Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Populate Severity Fields from the AWS CloudWatch logs using transform processor #27071

Closed
ghost opened this issue Sep 22, 2023 · 8 comments
Closed

Populate Severity Fields from the AWS CloudWatch logs using transform processor #27071

ghost opened this issue Sep 22, 2023 · 8 comments
Labels
bug Something isn't working processor/transform Transform processor question Further information is requested receiver/awscloudwatch

Comments

@ghost
Copy link

ghost commented Sep 22, 2023

Component(s)

receiver/awscloudwatch

What happened?

Description

I am using the awscloudwatchreceiver to fetch logs from AWS CloudWatch.

A log entry looks something like this
[2023-09-22 07:38:22,570] INFO [GroupCoordinator 2]: Assignment received from leader consumer-amazon.msk.canary.group.broker-1-2686-5f4d4078-4257-41ed-a38d-baed4f17396f for group amazon.msk.canary.group.broker-1 for generation 100469. The group has 1 members, 0 of which are static. (kafka.coordinator.group.GroupCoordinator)

The awscloudwatchreceiver works fine and is able to pick logs.
But severity fields comes as
SeverityText: (empty)
SeverityNumber: Unspecified(0)

Expected Result

I want to pick the the log level and populate the severity fields from the log body itself, currently which looks like this.

Sep 22 07:06:32 ip-10-11-3-12.ap-south-1.compute.internal otelcol-contrib[13288]: Body: Str([2023-09-22 07:04:33,223] INFO [GroupCoordinator 1]: Assignment received from leader consumer-amazon.msk.canary.group.broker-3-2712-c7a8b2ba-2683-460e-be65-86f2091c147b for group amazon.msk.canary.group.broker-3 for generation 100413. The group has 1 members, 0 of which are static. (kafka.coordinator.group.GroupCoordinator))

Was hoping to achieve this using the transform processor, but not sure what exact query to be written. Can someone please help me with this ?

Thanks and Regards

Collector version

v0.83.0

Environment information

OS
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3⭕amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

OpenTelemetry Collector configuration

awscloudwatch:
  region: ap-south-1
  logs:
    poll_interval: 1m
    groups:
      named:
        /aws/kafka/flows-kafka-dev: 
          names:
            - flows-kafka-dev-772d11a9-4f67-4f3a-aa0b-f09dfdb09419-2-Broker-1
            - flows-kafka-dev-772d11a9-4f67-4f3a-aa0b-f09dfdb09419-2-Broker-2
            - flows-kafka-dev-772d11a9-4f67-4f3a-aa0b-f09dfdb09419-2-Broker-3

Log output

No response

Additional context

No response
@ghost ghost added bug Something isn't working needs triage New item requiring triage labels Sep 22, 2023
@github-actions
Copy link
Contributor

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@crobert-1 crobert-1 added processor/transform Transform processor question Further information is requested labels Sep 22, 2023
@github-actions
Copy link
Contributor

Pinging code owners for processor/transform: @TylerHelmuth @kentquirk @bogdandrutu @evan-bradley. See Adding Labels via Comments if you do not have permissions to add labels yourself.

@TylerHelmuth
Copy link
Member

@shiva-fyers I believe you can accomplish your goal using IsMatch. Checkout #27078

@TylerHelmuth TylerHelmuth mentioned this issue Sep 22, 2023
Merged
@TylerHelmuth TylerHelmuth removed the needs triage New item requiring triage label Sep 22, 2023
evan-bradley pushed a commit that referenced this issue Sep 22, 2023
@TylerHelmuth
[processor/transform] Add unstructured log example (#27078)
917f49e 
Related to
#27071
@ghost
Copy link
Author

ghost commented Sep 23, 2023
edited by ghost
Loading

The Collector doesn't even start when using :
- set(severity_number, SEVERITY_NUMBER_DEBUG) where IsString(body) and IsMatch(body, "\sDEBUG\s")

but starts with :
- set(severity_number, SEVERITY_NUMBER_DEBUG) where IsString(body) and IsMatch(body, "DEBUG")

Is this related to this #23238

@TylerHelmuth
Copy link
Member

Oh, I needed to do "\\sDEBUG\\s"

@TylerHelmuth
Copy link
Member

#27098

@crobert-1 crobert-1 added question Further information is requested and removed question Further information is requested labels Sep 25, 2023
@github-actions github-actions bot mentioned this issue Sep 26, 2023
Open
@crobert-1
Copy link
Member

crobert-1 commented Sep 27, 2023
edited
Loading

@shiva-fyers Have you been able to try the IsMatch functionality again with the correct syntax?

@ghost
Copy link
Author

ghost commented Sep 28, 2023

Hey @crobert-1 I was able to run it. Forgot to close this. Apologies.

Thanks everyone.

@ghost ghost closed this as completed Sep 28, 2023
jmsnll pushed a commit to jmsnll/opentelemetry-collector-contrib that referenced this issue Nov 12, 2023
@TylerHelmuth @jmsnll
[processor/transform] Add unstructured log example (open-telemetry#27078
30e903e 
)

Related to
open-telemetry#27071
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working processor/transform Transform processor question Further information is requested receiver/awscloudwatch
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TylerHelmuth @crobert-1