Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[exporter/elasticsearch] Logstash format compatibility #29625

Merged
merged 15 commits into from
Dec 8, 2023
Merged

[exporter/elasticsearch] Logstash format compatibility #29625

merged 15 commits into from
Dec 8, 2023

Conversation

JaredTan95
Copy link
Member

@JaredTan95 JaredTan95 commented Dec 2, 2023
edited
Loading

Description: Logstash format compatibility. Traces or Logs data can be written into an index in logstash format.

Link to tracking Issue:
close #29624

Documentation: added some descriptions for logstash_format configurations.

  1. otel-col.yaml
receivers:
  otlp:
    protocols:
      grpc:
  filelog:
    include: [ ./examples/kubernetes/varlogpods/containerd_logs-0_000011112222333344445555666677778888/logs/0.log ]
    start_at: beginning
    operators:
      # Find out which format is used by kubernetes
      - type: router
        id: get-format
        routes:
          - output: parser-docker
            expr: 'body matches "^\\{"'
          - output: parser-crio
            expr: 'body matches "^[^ Z]+ "'
          - output: parser-containerd
            expr: 'body matches "^[^ Z]+Z"'
      # Parse CRI-O format
      - type: regex_parser
        id: parser-crio
        regex: '^(?P<time>[^ Z]+) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
        output: extract_metadata_from_filepath
        timestamp:
          parse_from: attributes.time
          layout_type: gotime
          layout: '2006-01-02T15:04:05.999999999Z07:00'
      # Parse CRI-Containerd format
      - type: regex_parser
        id: parser-containerd
        regex: '^(?P<time>[^ ^Z]+Z) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$'
        output: extract_metadata_from_filepath
        timestamp:
          parse_from: attributes.time
          layout: '%Y-%m-%dT%H:%M:%S.%LZ'
      # Parse Docker format
      - type: json_parser
        id: parser-docker
        output: extract_metadata_from_filepath
        timestamp:
          parse_from: attributes.time
          layout: '%Y-%m-%dT%H:%M:%S.%LZ'
      # Extract metadata from file path
      - type: regex_parser
        id: extract_metadata_from_filepath
        regex: '^.*\/(?P<namespace>[^_]+)_(?P<pod_name>[^_]+)_(?P<uid>[a-f0-9\-]{36})\/(?P<container_name>[^\._]+)\/(?P<restart_count>\d+)\.log$'
        parse_from: attributes["log.file.path"]
        cache:
          size: 128  # default maximum amount of Pods per Node is 110
      # Update body field after finishing all parsing
      - type: move
        from: attributes.log
        to: body
      # Rename attributes
      - type: move
        from: attributes.stream
        to: attributes["log.iostream"]
      - type: move
        from: attributes.container_name
        to: resource["k8s.container.name"]
      - type: move
        from: attributes.namespace
        to: resource["k8s.namespace.name"]
      - type: move
        from: attributes.pod_name
        to: resource["k8s.pod.name"]
      - type: move
        from: attributes.restart_count
        to: resource["k8s.container.restart_count"]
      - type: move
        from: attributes.uid
        to: resource["k8s.pod.uid"]
exporters:
  prometheus:
    endpoint: "0.0.0.0:8889"
    const_labels:
      label1: value1

  elasticsearch/log:
    tls:
      insecure: false
    endpoints: [http://localhost:9200]
    logs_index: otlp-logs
    logstash_format:
      enabled: true
    timeout: 2m
    flush:
      bytes: 10485760
    retry:
      max_requests: 5
    sending_queue:
      enabled: true
  elasticsearch/traces:
    tls:
      insecure: false
    endpoints: [http://localhost:9200]
    traces_index: otlp-traces
    logstash_format:
      enabled: true
    timeout: 2m
    flush:
      bytes: 10485760
    retry:
      max_requests: 5
    sending_queue:
      enabled: true

  debug:

processors:
  batch:

extensions:
  health_check:
  pprof:
    endpoint: :1888
  zpages:
    endpoint: :55679

service:
  extensions: [pprof, zpages, health_check]
  pipelines:
    logs:
      receivers: [otlp,filelog]
      processors: [batch]
      exporters: [debug, elasticsearch/log]
    traces:
      receivers: [otlp]
      processors: [batch]
      exporters: [debug, elasticsearch/traces]
  1. es index created when otel-col write traces and logs:
image
  1. query index data:
image image

@JaredTan95
Logstash format compatibility
ca2ca14 
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
@JaredTan95 JaredTan95 requested review from a team and evan-bradley December 2, 2023 14:05
@JaredTan95
rename chlog file
8d0534a 
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
@github-actions github-actions bot added cmd/configschema configschema command cmd/otelcontribcol otelcontribcol command labels Dec 2, 2023
@JaredTan95
fix ci
d9fa603 
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
@JaredTan95
fix ci
2054202 
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
@JaredTan95
fix lint
598b9f8 
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
@JaredTan95 JaredTan95 force-pushed the es_exporter_support_logstash_format branch from 7c790ff to 598b9f8 Compare December 3, 2023 11:02
@JaredTan95
Copy link
Member Author

@fatsheep9146 Can you help to review this?

@mx-psi mx-psi requested a review from fatsheep9146 December 5, 2023 11:20
@fatsheep9146
Copy link
Contributor

elasticsearchexporter/logs_exporter.go:22: File is not gci-ed with --skip-generated -s standard -s default -s prefix(github.com/open-telemetry/opentelemetry-collector-contrib) (gci)
index string

@JaredTan95 failed lint should be fixed

@JaredTan95
fix lint
f53b359 
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
@fatsheep9146 fatsheep9146 added the ready to merge Code review completed; ready to merge by maintainers label Dec 7, 2023
@dmitryax dmitryax merged commit a9d4196 into open-telemetry:main Dec 8, 2023
88 checks passed
@github-actions github-actions bot added this to the next release milestone Dec 8, 2023
@JaredTan95 JaredTan95 deleted the es_exporter_support_logstash_format branch December 9, 2023 06:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fatsheep9146 fatsheep9146 fatsheep9146 approved these changes

@dmitryax dmitryax dmitryax approved these changes

@evan-bradley evan-bradley Awaiting requested review from evan-bradley

@mx-psi mx-psi Awaiting requested review from mx-psi

Assignees

@MovieStoreGuy MovieStoreGuy

Labels
cmd/configschema configschema command cmd/otelcontribcol otelcontribcol command exporter/elasticsearch ready to merge Code review completed; ready to merge by maintainers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[exporter/elasticsearch] Supports the logstash index format
4 participants
@JaredTan95 @fatsheep9146 @dmitryax @MovieStoreGuy