Skip to content

Commit

Permalink
Logs-collector new filelog collector and ingress grok parser (#348)
Browse files Browse the repository at this point in the history 
* [otel] switch both images to fixed releases

* [otel] fix syntax

* add missing library

* [otel logs-collector] switch to new filelog parser and transform ingress logs

* [otel logs-collector] bump chart+plugin

* enable ceph
  • Loading branch information
@Kuckkuck
Kuckkuck authored Aug 30, 2024
1 parent 0225ef6 commit 2f77517
Show file tree
Hide file tree
Showing 3 changed files with 84 additions and 62 deletions.
2 changes: 1 addition & 1 deletion opentelemetry/chart/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
apiVersion: v2
appVersion: v0.104.0
name: opentelemetry-operator
version: 0.3.0
version: 0.3.1
description: OpenTelemetry Operator Helm chart for Kubernetes
icon: https://raw.githubusercontent.com/cncf/artwork/a718fa97fffec1b9fd14147682e9e3ac0c8817cb/projects/opentelemetry/icon/color/opentelemetry-icon-color.png
type: application
Expand Down
140 changes: 81 additions & 59 deletions opentelemetry/chart/templates/logs-collector.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,70 +63,16 @@ spec:
auth_type: serviceAccount

filelog:
include: [ /var/log/pods/*/*/*.log ]
exclude: [ var/log/pods/*/logs-collector/*.log ]
include_file_path: true
include_file_name: false
start_at: end
retry_on_failure:
enabled: true

include: [ /var/log/pods/*/*/*.log ]
operators:
- id: get-format
type: router
routes:
- output: set-containerd
expr: 'body matches "^[^ Z]+Z"'

- id: set-containerd
- id: container-parser
type: container
- id: parser-containerd
type: add
field: resource["container.runtime"]
value: "containerd"

# Parse CRI-Containerd format
- id: parser-containerd
type: regex_parser
regex: '^(?P<time>[^ Z]+Z) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*)'
timestamp:
parse_from: attributes.time
layout: '%Y-%m-%dT%H:%M:%S.%LZ'

- id: parse-time
type: regex_parser
regex: '^(?P<time>[^ Z]+)'
timestamp:
parse_from: attributes.time
layout_type: gotime
layout: '2006-01-02T15:04:05.999999999'

# Extract metadata from file path
- id: extract_metadata_from_filepath
type: regex_parser
regex: '^.*\/(?P<namespace>[^_]+)_(?P<pod_name>[^_]+)_(?P<uid>[a-f0-9\-]{36})\/(?P<container_name>[^\._]+)\/(?P<restart_count>\d+)\.log$'
parse_from: attributes["log.file.path"]
cache:
size: 128

# Rename attributes
- type: move
from: attributes.stream
to: attributes["log.iostream"]
- type: move
from: attributes.container_name
to: resource["k8s.container.name"]
- type: move
from: attributes.namespace
to: resource["k8s.namespace"]
- type: move
from: attributes.pod_name
to: resource["k8s.pod.name"]
- type: move
from: attributes.restart_count
to: resource["k8s.container.restart_count"]
- type: move
from: attributes.uid
to: resource["k8s.pod.uid"]

{{- if .Values.openTelemetry.podMonitor.enabled }}
prometheus/internal:
config:
Expand Down Expand Up @@ -238,6 +184,24 @@ spec:
# - set(severity_number,SEVERITY_NUMBER_INFO) where cache["severity"] == "info"
# - set(attributes["loggerName"],cache["loggerName"]) where cache["loggerName"] != nil

transform/ingress:
error_mode: ignore
log_statements:
- context: log
conditions:
- resource.attributes["app.label.name"] == "ingress-nginx"
statements:
- merge_maps(attributes, ExtractGrokPatterns(body, "%{IP:remoteaddr} %{NOTSPACE:ident} %{NOTSPACE:auth} \\[%{HTTPDATE:timestamp}\\] \"%{WORD:request_method} %{NOTSPACE:request_path} %{NOTSPACE:httpversion}\" %{NUMBER:response} %{NUMBER:content_length:int} %{QUOTEDSTRING} \"%{GREEDYDATA:user_agent}\" %{NUMBER:request_length:int} %{BASE10NUM:request_time:float}( \\[%{NOTSPACE:service}\\])? ?(\\[\\])? %{IP:upstream_addr}\\:%{NUMBER:upstream_port} %{NUMBER:upstream_response_length:int} %{BASE10NUM:upstream_response_time:float} %{NOTSPACE:upstream_status} %{NOTSPACE:request_id}", true),"upsert"

