Skip to main content


See a research for Logs aggregation.

We are following the first solution described in this document, logging to stdout with no need for a forwarder sidecar pod.

Where do I find the logs?

First, you have to get access to Splunk (CMDB ID is 'PCKT-002').

Then go to https://rhcorporate.splunkcloud.comSearch & Reporting

You should be able to see some logs using this query:

index="rh_paas" source="/var/log/containers/packit-worker*.log"

If the above query doesn't return any results, request access to rh_paas index.


If you cannot see Access to Additional Datasets (as suggested by the instructions), use Update Permissions as the Request Type and ask to access the rh_paas index in the additional details.

The more specific search, the faster it'll be. At least, specify index, source. You can start with this search and tune it from there. For example:

  • add | reverse if you want to se the results from oldest to newest
  • add | fields _raw | fields - _time to leave only message field without timestamp duplication

All in one URL here - now just export it to csv; and you have almost the same log file as you'd get by exporting logs from a worker pod.

For more info, see (Red Hat internal):