Retriever
Install plan for the Retriever — the standalone forensic-archive workload that runs an indexer, query handler, stream worker, and filter CronJobs reading archived events from S3 via SQS. No forwarder choice; the plan reads input bucket, four SQS queues, IRSA ServiceAccount, and CloudWatch log group from the discovery snapshot. AWS infra (S3 / SQS / IAM) is not created by this advisor — provision it via the terraform-aws-tenx-retriever module first.
Example
"Retriever into
retrievernamespace"helm upgrade --install my-retriever log10x/retriever-10x \ --namespace retriever \ --set log10x.apiKey=lx_live_... \ --set aws.inputBucket=acme-prod-logs-archive \ --set aws.irsaRoleArn=arn:aws:iam::123456:role/retriever # Verify kubectl -n retriever get pods -l app=my-retriever # expect: indexer, query-handler, stream-worker all Running aws sqs get-queue-attributes --queue-url $INDEX_QUEUE \ --attribute-names ApproximateNumberOfMessages # expect: count drops over time as the indexer drains aws s3 ls s3://acme-prod-logs-archive/indexing-results/ | head # expect: index objects written within ~minutes of installIf S3 / SQS / IRSA isn't there, preflight blocks before any of the above and lists exactly what's missing.
More to ask
- "override input bucket — auto-detect picked the wrong one"
- "verify probes for
my-retriever" - "teardown plan, leave AWS infra alone"
Prerequisites
A fresh snapshot_id from Discover env. AWS infra provisioned via terraform-aws-tenx-retriever (S3 bucket, four SQS queues, IRSA-annotated ServiceAccount). Preflight blocks if any is missing.
Tool schema (advanced)
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
snapshot_id |
string | yes | — | ID returned by Discover env. Cached for 30 min. |
release_name |
string | no | my-retriever |
Helm release name. |
namespace |
string | no | snapshot's suggested namespace | Target namespace. |
api_key |
string | no | — | Log10x license key. |
input_bucket |
string | no | auto | S3 bucket for source logs. Auto-detected from snapshot. |
index_bucket |
string | no | <input_bucket>/indexing-results/ |
S3 path for indexed results (include prefix). |
irsa_role_arn |
string | no | auto | IAM role ARN for the Retriever ServiceAccount. Auto-detected. |
sqs_index_url |
string | no | auto | SQS URL for index operations. |
sqs_query_url |
string | no | auto | SQS URL for query operations. |
sqs_subquery_url |
string | no | auto | SQS URL for sub-query operations. |
sqs_stream_url |
string | no | auto | SQS URL for stream operations. |
action |
string | no | all |
install, verify, teardown, all. |
Teardown is helm uninstall only — leaves AWS infra alone (those resources have their own lifecycle in Terraform).