transform/cheph:
error_mode: ignore
log_statements:
- context: log
conditions:
- resource.attributes["app.label.part-of"] == "ceph-cluster"
statements:
- merge_maps(attributes, ExtractGrokPatterns(body, "%{WORD:debug_level} %{TIMESTAMP_ISO8601:log_timestamp} %{NOTSPACE}%{SPACE}%{NUMBER} %{NOTSPACE}\\: %{NOTSPACE}\\: %{IP:remoteaddr} %{NOTSPACE} %{NOTSPACE:project_id}\\$%{NOTSPACE} \\[%{HTTPDATE:request_timestamp}\\] \"%{WORD:request_method} \\/(?<bucket>[a-zA-Z0-9._+-]+)\\/%{NOTSPACE:request_path} %{NOTSPACE:httpversion}\" %{NUMBER:response} %{NUMBER:content_length:integer} %{NOTSPACE} \"%{GREEDYDATA:user_agent}\" %{NOTSPACE} latency=%{NUMBER:latency:float}", true),"upsert"

k8sattributes:
auth_type: "serviceAccount"
passthrough: false
Expand Down Expand Up @@ -272,6 +236,64 @@ spec:
- tag_name: app.label.pod-template-hash
key: app.kubernetes.io/pod-template-hash
from: pod
#ceph
- tag_name: app.label.component
key: app.kubernetes.io/component
from: pod
- tag_name: app.label.created-by
key: app.kubernetes.io/created-by
from: pod
- tag_name: app.label.managed-by
key: app.kubernetes.io/managed-by
from: pod
- tag_name: app.label.part-of
key: app.kubernetes.io/part-of
from: pod
- tag_name: app.label.ceph-osd-id
key: ceph-osd-id
from: pod
- tag_name: app.label.ceph_daemon_id
key: ceph_daemon_id
from: pod
- tag_name: app.label.ceph_daemon_type
key: ceph_daemon_type
from: pod
- tag_name: app.label.device-class
key: device-class
from: pod
- tag_name: app.label.failure-domain
key: failure-domain
from: pod
- tag_name: app.label.osd
key: osd
from: pod
- tag_name: app.label.osd-store
key: osd-store
from: pod
- tag_name: app.label.portable
key: portable
from: pod
- tag_name: app.label.rook_cluster
key: rook_cluster
from: pod
- tag_name: app.label.rook_io.operator-namespace
key: rook_io/operator-namespace
from: pod
- tag_name: app.label.topology-location-host
key: topology-location-host
from: pod
- tag_name: app.label.topology-location-region
key: topology-location-region
from: pod
- tag_name: app.label.topology-location-region
key: topology-location-region
from: pod
- tag_name: app.label.topology-location-root
key: topology-location-root
from: pod
- tag_name: app.label.topology-location-zone
key: topology-location-zone
from: pod
pod_association:
- sources:
- from: resource_attribute
Expand Down Expand Up @@ -328,7 +350,7 @@ spec:
pipelines:
logs/containerd:
receivers: [filelog]
processors: [k8sattributes,attributes/cluster,batch]
processors: [k8sattributes,transform/ingress,transform/ceph,attributes/cluster,batch]
exporters: [opensearch/logs]
logs/k8sevents:
receivers: [k8s_events]
Expand Down
4 changes: 2 additions & 2 deletions opentelemetry/plugindefinition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ kind: PluginDefinition
metadata:
name: opentelemetry
spec:
version: 0.3.0
version: 0.3.1
displayName: OpenTelemetry
description: Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs.
icon: https://raw.githubusercontent.com/cloudoperators/greenhouse-extensions/main/opentelemetry/logo.png
helmChart:
name: opentelemetry-operator
repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts
version: 0.3.0
version: 0.3.1
options:
- default: true
description: Activates the standard configuration for logs
Expand Down

0 comments on commit 2f77517

Please sign in to comment.