Unable to see trace id or transaction info in logs

pocketcolin · February 23, 2023, 9:59pm

I currently have a NodeJS server passing logs to a Logstash server with a TCP tunnel using a Winston transport. Logs make it through all the way to my Elastic Cloud hosted Elasticsearch and pretty much everything looks good except the logs are missing the trace id and transaction information. When I use a stdout transport with Winston to check the logs I can see the trace and transaction info. Here's an example log:

{"@timestamp":"2023-02-23T21:41:51.479Z","log.level":"info","message":"END: [POST] /api/functions/example-endpoint","ecs":{"version":"1.6.0"},"event":{"dataset":"render-server.log"},"trace":{"id":"35f2bd0ade620fe6613938094020834f"},"transaction":{"id":"074126be6d79359d"},"service":{"name":"render-server"},"path":"/api/functions/example-endpoint"}

I am using the elastic-apm-node package to run APM on the node server and decorate the logs with the transaction data. I then use this Winston Logstash package to transport the data to Logstash. In the Logstash logs, I also don't see the trace id or transaction info. Example Logstash log:

Feb 23 05:09:57 PM  {
Feb 23 05:09:57 PM           "event" => {
Feb 23 05:09:57 PM          "original" => "{\"path\":\"/api/functions/example-endpoint\",\"level\":\"info\",\"message\":\"END: [POST] /api/functions/example-endpoint\"}"
Feb 23 05:09:57 PM      },
Feb 23 05:09:57 PM            "path" => "/api/functions/example-endpoint",
Feb 23 05:09:57 PM      "@timestamp" => 2023-02-23T22:09:57.455923359Z,
Feb 23 05:09:57 PM           "level" => "info",
Feb 23 05:09:57 PM         "message" => "END: [POST] /api/functions/example-endpoint",
Feb 23 05:09:57 PM        "@version" => "1"
Feb 23 05:09:57 PM  }

Any thoughts on what I can test? What might be the issue here?

leandrojmp · February 23, 2023, 10:30pm

What does your logstash configuration looks like?

pocketcolin · February 23, 2023, 10:46pm

input {
    tcp {
        port => "10000"
    }
}

filter {
    json {
        source => "message"
    }
}

output {
    elasticsearch {
        cloud_id => "${CLOUD_ID}"
        cloud_auth => "${CLOUD_AUTH}"
        data_stream => "true"
    }
}

leandrojmp · February 24, 2023, 12:08am

Where is this message from? Is this the input for Logstash?

pocketcolin · February 24, 2023, 3:48am

Correct. That should be the input for Logstash. I mean I guess the Winston transport that is sending it via TCP could be mutating it but unlikely.

Badger · February 24, 2023, 4:13am

pocketcolin:

Feb 23 05:09:57 PM           "event" => {
Feb 23 05:09:57 PM          "original" => "{\"path\":\"/api/functions/example-endpoint\",\"level\":\"info\",\"message\":\"END: [POST] /api/functions/example-endpoint\"}"

The event that arrives at logstash does not contain the

"ecs":{"version":"1.6.0"},"event":{"dataset":"render-server.log"},"trace":{"id":"35f2bd0ade620fe6613938094020834f"},"transaction":{"id":"074126be6d79359d"},"service":{"name":"render-server"},

that you expect.

pocketcolin · February 24, 2023, 4:01pm

So it seems like you were right Badger. Unfortunately, it looks like that Winston transport package was doing some sort of mutation to the object being sent over and removing the transaction information. I swapped it out for the Pino logger and socket transport and everything is working now. Thanks for your time!

system · March 24, 2023, 4:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to see full trace in Express Server (missing Mongo Instrumentation?) APM docker , nodejs	4	553	March 20, 2023
Trace Ids not added on uncaught exceptions - ecsFormat()? APM nodejs	1	396	June 20, 2022
Logs Do Not Appear In APM, Although Correlation Info Is Present Kibana	14	5898	January 5, 2022
Node Elastic APM agent. Transactions missing trace samples, timeline and metadata APM nodejs	1	452	October 16, 2023
Transaction is not logging in elastic Kibana	2	153	August 7, 2023

Unable to see trace id or transaction info in logs

Related topics