https://signoz.io logo
Join Slack
Powered by
Hi guys - I work for MSFT in Azure Kubernetes Team...
# general
p
Hi guys - I work for MSFT in Azure Kubernetes Team and I am working on a POC using Singnoz. I tested it yesterday and I love it but I am having issues getting logs from another log file, I changed the name, file type like .log json in my deployment but signoz is not refreshing the file.name or logs. It is still showing logs from old file somehow. 
receivers:
filelog:
include: [ /var/log/audit/aks.log ]
start_at: end
operators:
- type: json_parser
service:
pipelines:
logs:
receivers: [otlp, filelog, httplogreceiver/heroku, httplogreceiver/json]
processors: [batch]
exporters: [clickhouselogsexporter]
extraVolumeMounts:
- mountPath: /var/log/audit/audit.log
name: audit-log
- mountPath: /var/log/audit/aks.log
name: aks-log
- mountPath: /mnt/blob
name: blob-log
extraVolumes:
- hostPath:
path: /var/log/audit/audit.log
type: FileOrCreate
name: audit-log
- hostPath:
path: /var/log/audit/aks.log
type: FileOrCreate
name: aks-log
- name: blob-log
persistentVolumeClaim:
claimName: pvc-blob-fuse
See I am trying to search for newlog file name but it's still shows old file name. No result on file aks.log which I have configured above. I can see the file in the pod 
Pod: default/signoz-otel-collector-8cc98f667-b9grm | Container: signoz-otel-collector
~ $ ls /var/log/audit/
aks.log    audit.log
cat conf/otel-collector-config.yaml
Copy code
receivers:
  filelog:
    include:
    - /var/log/audit/aks.log
    operators:
    - type: json_parser
    start_at: end
n
did you restart the collector ?
p
Yes, many times
Do you have time for quick call?
I can show you
n
can you check the collector logs, it will print the name of files which it has started to watch. also 
start_at: end
will only read new log lines, are new logs continiously written to the file ? else you can try 
start_at: beginning
p
No, it’s not continuously written
Let me try start at beginning
n
Also check the logs of the collector if you find anything interesting.
p
Yeah, I found multiple issues in the collector logs and I resolved all of them but I still can’t get a large 150mb json log file to show up in signoz
n
can you exec into the collector container and check if the 
/var/log/audit/aks.log
file actually exists inside the container and is readable, sometimes there are permission issues.
p
Yes, I already checked it's there. What should be the permission?
n
Copy code
can you check the collector logs, it will print the name of files which it has started to watch.
can you check this ? try restarting before checking, it prints in during the start
p
It's reading only one file not the other one?
Copy code
"logs", "component": "fileconsumer", "path": "/var/log/audit/audit.log"}
{"level":"info","timestamp":"2024-03-11T03:48:08.778Z","caller":"service/service.go:73","msg":"Client started successfully"}
{"level":"info","timestamp":"2024-03-11T03:48:08.778Z","caller":"opamp/client.go:49","msg":"Ensuring collector is running","component":"opamp-server-client"}
This is the new file I am trying
Copy code
config:
            receivers:
              filelog:
                include: [ /var/log/audit/audit.log, /mnt/PT1H.json ]
                start_at: end                      
            service:
              pipelines:
                logs:
                  receivers: [otlp, filelog, httplogreceiver/heroku]
                  processors: [batch]
                  exporters: [clickhouselogsexporter]
But I am seeing the config inside the pod
Copy code
receivers:
  filelog:
    include:
    - /var/log/audit/audit.log
    - /mnt/PT1H.json
These are the permissions on the file inside the pod 
/conf $ ls -l /mnt/PT1H.json/
total 20693
-rw-r--r--    1 1000     nobody   146615851 Mar  9 07:27 PT1H.json
n
can you remove the 
- /var/log/audit/audit.log
and try ?
p
I need 
start_at: end
for the other file which is continuously writing.
I already tried removing that and it doesn't work
Can I please call you?
n
I am in a low network area, call will be difficult. also does it add this log line with just the json file https://signoz-community.slack.com/archives/C01HWUTP4HH/p1710129092867489?thread_ts=1710011370.078749&cid=C01HWUTP4HH
p
Let me check
n
I will have to check the permission things, I don’t remember exactly. But you can try a dummy json file with all permissions and then try.
p
Let me check the permission on working file
~ $ ls -l /var/log/audit/audit.log
-rw-r--r--    1 root     root       3733586 Mar 11 03:59 /var/log/audit/audit.log
n
root vs nobody , user
p
Good catch
But do you think that's the issue?
n
it’s a good direction to look into, should be the issue
p
I am deploying with this config now 
config:
receivers:
filelog:
include: [ /mnt/PT1H.json ]
start_at: end
It's not liking the file 
2024-03-11T04:04:54.026Z        warn    fileconsumer/file.go:61 finding files: no files match the configured criteria   {"kind": "receiver", "name": "filelog", "data_type": "logs", "component": "fileconsumer"}
But the file is there in PVC
I can see it when I go inside the pod
n
yeah, this is mostly pointing to the permission issue due to different user.
p
Okay, I am trying to fix the permission and will try again.
Still the same with full permissions, I think there is some other issue.
Let me know if you want me to try something else.
Are you sure collector can read the files from PVC?
n
if the pvc is mounted and you can view it by doing exec into the container then it’s alright. were you able to make progress here ? @Prashant Shahi might have some idea as well.
p
No, it never worked. I eventually used azure monitor collector but the log formatting is really messed up.
It would have been to get nice logs from the json file but not sure why it doesn't like it.
a
Hey can you help me ? I'm trying to set Path based logs and i followed the same as tutorial but it's not working Here is my config details
Copy code
filelog/app:
    include: [ /home/anuragvishwakarma/signoz/docker-container-logs/animals.log ]
    start_at: beginning

---

  pipelines:
    logs:
      receivers: [tcplog/docker, otlp, filelog/app, syslog]
      processors: [batch]
      exporters: [otlp, otlp/log]
n
please check the otel collector logs, it will emit logs if it is able to read the 
/home/anuragvishwakarma/signoz/docker-container-logs/animals.log
file.
a
No I can't find any logs. You can check here
n
I don’t see anything in the above file
a
signoz-otel-logs.txt
signoz-otel-logs.txt
n
please restart your collector and share the inital logs
39 Views
Open in Slack
PreviousNext
Powered by