resource" = 'nodes' and "user.username" not in ( 'kube-controller-manager','kube-apiserver-kubelet-client','apiserver') and "user.username" not like  'system:%' and "verb" in ('create','delete','update','patch') group by "dt", "user.username" order by "dt","请求" desc limit 10000

create操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'create' group by "状态码"

delete操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'delete' group by "状态码"

patch操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'patch' group by "状态码"

update操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'update' group by "状态码"

节点封锁/解除封锁操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*)  as "count" where "requestObject" in ('{"spec":{"unschedulable":false}}','{"spec":{"unschedulable":true}}')  group by "状态码"

Label操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where  "objectRef.resource" = 'nodes' and "verb" in ('patch','update') and "requestObject" = 'labels' and "requestObject" = 'metadata' group by "状态码"

Taint操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" in ('patch','update') and "requestObject" = 'taints' group by "状态码"

驱逐操作状态码分布，所关联的查询分析语句如下所示：

select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.subresource" = 'eviction' and "objectRef.resource" = 'pods' and "verb" = 'create' group by "状态码"

节点增删操作列表，所关联的查询分析语句如下所示：

select  "auditID" AS "Audit ID", "objectRef.name" AS "节点名", "verb" AS "操作动作", "stageTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码"  where "objectRef.resource" = 'nodes' and "verb" in ('create','delete')

Taint操作列表，所关联的查询分析语句如下所示：

select  "auditID" AS "Audit ID", "objectRef.name" AS "节点名","requestObject" AS "Taints",  "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码"  where "objectRef.resource" = 'nodes' and "verb" = 'patch' and "requestObject" = 'taints'

驱逐操作列表，所关联的查询分析语句如下所示：

select  "auditID" AS "Audit ID", "objectRef.name" AS "pod", "sourceIPs" AS "源地址",  "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码"  where "objectRef.resource" = 'pods' and "verb" = 'create' and "objectRef.subresource" = 'eviction'

Label操作列表，所关联的查询分析语句如下所示：

select  "auditID" AS "Audit ID", "objectRef.name" AS "节点名", "requestObject" AS "Label", "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码"  where "objectRef.resource" = 'nodes' and "verb" = 'patch' and "requestObject" = 'labels'

封锁操作列表，所关联的查询分析语句如下所示：

select "auditID" AS "Audit ID", "objectRef.name" AS "节点名",  "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "verb" = 'patch' and "objectRef.resource" = 'nodes' and "requestObject" ='true' and "requestObject" = 'unschedulable'

取消封锁操作列表，所关联的查询分析语句如下所示：

select "auditID" AS "Audit ID", "objectRef.name" AS "节点名",  "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "verb" = 'patch' and "objectRef.resource" = 'nodes' and "requestObject" not in ('true','taints','unschedulable')

父主题： CCE日志中心

上一篇：CCE日志中心

下一篇：CCE日志K8s对象操作

意见反馈

文档内容是否对您有帮助？

有帮助没帮助

提供反馈

提交成功！非常感谢您的反馈，我们会继续努力做到更好！您可在我的云声建议查看反馈及问题处理状态。

系统繁忙，请稍后重试

在使用文档中是否遇到以下问题

内容与产品页面不一致

内容不易理解

缺失示例代码

步骤不可操作

搜不到想要的内容

缺少最佳实践

意见反馈（选填）

0/500

请至少选择一项反馈信息并填写问题反馈

字符长度不能超过500

直接提交取消

如您有其它疑问，您也可以通过华为云社区问答频道来与我们联系探讨

智能客服提问云社区提问

CCE日志节点操作

前提条件

背景信息

相关文档

相关产品

意见反馈

文档内容是否对您有帮助？

7*24

备案

专业服务

退订

建议反馈

售前咨询热线