-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Sending raw logs via Elasticsearch exporter when format option is set #26647
Comments
Pinging code owners for exporter/elasticsearch: @JaredTan95. See Adding Labels via Comments if you do not have permissions to add labels yourself. |
makes sense, I think we can support it in es exporter. |
Hi @JaredTan95, Thank you for your response. It's great to hear that you think we can support this feature in the Elasticsearch exporter. We're eager to see this feature implemented. Is there any update on the progress of this feature request? If there's anything we can do to help or contribute to its development, please feel free to let us know. We're excited to see this feature added to the project and are willing to assist in any way we can. Looking forward to your response and the future improvements to the project. |
Feel free to contribute if you have time~ |
Hi @JaredTan95, I'd like to work on this issue unless you're already working on it. Thanks! |
It's yours~ |
@raghu999 @JaredTan95 I've implemented this feature, albeit via a more explicit setting name, |
This is a cleaner approach than the one I was planning to implement. Thanks @ycombinator |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
…#29619) **Description:** This PR adds a new configuration option, `mapping.mode: raw`, to the Elasticsearch exporter. When set, the Elasticsearch exporter will not prefix log or span attributes with `Attributes.` when forming the Elasticsearch document field names for these fields. Additionally, the exporter will also not prefix span events with `Events.*` with forming the Elasticsearch document field names for these fields. **Link to tracking Issue:** Resolves #26647 **Testing:** Besides adding/updating relevant unit tests in this PR, I also tested the changes in this PR against a local Elasticsearch cluster, using the following collector configurations: 1. Without the new `mapping.mode: raw` setting. ```yaml receivers: tcplog: listen_address: "0.0.0.0:54545" processors: attributes: actions: - action: insert key: first_attribute value: one - action: insert key: second_attribute value: two exporters: debug: verbosity: detailed elasticsearch: endpoints: [ "https://localhost:9200" ] user: elastic password: XXXXXXXX logs_index: otel-logs tls: insecure_skip_verify: true flush: interval: 1s service: pipelines: logs: receivers: [tcplog] processors: [attributes] exporters: [debug,elasticsearch] ``` _Resulting document in Elasticsearch:_ ```json { "_index": "otel-logs", "_id": "l1E5J4wBD9bb2EmZJuDR", "_score": 1, "_source": { "@timestamp": "1970-01-01T00:00:00.000000000Z", "Attributes": { "first_attribute": "one", "second_attribute": "two" }, "Body": "bar", "Scope": { "name": "", "version": "" }, "SeverityNumber": 0, "TraceFlags": 0 } } ``` 2. With the new `mapping.mode: raw` setting. ```yaml receivers: tcplog: listen_address: "0.0.0.0:54545" processors: attributes: actions: - action: insert key: first_attribute value: one - action: insert key: second_attribute value: two exporters: debug: verbosity: detailed elasticsearch: endpoints: [ "https://localhost:9200" ] user: elastic password: XXXXXXXX logs_index: otel-logs tls: insecure_skip_verify: true flush: interval: 1s mapping: mode: raw service: pipelines: logs: receivers: [tcplog] processors: [attributes] exporters: [debug,elasticsearch] ``` _Resulting document in Elasticsearch:_ ```json { "_index": "otel-logs", "_id": "jlE4J4wBD9bb2EmZp-Cd", "_score": 1, "_source": { "@timestamp": "1970-01-01T00:00:00.000000000Z", "Body": "foo bar baz", "Scope": { "name": "", "version": "" }, "SeverityNumber": 0, "TraceFlags": 0, "first_attribute": "one", "second_attribute": "two" } } ``` **Documentation:** Documented the new configuration option in the Elasticsearch exporter's `README.md`. --------- Co-authored-by: Andrzej Stencel <[email protected]>
**Description:** This PR proposes adding @ycombinator as a codeowner for the `elasticsearch` exporter component, being an [employee of Elastic](https://www.linkedin.com/company/elastic-co/people/?keywords=shaunak) and also meeting the codeowner [requirements](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/CONTRIBUTING.md#requirements): 1. [Be a member of the OpenTelemetry organization.](https://github.com/open-telemetry/community/blob/main/community-membership.md#member) * https://github.com/orgs/open-telemetry/people?query=ycombinator 2. (Code Owner Discretion) It is best to have resolved an issue related to the component, contributed directly to the component, and/or review component PRs. How much interaction with the component is required before becoming a Code Owner is up to any existing Code Owners. * Resolved #26647 via #29619 * Reviewed #31553 * Contributed #31694 as follow up to #31553 * Reviewed #31848
Component(s)
No response
Is your feature request related to a problem? Please describe.
The current exporter automatically converts the logs into plog format which adds attribute prefixes to all the fields that break the existing dashboards and alerts for enterprises who are using the elastic search exporter. Please see the below debug logs from the Otel collector
Event received by otel
Elastic view
Describe the solution you'd like
According to https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/elasticsearchexporter/model.go#L51 the elasticsearch exporter automatically converts the data into plog format before sending the event to Elastic. The only way we can handle this is to add ingest pipleine on Elastic to strip off the attribute field.
We would like to see a RAW format option like loki and kafka exporter where we can send the raw logs to elasticsearch.
https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/kafkaexporter
https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/lokiexporter
Describe alternatives you've considered
No alternatives found except for adding ingest pipelines on the Elastic
Additional context
No response
The text was updated successfully, but these errors were encountered: