Navigation :

Kubernetes AWS Detect Most Active Service Accounts By Pod

Description

This search provides information on Kubernetes service accounts,accessing pods by IP address, verb and decision

Help
Kubernetes AWS Detect Most Active Service Accounts By Pod Help You must install splunk AWS add on and Splunk App for AWS. This search works with cloudwatch logs

Help

Kubernetes AWS Detect Most Active Service Accounts By Pod Help

You must install splunk AWS add on and Splunk App for AWS. This search works with cloudwatch logs

Search
`aws_cloudwatchlogs_eks` user.groups{}=system:serviceaccounts objectRef.resource=pods \| table sourceIPs{} user.username userAgent verb annotations.authorization.k8s.io/decision \| top sourceIPs{} user.username verb annotations.authorization.k8s.io/decision \|`kubernetes_aws_detect_most_active_service_accounts_by_pod_filter` Open in Search

Search

`aws_cloudwatchlogs_eks` user.groups{}=system:serviceaccounts  objectRef.resource=pods | table  sourceIPs{} user.username userAgent verb annotations.authorization.k8s.io/decision  | top  sourceIPs{} user.username verb annotations.authorization.k8s.io/decision |`kubernetes_aws_detect_most_active_service_accounts_by_pod_filter`

Open in Search