Skip to content

Latest commit

 

History

History
297 lines (248 loc) · 10.9 KB

File metadata and controls

297 lines (248 loc) · 10.9 KB

Sumo Logic Exporter

Stability level: Beta

This exporter supports sending logs and metrics data to Sumo Logic.

We strongly recommend to use this exporter with sumologicextension.

Configuration is specified via the yaml in the following structure:

exporters:
  # ...
  sumologic:
    # unique URL generated for your HTTP Source, this is the address to send data to
    # deprecated, please use sumologicextension to manage your endpoints
    # if sumologicextension is not being used, the endpoint is required
    endpoint: <HTTP_Source_URL>
    # Compression encoding format, empty string means no compression, default = gzip
    compress_encoding: {gzip, deflate, ""}
    # max HTTP request body size in bytes before compression (if applied),
    # default = 1_048_576 (1MB)
    max_request_body_size: <max_request_body_size>

    # format to use when sending logs to Sumo Logic, default = otlp,
    # NOTE: only `otlp` is supported when used with sumologicextension
    log_format: {json, text, otlp}

    # format to use when sending metrics to Sumo Logic, default = otlp,
    # NOTE: only `otlp` is supported when used with sumologicextension
    metric_format: {otlp, prometheus}

    # format to use when sending traces to Sumo Logic,
    # currently only otlp is supported
    trace_format: {otlp}

    # timeout is the timeout for every attempt to send data to the backend,
    # maximum connection timeout is 55s, default = 5s
    timeout: <timeout>

    # defines if timestamp for logs should be set to 0,
    # it indicates that backend will extract timestamp from logs,
    # this option affects OTLP format only
    # default = true
    clear_logs_timestamp: {true, false}

    # For below described source related configuration,
    # please refer to "Source templates" documentation chapter from this document.

    # DEPRECATED
    # desired source category, useful if you want to override the source category
    # configured for the source.
    source_category: <source_category>
    # DEPRECATED
    # desired source name, useful if you want to override the source name
    # configured for the source.
    source_name: <source_name>
    # DEPRECATED
    # desired host name, useful if you want to override the source host
    # configured for the source.
    source_host: <source_host>
    # name of resource attribute which should be dropped for records
    # this is for attribute used by routing processor
    # other attributes should be removed by processors in pipelines before
    # This is workaround for the following issue:
    # https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/7407
    # default = ``
    routing_atttribute_to_drop: <routing_atttribute_to_drop>

    json_logs:
      # defines which key will be used to attach the log body at.
      # This option affects JSON log format only.
      # By default this is "log".
      log_key: <log>
      # defines whether to include a timestamp field when sending
      # JSON logs, which would contain UNIX epoch timestamp in milliseconds.
      # This option affects JSON log format only.
      # default = true.
      add_timestamp: {true, false}
      # when add_timestamp is set to true then this key defines what is the name
      # of the timestamp key.
      # default = "timestamp".
      timestamp_key: <timestamp_key>
      # When flatten_body is set to true and log is a map,
      # log's body is going to be flattened and `log_key` won't be used
      # default = false
      flatten_body: {true, false}

    # DEPRECATED
    # translate_attributes specifies whether attributes should be translated
    # from OpenTelemetry to Sumo Logic conventions;
    # see "Attribute translation" documentation chapter from this document,
    # default = true
    translate_attributes: {true, false}

    # DEPRECATED
    # Specifies whether telegraf metric names should be translated to match
    # Sumo Logic conventions expected in Sumo Logic host related apps (for example
    # `procstat_num_threads` => `Proc_Threads` or `cpu_usage_irq` => `CPU_Irq`).
    # See `translate_metrics.go` for full list of translations.
    # default = true
    translate_telegraf_attributes: {true, false}

    # instructs sumologicexporter to use an edpoint automatically generated by
    # sumologicextension;
    # to use direct endpoint, set it `auth` to `null` and set the endpoint configuration
    # option;
    # see sumologicextension documentation for details
    # default = sumologic
    auth:
      authenticator: <sumologicextension_name>

