-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logs with category "ApplicationGatewayFirewallLog" fails in Azure Event Hub Receiver #28806
Comments
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
This is similar to #27589. There is also other case like timestamp having different format like "11/09/2023 13:55:06" |
…8805) **Description:** <Describe what has changed.> <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> Allow the attribute 'timestamp' to be used as an alternative to the documented 'time'. **Link to tracking Issue:** <Issue number if applicable> [#28806] **Testing:** <Describe what testing was performed and which tests were added.> Using the example from Azure I created a unit test. **Documentation:** <Describe the documentation added.> Note added to Azure Event Hub Receiver.
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
I believe this was likely fixed in #28805, but the change has not been released yet. We have a release scheduled for this week, so please try with the latest version when available. |
…en-telemetry#28805) **Description:** <Describe what has changed.> <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> Allow the attribute 'timestamp' to be used as an alternative to the documented 'time'. **Link to tracking Issue:** <Issue number if applicable> [open-telemetry#28806] **Testing:** <Describe what testing was performed and which tests were added.> Using the example from Azure I created a unit test. **Documentation:** <Describe the documentation added.> Note added to Azure Event Hub Receiver.
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
Component(s)
receiver/azureeventhub
What happened?
Description
We are using this receiver to collect logs from some Azure resources, at this moment: AKS, ACR and Application Gateway (AGW) with WAFv2. So for AKS and ACR there are no issues, all logs enabled are being exported and searchable in Loki. However, for the AGW, we only se logs in the category ApplicationGatewayAccessLog even though also ApplicationGatewayFirewallLog is enabled. When we export logs to Log Analytics with the same diagnostic settings, all logs show up as expected, so it's not that the logs are missing.
In the OTEL Collector logs, we se a lot of this:
2023-10-28T10:08:34.593Z warn [email protected]/azureresourcelogs_unmarshaler.go:106 Invalid Timestamp {"kind": "receiver", "name": "azureeventhub", "data_type": "logs", "time": ""}
Steps to Reproduce
ApplicationGatewayFirewallLog
enabledazureeventhubreceiver
to pick up logs from the EventHubExpected Result
Logs going trough the OTEL pipeline and ending up being exported by our exporter (which is Loki in this case=
Actual Result
Lots of warnings in the OTEL collector logs saying:
2023-10-28T10:08:34.593Z warn [email protected]/azureresourcelogs_unmarshaler.go:106 Invalid Timestamp {"kind": "receiver", "name": "azureeventhub", "data_type": "logs", "time": ""}
We did not observe any logs being exported by the exporter
Collector version
v0.84.0
Environment information
Environment
OS: AKS v1.25.6
Installed via the OTEL Operator Helm chart
OpenTelemetry Collector configuration
Log output
No response
Additional context
Seems like Microsoft is not following their own standard in this particular log category. The filed "timestamp" should be "time" according to documentation. https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#access-log
The text was updated successfully, but these errors were encountered: