I am testing the elastic stack (8.6.0) with kibana (8.6.0) and elastic agent
I have a question regarding the elastic APM java agent 1.35.0.
I have docker container running a java app and I have started the java app with the following JAVA option in order to send my application performance to elastic:
This is working almost fine (In kibana observability, I can see my apm service overview, transactions, dependencies,errors...) which is really good !!
But I cannot see any log. I guess it comes from the fact that I am following the 12 factors and I send my java logs to STDOUT.
Is there a way to retrieve those logs using the apm java agent which runs inside my container (without modifying my source code) ?
You might need to change your source code if you're not using a logging framework supported. Or decide to ship the logs to file, and then use filebeat to ship the log.
For completeness, we just added a new section to explain the possible log ingestion strategies in the documentation:
I'ts in main branch, but it also applies to already released versions.
In you case, using the APM agent ECS reformatting option could be relevant, it allows to reformat your application logs directly to ECS format without modifying the application code.
Once this is done, all you have to do is to add the filebeat to ingest the ECS reformatted logs.
The Java agent will soon be able to send the logs directly to apm-server, thus ingestion could be done without filebeat.
Thank you for you answers, you are right, I have to install filebeat to retrieve logs.
The documentation mislead me.
I'm waiting for the release of version 1.36 of apm server in order not to have to install multiple client for sending logs/apm/metrics.
Hi @_Arnaud , it is the Java agent version 1.36.0 (which will likely be available soon) that will include the ability to send logs. It also requires 8.6.0 or later for apm-server and other parts of the stack.
Please note that there are a few limitations with log sending through the Java agent, as it is an experimental feature for now (which just means it might evolve a bit before being GA). For example, the log attributes are not all processed as they would through the usual filebeat ingestion.
On a related note, I have started creating an end-to-end example of log ingestion when combined with the Java agent, so you'll soon have a few examples to help you setup your app: ingest logs with java app by SylvainJuge · Pull Request #65 · elastic/apm-contrib · GitHub, as I am writing this, it currently contains plaintext log file ingestion with filebeat (which I don't recommend for simplicity), but will also contain ECS logging (with an extra logger dependency in the app), ECS reformatting (with the agent) and log sending.
Thank you very much for the explanation @Sylvain_Juge. The current documentation confused me also as I thought it should be possible to include all logs via the java apm agent.
Do you know when 1.36.0 will be released and/or is there a possibility to access SNAPSHOT Releases for testing purposes?
I love the linked Pull Request #65, as it was the missing piece, which helped me to understand how to integrate logs also via filebeat from Spring. Thank you very much for sharing. As I am using the filebeat.autodiscover with type:kubernetes, and hints.enabled: true I had to annotate my container with the following hints to get filebeat correctly translate the ECS Formatted Logs:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.