Configuring the logs in apm-server

Santhosh_Reddy · August 8, 2021, 11:46am

Kibana version: 7.13.2

Elasticsearch version: 7.13.2

APM Server version: 7.13.2

APM Agent language and version: node v14.17.3

Browser version: Safari Version 14.1 (16611.1.21.161.6)

Description: Server logs are rendering to logs app under observability but the message of the log is not getting rendered.
Sharing a screenshot of how logs are displayed.

However using Filebeat I am able to get the log messages displayed on Logs app under observability. But I want to use apm-server to handle the logs to display on Logs app. Please help me to configure with the apm-server to display the Logs.
And I am using Winston, Winston-elasticsearch libraries to log the messages in Node js.

Sharing the docker-compose.yml file

#docker-compose.yml
version: '2.2'

services:
  was-backend:
    image: was-backend
    restart: always
    depends_on:
      apm-server:
        condition: service_healthy
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - 3000:3000
    networks:
      - elastic
    volumes:
      - .:/usr/src/app
    labels:
      co.elastic.logs/json.keys_under_root: true
      co.elastic.logs/json.add_error_key: true
      co.elastic.logs/json.expand_keys: true
      co.elastic.logs/json.overwrite_keys: true
      co.elastic.logs/enabled: true
  apm-server:
    image: docker.elastic.co/apm/apm-server:7.13.2
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
      kibana:
        condition: service_healthy
    cap_add: [ "CHOWN", "DAC_OVERRIDE", "SETGID", "SETUID" ]
    cap_drop: [ "ALL" ]
    ports:
      - 8200:8200
    networks:
      - elastic
    command: >
      apm-server -e
        -E logging.json=true
        -E logging.ecs=true
        -E apm-server.rum.enabled=true
        -E setup.kibana.host=kibana:5601
        -E setup.template.settings.index.number_of_replicas=0
        -E apm-server.kibana.enabled=true
        -E apm-server.kibana.host=kibana:5601
        -E output.elasticsearch.hosts=["elasticsearch:9200"]
    healthcheck:
      interval: 10s
      retries: 12
      test: curl --write-out 'HTTP %{http_code}' --fail --silent --output /dev/null http://localhost:8200/
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.13.2
    restart: always
    environment:
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
      - bootstrap.memory_lock=true
      - cluster.name=docker-cluster
      - cluster.routing.allocation.disk.threshold_enabled=false
      - discovery.type=single-node
    ulimits:
      memlock:
        hard: -1
        soft: -1
    volumes:
      - esdata:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      - elastic
    healthcheck:
      interval: 20s
      retries: 10
      test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
  kibana:
    image: docker.elastic.co/kibana/kibana:7.13.2
    restart: always
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
      ELASTICSEARCH_URL: http://elasticsearch:9200
      ELASTICSEARCH_HOSTS: http://elasticsearch:9200
    ports:
      - 5601:5601
    networks:
      - elastic
    healthcheck:
      interval: 10s
      retries: 20
      test: curl --write-out 'HTTP %{http_code}' --fail --silent --output /dev/null http://localhost:5601/api/status
  filebeat:
    depends_on:
      elasticsearch:
        condition: service_healthy
      kibana:
        condition: service_healthy
    image: docker.elastic.co/beats/filebeat:7.13.2
    container_name: filebeat
    user: root
    volumes:
      - ./filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro
      - /var/lib/docker:/var/lib/docker:ro
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - elastic
volumes:
  esdata:
    driver: local
networks:
  elastic:
    driver: bridge

Steps to reproduce:

Run the above docker-compose file with Nodejs agent and we can't see the log messages on Logs app

Provide logs and/or server output (if relevant):
Logs which I are generated and are logged on my node js agent are

{"@timestamp":"2021-08-08T10:55:23.452Z","log.level":"info","message":"hi","ecs":{"version":"1.6.0"},"event":{"dataset":"was-backend.log"},"service":{"name":"was-backend"}}

{"@timestamp":"2021-08-08T10:55:23.454Z","log.level":"error","message":"oops there is a problem","ecs":{"version":"1.6.0"},"event":{"dataset":"was-backend.log"},"service":{"name":"was-backend"},"error":{"type":"Error","message":"boom","stack_trace":"Error: boom\n at Object.<anonymous> (/usr/src/app/src/server.js:31:48)\n at Module._compile (internal/modules/cjs/loader.js:1085:14)\n at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)\n at Module.load (internal/modules/cjs/loader.js:950:32)\n at Function.Module._load (internal/modules/cjs/loader.js:790:14)\n at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)\n at internal/main/run_main_module.js:17:47"}}

Please help me resolve this issue ASAP. Thanks in advance

axw · August 9, 2021, 12:58am

However using Filebeat I am able to get the log messages displayed on Logs app under observability. But I want to use apm-server to handle the logs to display on Logs app. Please help me to configure with the apm-server to display the Logs.

apm-server does not currently support receiving logs. Using Filebeat is the way to go.

Santhosh_Reddy · August 9, 2021, 3:38am

Hi Andrew,

Using just apm-server also I am receiving the logs but message attribute is not getting populated in the Logs app. And also message of HTTP request logs which are getting logged via Morgan library is getting populated on Logs app.

And also documentation of apm-server here mentions to configure the apm-server and this specific article here mentions configuring the logging attributes to configure with apm-server.

I guess modifying something on apm-server.yml file will help me populate the message attribute in logs app. Could you please help me with understanding the configuration of logs in apm-server.

axw · August 9, 2021, 9:29am

Using just apm-server also I am receiving the logs but message attribute is not getting populated in the Logs app. And also message of HTTP request logs which are getting logged via Morgan library is getting populated on Logs app.

How did you get logs into Elasticsearch through apm-server? Your initial post shows config with Filebeat and talks about using winston-elasticsearch. Can you please explain your alternative configuration where you use neither winston-elasticsearch nor Filebeat?

This is about apm-server's own logging, not for capturing application logs.

Santhosh_Reddy · August 9, 2021, 2:47pm

This is about apm-server's own logging, not for capturing application logs.

Thanks Andrew , this line answers my question.

system · August 30, 2021, 10:47am

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.