stern v1.33.1 - AudioDocs
Tool: stern - Multi-Pod and Multi-Container Log Tailing for Kubernetes Version: v1.33.1 Duration: ~13 minutes Voice: Algieba (Gemini 2.5 TTS) Source: github.com/stern/stern
Listen
YouTube video will be embedded here once uploaded.
Topics Covered
- The Problem: Why kubectl logs falls short for multi-pod debugging
- Basic Usage: Regex queries and resource queries (deployment/nginx)
- Multi-Container Support: Tailing all containers, filtering with -c and -E
- Namespace & Label Filtering: -n, -A, -l flags
- Output Templates: default, raw, json, custom Go templates
- Template Functions: parseJSON, levelColor, color helpers
- Time Filtering: --since, --timestamps, --timezone
- Batch Mode: --no-follow for scripted analysis
- Configuration: Config file, color customization
- Installation: Homebrew, Krew, apt, asdf, WinGet
Transcript
stern: Multi-Pod and Multi-Container Log Tailing for Kubernetes
Version 1.33.1.
Today we're exploring stern, a tool that fundamentally changes how you tail logs in Kubernetes. If you've ever found yourself juggling multiple terminal windows, each running kubectl logs on different pods, or trying to debug an issue across pods that keep getting recreated, stern is about to become essential to your workflow.
Let's start with the problem stern solves. In Kubernetes, pods come and go. A deployment might have five replicas, each with its own pod name ending in a random suffix. When you need to see logs from all of them simultaneously, kubectl logs only handles one pod at a time. And when a pod gets deleted and replaced, you lose your log stream and have to start a new kubectl logs command with the new pod name.
stern eliminates this friction entirely. It tails multiple pods simultaneously, automatically adds newly created pods to the stream, removes deleted pods cleanly, and color-codes output so you can visually distinguish which logs came from which pod.
Basic Usage
The basic usage is simple: stern followed by a pod query. This query is a regular expression, so stern nginx would match nginx-frontend-abc123, nginx-backend-xyz789, and any other pod containing nginx in its name. You don't need exact pod names. You don't need to know the random suffixes. Just describe the pattern you want.
But stern goes further. You can also query by Kubernetes resource using the format resource/name. For example, stern deployment/nginx tails all pods belonging to that deployment. Stern supports pod, replicationcontroller, service, daemonset, deployment, replicaset, statefulset, and job resources. This is incredibly powerful because you're expressing intent—tail the logs for this deployment—rather than hunting for specific pod names.
Multi-Container Support
When a pod has multiple containers, kubectl logs requires you to specify which container you want. Stern, by default, tails all containers in matching pods. The output includes the container name, so you can tell them apart. If you only want specific containers, use the -c flag with a regular expression. For example, stern nginx -c app would only show logs from containers matching "app".
Conversely, you can exclude containers. The -E flag excludes containers matching a pattern. This is particularly useful for filtering out sidecar noise. Running stern -n staging --exclude-container istio-proxy . tails everything in the staging namespace except istio-proxy sidecars.
Similarly, you can exclude entire pods with --exclude-pod. Debugging an issue and the kube-apiserver logs are drowning out everything else? stern -n kube-system --exclude-pod kube-apiserver . shows all kube-system logs except the API server.
Namespace and Label Filtering
Namespaces work exactly as you'd expect. The -n flag specifies a namespace. For multiple namespaces, repeat the flag or use comma-separated values. The -A flag, for all namespaces, tails across your entire cluster. This is the nuclear option for debugging distributed issues.
You can filter by labels with the -l flag. stern --all-namespaces -l run=nginx tails every nginx pod in your cluster regardless of namespace. Label selectors follow standard Kubernetes syntax, so complex selectors work too.
Node filtering is available with --node. If you suspect a node-specific issue, stern --all-namespaces --field-selector spec.nodeName=kind-control-plane shows only logs from pods scheduled on that specific node.
Output Templates
Stern offers several predefined templates via the -o flag. The default output shows namespace, pod, and container names, color-coded for readability. The raw output strips all decoration, giving you just the log messages. This is perfect for piping to tools like jq when your logs are JSON.
The json output marshals the complete log struct to JSON, useful for programmatic processing. The extjson and ppextjson outputs provide extended JSON with colorized names, with the pp variant pretty-printing the output.
For complete customization, stern accepts Go templates via the --template flag. The template receives the message, node name, namespace, pod name, container name, labels, and annotations. You can format output however you need.
Stern provides helper functions within templates. The parseJSON function parses a JSON log message so you can extract specific fields. The tryParseJSON function attempts parsing but doesn't fail if the message isn't JSON, perfect for mixed-format logs. The levelColor function colorizes log levels appropriately—error in red, warning in yellow, and so on.
Time-Based Filtering
Time-based filtering is handled by the --since flag. The default is 48 hours, meaning stern shows logs from the last two days. For recent debugging, stern auth -t --since 15m shows the last 15 minutes of auth-related logs with timestamps. The -t flag adds timestamps, which you'll want for most debugging sessions.
The --timezone flag controls timestamp display. By default, timestamps show in your local timezone. Specify a timezone like Asia/Tokyo if your cluster runs in a different region than your terminal.
The --tail flag limits initial output. Running stern nginx --tail 10 shows only the last 10 lines from each container before streaming new logs. This prevents the initial flood when tailing long-running pods. Setting --tail 0 shows no historical logs, only new ones.
Batch Mode
The --no-follow flag is crucial for batch processing. Instead of streaming continuously, stern exits after showing matching logs. Combined with --only-log-lines and sorting, you can create ordered log views. For example: stern --since=5m --no-follow --only-log-lines -A -t . | sort -k4. This shows all logs from the last 5 minutes across all namespaces, sorted by timestamp.
Configuration
Stern supports a config file at ~/.config/stern/config.yaml. Any flag can be set here as a default. For example, if you always want timestamps and a shorter tail:
tail: 10
max-log-requests: 999
timestamps: short
The max-log-requests setting is important for large clusters. By default, stern limits concurrent log streams to 50 to prevent overloading your cluster's API server. If you're watching many pods, you may need to increase this.
You can customize colors for pods and containers via the config file or command-line flags. Colors use SGR sequences.
Installation
Homebrew users: brew install stern. Krew users: kubectl krew install stern, then access it as kubectl stern. APT, pacman, asdf, WinGet, and direct binary downloads are all available. Building from source is straightforward: go install github.com/stern/stern@latest.
For container environments, stern publishes images at ghcr.io/stern/stern.
Summary
- stern tails logs from multiple pods and containers simultaneously using regex or resource queries
- It automatically detects new and deleted pods, maintaining a live view of your workload
- Output is color-coded by default with extensive customization available through templates
- Filtering works at the pod level, container level, and log line level
- Configuration via config file lets you set sensible defaults for your environment
The key takeaway: Kubernetes log debugging doesn't have to mean hunting pod names and juggling terminals. stern gives you a unified, real-time view across pods, containers, and namespaces. Install it, add it to your debugging toolkit, and your Kubernetes observability immediately becomes more effective.
For more information, visit the GitHub repository at github.com/stern/stern.
License & Attribution
This AudioDocs episode is based on the official stern v1.33.1 documentation, licensed under the Apache License 2.0.
- Original Documentation: github.com/stern/stern
- License: Apache License 2.0
- Copyright: © stern contributors
This audio content is a derivative work that transforms the written documentation into an educational audio format. All technical content is derived from the original documentation with proper attribution as required by the license.
Other Versions
| Version | Status |
|---|---|
| v1.33.1 | Current |