-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The agent doesn’t send its own logs #944
Comments
I have not ever had issues with setting exclude agent logs to false. You should not need to create your own filelog receiver..that gets into advanced pipeline building which may be prone to error that can explain the operator and processor not working. Will test that version to confirm. |
@matthewmodestino A custom receiver and pipeline was created later as a separate option. |
I've just tested this with 0.85.0 (but not EKS) and works fine. @chisuzume at the beginning your |
@omrozowicz-splunk , no special changes, but clusterReseiver is enabled, splunk_hec/platform_logs exporter is used in the logs pipeline. |
splunk_hec/platform_logs is something enabled by default. Can you send your anonymized |
Right, which also was unsuccessful, so lets focus on how you are trying to deploy the helm chart and if your settings are actually making it to the configmap..if not, something is wrong with your |
Hi @matthewmodestino @omrozowicz-splunk , I tried to simplify values.yaml, the usual logs were received, as they were then, but the agent's own logs were not received. I mean the logs that you can see when executing the following command: values.yaml:
|
Perhaps its how you are searching for them? Are you sending to Enterprise on-prem or Cloud? Testing again.. |
Nothing in your values.yaml points to misconfiguration. We have tests covering this functionality, showing we can get agent logs when excludeAgentLogs is set to false. See https://github.com/signalfx/splunk-otel-collector-chart/blob/main/test/k8s_agent_pod_tests/test_agent_correctness_tests.py#L67 for the query we use to search for them. |
Tested on 0.85.0 with the following config: values.yaml
And in Splunk:
working as expected. Here's the rendered configmap for good measure:
note it is not excluding the log path for the otel collector. working as expected. must be how they are being searched or perhaps routed once they hit Splunk by props and transfroms. Keep in mind the collector doesnt say a whole lot when working...so ensure you are searching a long enough span. |
Closing this issue as inactive. Please reopen if more work is needed. |
What happened?
Description
Field set:
logsEngine: otel
Setting the value
values.logsCollection.containers.excludeAgentLogs: false
doesn’t work.The agent sends all logs except logs from:
/var/log/pods/*/otel-collector/*.log
.After that I tried another option. I copied and created an additional filelog receiver, set
include: [/var/log/pods/otel*/otel-collector/*.log]
. I noticed thatoperators[14]
doesn’t work in receiver:If you remove this field or replace it with
, then the agent logs are sent to splunk.
But I would like to receive logs with correct sourcetype.
Also I noticed that I can’t change the
resource[“com.splunk.sourcetype”]
.It is not possible to change this field using processors: attributes, resource, transform. When setting a value with a string or expression, logs don’t come.
It also fails to change sourcetype if you specify it in
as described by the link
Expected Result
logs from agent (
/var/log/pods/*/otel-collector/*
)Actual Result
No logs
Chart version
0.85.0
Environment information
Environment
Cloud: "EKS"
k8s version: 1.27.0
Chart configuration
No response
Log output
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: