Log Collection and Analysis
Collection
There are various ways to collect logs from applications.
Log files collector
You can use Filebeat, Fluentd and FluentBit to collect logs, and then transport the logs to SkyWalking OAP through Kafka or HTTP protocol, with the formats Kafka JSON or HTTP JSON array.
Filebeat
Filebeat supports using Kafka to transport logs. Open kafka-fetcher and enable configs enableNativeJsonLog
.
Take the following filebeat config yaml as an example to set up Filebeat:
Fluentd
Fluentd supports using Kafka to transport logs. Open kafka-fetcher and enable configs enableNativeJsonLog
.
Take the following fluentd config file as an example to set up Fluentd:
Fluent-bit
Fluent-bit sends logs to OAP directly through HTTP(rest port).
Point the output address to restHost
:restPort
of receiver-sharing-server
or core
(if receiver-sharing-server
is inactivated)
Take the following fluent-bit config files as an example to set up Fluent-bit:
OpenTelemetry
You can use OpenTelemetry Collector to transport the logs to SkyWalking OAP. Read the doc on Skywalking Exporter for a detailed guide.
Java agent’s toolkits
Java agent provides toolkits for log4j, log4j2, and logback to report logs through gRPC with automatically injected trace context.
SkyWalking Satellite sidecar is a recommended proxy/side that
forwards logs (including the use of Kafka MQ to transport logs). When using this, open kafka-fetcher
and enable configs enableNativeProtoLog
.
Java agent provides toolkits for log4j, log4j2, and logback to report logs through files with automatically injected trace context.
Log framework config examples:
Python agent log reporter
SkyWalking Python Agent implements a log reporter for the logging module with functionalities aligning with the Java toolkits.
To explore how to enable the reporting features for your use cases, please refer to the Log Reporter Doc for a detailed guide.
Log Analyzer
Log analyzer of OAP server supports native log data. OAP could use Log Analysis Language to structure log content through parsing, extracting, and saving logs. The analyzer also uses Meter Analysis Language Engine for further metrics calculation.
log-analyzer:
selector: ${SW_LOG_ANALYZER:default}
default:
lalFiles: ${SW_LOG_LAL_FILES:default}
malFiles: ${SW_LOG_MAL_FILES:""}
Read the doc on Log Analysis Language for more on log structuring and metrics analysis.