New component: AWS Logs encoding extension #38627
Comments
axw
added
needs triage
|
P.S. this essentially the logs equivalent of #37870. The main difference is that CloudWatch is the way to do metrics in AWS, whereas there are multiple ways to do logs. |
|
I can sponsor. |
atoulme
added
Accepted Component
#### Description This is a new encoding extension for decoding logs from various AWS services. We will start with the CloudWatch Logs subscription filter format and expand to other formats, including CloudFront access logs, VPC flow logs (text/parquet), and more. #### Link to tracking issue First part of #38627 #### Testing Added basic unit tests. #### Documentation README.
#### Description This is a new encoding extension for decoding logs from various AWS services. We will start with the CloudWatch Logs subscription filter format and expand to other formats, including CloudFront access logs, VPC flow logs (text/parquet), and more. #### Link to tracking issue First part of open-telemetry#38627 #### Testing Added basic unit tests. #### Documentation README.
|
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping |
|
Still relevant, just haven't gotten around to adding the component to the distro yet. There's an open issue about adding support for WAF, we might want to get that done first, but it's not strictly necessary. |
Uh oh!
There was an error while loading. Please reload this page.
The purpose and use-cases of the new component
AWS has various services and formats for logs, including CloudWatch, CloudTrail, CloudFront, VPC Flow Logs, and more. Some of these logs can be stored/delivered in multiple ways, e.g. through Amazon Data Firehose, Amazon Kinesis Data Streams, Lambda, and S3.
Currently, the awsfirehose receiver has built-in support for receiving CloudWatch Logs using the log group subscription filter method, e.g. see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#FirehoseExample
The log subscription format is not specific to Firehose, so I would like to extract it into an encoding extension so it may be developed independently of the Firehose receiver. For example, this would enable it to be used with the S3 receiver by configuring a subscription filter to send to Firehose with an S3 destination.
Rather than creating an encoding extension dedicated to just the CloudWatch log group subscription filter format, I propose we have an extension for decoding AWS logs in general. It would be possible to configure the extension with the specific format, such as CloudWatch log group subscription filter, CloudTrail, etc. By having them co-located, we can avoid proliferation of extensions, and better ensure consistency across the formats (e.g. set
cloud.*SemConv fields consistently).We would start by extracting the code at https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/awsfirehosereceiver/internal/unmarshaler/cwlog and add more formats over time.
Example configuration for the component
Telemetry data types supported
logs
Code Owner(s)
@axw @constanca-m
Sponsor (optional)
@atoulme
Additional context
No response
The text was updated successfully, but these errors were encountered: