Observability and troubleshooting
See what's going on in your cluster with network observability tools and detailed logging.
Getting started
Manage alerts
Configure alerts and review alert events for Calico Cloud features in the web console or CLI. Use built-in templates for visibility and security signals.
Kibana dashboards and logs
Use Kibana with Calico Cloud Elasticsearch to explore flow, L7, audit, BGP, DNS, and intrusion detection event logs from connected clusters.
Packet capture
Capture live pod traffic in Calico Cloud connected clusters from Service Graph or the CLI and export pcap files to Wireshark for analysis.
Visualize traffic to and from a cluster
Visualize cluster traffic to and from external endpoints in Calico Cloud Service Graph with network sets that group external IP ranges by purpose.
Getting started with logs
Overview
Calico Cloud uses managed Elasticsearch and Kibana for flow, DNS, audit, BGP, and L7 logs with workload context, RBAC, and archival to external SIEMs.
Archive logs
Forward Calico Cloud flow, DNS, audit, and L7 logs to Syslog, Splunk, or Amazon S3 to retain compliance data beyond managed retention windows.
Overview
Calico Cloud uses managed Elasticsearch and Kibana for flow, DNS, audit, BGP, and L7 logs with workload context, RBAC, and archival to external SIEMs.
BGP logs
Reference of key/value fields in Calico Cloud BGP activity logs in Elasticsearch, with sample queries for IPv4, IPv6, and per-node lookups.
Audit logs
Calico Cloud audit logs record changes to network policies, tiers, network sets, host endpoints, and other resources across connected clusters.
Flow logs
Flow log data types
Reference of key/value fields that Calico Cloud sends to Elasticsearch for flow logs, including endpoints, actions, byte counts, and policy verdicts.
Filter flow logs
Filter Calico Cloud flow logs through Fluentd to drop low-significance traffic and reduce managed Elasticsearch volume and cost.
Configure flow log aggregation
Tune Calico Cloud flow log aggregation levels to balance managed Elasticsearch volume and cost against pod and IP visibility for allowed and denied traffic.
Enable HostEndpoint reporting in flow logs
Turn on host endpoint reporting in Calico Cloud flow logs to gain visibility into traffic at HostEndpoint interfaces on Kubernetes nodes.
Enable process-level information in flow logs
Add process executable paths and arguments to Calico Cloud flow logs with eBPF kprobe programs for process-level visibility into network activity.
Enabling TCP socket stats in flow logs
Add TCP socket statistics to Calico Cloud flow logs with eBPF programs that capture round-trip time, retransmits, and other per-socket metrics.
DNS logs
Query DNS logs
Reference of key/value fields in Calico Cloud DNS activity logs in Elasticsearch, with guidance for building client and query lookups.
Filter DNS logs
Suppress low-value Calico Cloud DNS log entries with Fluentd filters configured through a ConfigMap in the operator namespace of connected clusters.
L7 logs
Configure L7 logs
Deploy Envoy and aggregate Calico Cloud L7 logs to monitor HTTP traffic patterns between application workloads on connected clusters.
L7 log data types
Reference of key/value fields that Calico Cloud sends to Elasticsearch for L7 logs, including durations, byte counts, and HTTP request metadata.