    # for below described queueing and retry related configuration please refer to:
    # https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/exporterhelper/README.md#configuration

    retry_on_failure:
      # default = true
      enabled: {true, false}
      # time to wait after the first failure before retrying;
      # ignored if enabled is false, default = 5s
      initial_interval: <initial_interval>
      # is the upper bound on backoff; ignored if enabled is false, default = 30s
      max_interval: <max_interval>
      # is the maximum amount of time spent trying to send a batch;
      # ignored if enabled is false, default = 120s
      max_elapsed_time: <max_elapsed_time>

    sending_queue:
      # default = false
      enabled: {true, false}
      # number of consumers that dequeue batches; ignored if enabled is false,
      # default = 10
      num_consumers: <num_consumers>
      # when set to true, the queue is persisted using a file storage extension.
      # make sure to configure and add a `file_storage` extension in `service.extensions`.
      # default = false
      persistent_storage_enabled: {true, false}
      # maximum number of batches kept in memory before data;
      # ignored if enabled is false, default = 5000
      #
      # user should calculate this as num_seconds * requests_per_second where:
      # num_seconds is the number of seconds to buffer in case of a backend outage,
      # requests_per_second is the average number of requests per seconds.
      queue_size: <queue_size>

Attribute translation

Note: This functionality has been moved to the sumologicschemaprocessor and is now deprecated. Please check the upgrade guide for migrating instructions.

Attribute translation changes some of the attribute keys from OpenTelemetry convention to Sumo Logic convention. For example, OpenTelemetry convention for the attribute containing Kubernetes pod name is k8s.pod.name, but Sumo Logic expects it to be in attribute named pod.

If attribute with target name eg. pod already exists, translation is not being done for corresponding attribute (k8s.pod.name in this example).

This feature is turned on by default. To turn it off, set the translate_attributes configuration option to false. Note that this may cause some of Sumo Logic apps, built-in dashboards to not work correctly.

Below is a list of all attribute keys that are being translated.

OTC key name Sumo Logic key name
cloud.account.id AccountId
cloud.availability_zone AvailabilityZone
cloud.platform aws_service
cloud.region Region
host.id InstanceId
host.name host
host.type InstanceType
k8s.cluster.name Cluster
k8s.container.name container
k8s.daemonset.name daemonset
k8s.deployment.name deployment
k8s.namespace.name namespace
k8s.node.name node
k8s.service.name service
k8s.pod.hostname host
k8s.pod.name pod
k8s.pod.uid pod_id
k8s.replicaset.name replicaset
k8s.statefulset.name statefulset
service.name service
log.file.path_resolved _sourceName

Source Templates

You can specify a template with an attribute for source_category, source_name, source_host using %{attr_name}. Only resource attributes can be used this way.

For example, when there is an attribute my_attr: my_value, metrics/%{my_attr} would be expanded to metrics/my_value. Use OpenTelemetry attribute names like k8s.pod.name instead of pod, even when attribute translation is turned on.

If an attribute is not found, it is replaced with undefined. For example, %{existing_attr}/%{nonexistent_attr} becomes value-of-existing-attr/undefined.

Metrics

The Sumo Logic Exporter exposes the following metrics:

  • otelcol_exporter_requests_bytes (counter) - total size of HTTP requests (in bytes)
  • otelcol_exporter_requests_duration (counter) - duration of HTTP requests (in milliseconds)
  • otelcol_exporter_requests_records (counter) - total size of HTTP requests (in number of records)
  • otelcol_exporter_requests_sent (counter) - number of HTTP requests

All of the above metrics have the following dimensions:

  • endpoint - endpoint address
  • exporter - exporter name
  • pipeline - pipeline name (logs, metrics or traces)
  • status_code - HTTP response status code (0 in case of error)

Example Configuration

Example with sumologicextension

extensions:
  sumologic:
    install_token: <token>
    collector_name: my_collector

receivers:
  hostmetrics:
    collection_interval: 30s
    scrapers:
      load:

exporters:
  sumologic:
    source_category: "custom category"
    source_name: "custom name"
    source_host: "%{k8s.pod.name}"

service:
  extensions: [sumologic]
  pipelines:
    metrics:
      receivers: [hostmetrics]
      exporters: [sumologic]

Example without sumologicextension

exporters:
  sumologic:
    endpoint: http://localhost:3000
    compress_encoding: "gzip"
    max_request_body_size: "1_048_576"  # 1MB
    log_format: "text"
    metric_format: "prometheus"
    source_category: "custom category"
    source_name: "custom name"
    source_host: "custom host"

Example with persistent queue

exporters:
  sumologic:
    endpoint: http://localhost:3000
    metric_format: prometheus
    sending_queue:
      enabled: true
      persistent_storage_enabled: true

extensions:
  file_storage:
    directory: .

receivers:
  hostmetrics:
    collection_interval: 3s
    scrapers:
      load:

service:
  extensions:
  - file_storage
  pipelines:
    metrics:
      exporters:
      - sumologic
      receivers:
      - hostmetrics