File Log Collection
Basic Configuration
Section titled “Basic Configuration”To collect logs from files, define receivers in the log.opentelemetry.receivers section.
Each receiver watches one or more file paths using glob patterns.
log.opentelemetry.receivers: my-app: include: - '/var/log/my-app/*.log'This makes the application’s logs appear in the log section of the panel.
File Permissions
Section titled “File Permissions”You may need to allow Glouton to read the log file.
This can be done with sudo, by adding in /etc/sudoers.d/glouton-local:
glouton ALL=(ALL) NOPASSWD: /usr/bin/tail --follow=name --bytes=* /var/log/my-app/access.logglouton ALL=(ALL) NOPASSWD: /usr/bin/stat --printf=%s /var/log/my-app/access.logOperators
Section titled “Operators”Operators enrich and transform each log line. They are based on Stanza’s operators, so any operator from an OpenTelemetry Collector-Contrib configuration can be reused directly.
log.opentelemetry.receivers: my-app: include: - '/var/log/my-app/access.log' operators: - type: add field: resource['service.name'] value: 'My app'The list of available operator types can be found in the Stanza operators documentation.
Using Known Log Formats as Operators
Section titled “Using Known Log Formats as Operators”A known log format can be applied directly as the receiver’s format, or included within operators:
log.opentelemetry.receivers: web-app: include: - '/var/log/nginx/access.log' log_format: nginx_access # apply a known log format my-app: include: - '/var/log/my-app/access.log' operators: - type: add field: resource['service.name'] value: 'My app' - include: my_app_parser # include a known log format within operators - type: remove field: attributes['some-attr']The format must be either a built-in default or a custom format you define.
Filters
Section titled “Filters”Filters control which log records are exported. They can be applied per-receiver or globally.
Drop Filter (OTTL)
Section titled “Drop Filter (OTTL)”Drop matching log records using OpenTelemetry Transformation Language expressions:
log.opentelemetry.receivers: my-app: include: - '/var/log/my-app/access.log' filters: log_record: - 'IsMatch(body, ".*password.*")'Include / Exclude Filters
Section titled “Include / Exclude Filters”For more granular control, use include and exclude filters with attribute matching:
log.opentelemetry.receivers: my-app: include: - '/var/log/my-app/access.log' filters: include: match_type: regexp resource_attributes: - key: 'some-attr' value: 'some value' record_attributes: - key: 'http.response.status_code' value: '5..' - key: 'http.request.method' value: 'POST|PATCH' severity_texts: - 'info' severity_number: min: 'INFO' match_undefined: true bodies: - 'log with status_code = 5\d\d' exclude: # same structure as includeFilter Behavior
Section titled “Filter Behavior”- The
match_typecan bestrict(exact match) orregexp - Within
includeorexclude, all conditions (resource_attributes,record_attributes,severity_texts,bodies) use OR logic — a log matching any of them qualifies - Entries inside each section are also OR conditions
- When both
includeandexcludeare specified,includefiltering occurs first - Filters can also be applied globally — see Global Filters
Service Log Files
Section titled “Service Log Files”When Glouton discovers services, it automatically sets up log processing for them. Learn more about supported services on the services page.
You can specify formats and filters for a specific service type by referencing known log formats and known log filters:
service: - type: 'my-app' ... log_format: 'my_app_parser' log_filter: 'my_app_filter'To handle specific log files for a service:
- type: "my-app" ... log_files: - file_path: '/var/log/my-app/access.log' log_format: 'my_app_access_parser' log_filter: 'my_app_access_filter' - file_path: '/var/log/my-app/error.*.log' log_format: 'my_app_error_parser' log_filter: 'my_app_error_filter'