Traefik 2.x access-log support #9131
Conversation
ltflb-bgdi
force-pushed
the
feat-BGDIINF_SB-3114-traefik
branch
9 times, most recently
from
7d4fd2f to
9da289e
Compare
|
I'm looking forward to this one. |
jamiehynds
added
Integration:traefik
|
@SubhrataK can someone from your team please review? |
Thanks @jamiehynds - We will look into it. |
| @@ -11,7 +11,7 @@ | |||
| ], | |||
| "created": "2020-04-28T11:07:58.223Z", | |||
| "duration": 2000000, | |||
| "ingested": "2023-10-15T20:29:57.434126924Z", | |||
| "ingested": "2024-02-14T16:03:17.172004634Z", | |||
| "kind": "event", | |||
| "original": "192.168.33.1 - - [02/Oct/2017:20:22:07 +0000] \"GET /ui/favicons/favicon-16x16.png HTTP/1.1\" 304 0 \"http://example.com/login\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36\" 262 \"Host-host-1\" \"http://172.19.0.3:5601\" 2ms", | |||
There was a problem hiding this comment.
Please mask the sensitive information such like IPs, domain name etc. These sensitive information shouldn't be shipped in package. please check the same for other places as well.
packages/traefik/changelog.yml
Outdated
| @@ -1,3 +1,8 @@ | |||
| - version: "2.0.0" | |||
| changes: | |||
| - description: Support traefik v2.x access-logs | |||
There was a problem hiding this comment.
Minor nit: Please end the description with "." (fullstop)
There was a problem hiding this comment.
Done for all descriptions
| @@ -3,4 +3,6 @@ variants: | |||
| SERVICE_VERSION: 1.6 | |||
| "v1.7": | |||
There was a problem hiding this comment.
Suggestion: If we are keeping 1.7 version in variants then can we also update the Compatibility section by saying that "The Traefik datasets were tested with Traefik 1.6, 1.7 and 2.9" after testing?
| }, | ||
| "service": { | ||
| "url": { | ||
| "original": "http://172.19.0.3:5601" |
There was a problem hiding this comment.
Based on the description of the field and logs pattern it seems it should be mapped with ECS field called service.address.
| - set: | ||
| field: observer.type | ||
| value: proxy | ||
|
|
There was a problem hiding this comment.
Can you add the null remover script? As null value shouldn't be ingested. For reference : https://github.com/elastic/integrations/blob/main/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml#L171-L194
| @@ -1,7 +1,7 @@ | |||
| { | |||
| "expected": [ | |||
| { | |||
| "@timestamp": "2021-03-16T18:56:54Z", | |||
| "@timestamp": "2021-03-16T18:56:54.735539596Z", | |||
| "ecs": { | |||
There was a problem hiding this comment.
We have updated the ECS version from 8.5.1 to 8.11.0 in dependancy hence please update this to 8.11.0 as well by setting up the processor in pipeline. For reference: https://github.com/elastic/integrations/blob/main/packages/apache/data_stream/access/elasticsearch/ingest_pipeline/default.yml#L10C2-L12C21
|
/test |
|
Done |
|
/test |
@andrewkroh - My only concern is what happens if the log is pulled from the newer version and the metrics rely on the older version. Let is evaluate this scenario if nothing breaks then we should be good to merge this PR. Please add your thoughts around this. @milan-elastic - Can we validate this PR changes by updating the integrations from the Traefik 1.x version to the 2.x version. |
That's true. The /health data stream won't work. I imaging there isn't anyone using Traefik 1.x anymore. It entered end-of-support1 close to 2.5 years ago (with no security updates) and now 3.x is out. I would take the stance that this integration should no longer try to support 1.x and it drops support for it by removing the heath data stream and incrementing the packages major version. Traefik has several ways of getting rich metrics from it like prometheus, otel, and statd. (Personally I pull from the prometheus endpoint). You could plan a new metrics data stream that pulls from prometheus/statds or perhaps could document that metrics can be sent to the APM server's OTLP listener2. Footnotes |
Thanks Andrew! Valid point. Since the native support for processing metrics is already unavailable we can deprecate the current data stream and add a new data stream for processing the metrics. Let me create an issue. |
FindingsAs per @muthu-mps comment I have tested out Traefik upgrade scenario from 1.x to 2.x. Here are the scenarios tested
Major issueI understand that we are saying the user to upgrade to the newer versions of Traefik but this would lead to breaking the health data stream as the /health endpoint is no longer accessible just as Andrew said. Tried accessing the endpoint on Traefik 1.7 initially and there it was accessible and we are able to fetch the metrics but in Traefik 2.5 this is not working. You can find the setup links here for both the versions Minor nitsNeed to update the sample_event.json as I can see some of the empty fields in it. We have already included the null script, so we should once generate the sample_event to check if it is working |
|
As we plan to release the log stream in this iteration and the metrics stream in the next iteration. We need to update the integration with the below mentioned changes. Steps
@ltflb-bgdi - Please let us know, If you need any help in making the above changes. If you are okay, we can perform the changes to the PR. |
@muthu-mps Feel free to implement your proposed changes. If you want me to do it, let me know. |
Thanks @ltflb-bgdi! @milan-elastic - Please make the above suggested changes to this PR. Let me know if you have any questions. |
|
@ltflb-bgdi can you please provide me an access to your project so I can write into your branch? |
Done |
|
/test |
|
/test |
|
/test |
💚 Build Succeeded
History
|
|
|
@andrewkroh - We have updated the policy template to drop support for metrics input and the support for metrics will get revamped and added in the next iterations. The documentation is also updated. |
|
Please let me know by when we can expect the last approval and merge. Thanks. |
|
Package traefik - 2.0.0 containing this change is available at https://epr.elastic.co/search?package=traefik |
Proposed commit message
Traefik-access-log integration was done with traefik v1.6 which went EOL 2018. Since traefik 2.x the (json) log format changed.
Thus using the existing traefik integration is not working properly. As well, only few fields are parsed and some important ones are missing.
For this reason I have done the following improvements:
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
elastic-package stack up
cd /packages/traefik
elastic-package test
Related issues
Screenshots