[SplunkHecReceiver] Add resource configuration for custom metadata #21466
Comments
|
@splunkericl not sure why do we need to add this functionality to the receiver. You can add any attributes with additional processor in your pipeline: That the purpose of the resource processor |
|
However, resource processor will apply to every event. We are interested to know which events come from what receivers. Our pipeline can have data from different receivers and we want the unique resource attribute for each receiver. The ultimate use case is showing the data topology going through. |
|
Can you define different pipelines with different processors? |
|
So an example pipeline:
|
|
There is no difference from us between having a pipeline with 3 receivers or 3 pipelines with one receiver. It helps with metrics since each pipeline gets its own metrics iirc. The resource processor extends the attributes processor, so you should be able in any case to express a match on the data flowing through the pipeline to tag selectively based on the data properties: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/attributesprocessor/README.md |
|
Most of the receivers set Scope Name field on the emitted data like |
I was wrong, sorry. The resource processor does not allow matching. It's likely the transform processor would be more versatile for your use case.
I checked and we don't currently set the scope name in the HEC receiver, that can certainly be added. |
This helps to identify which receiver it comes from. But we still need one metadata, |
So you want to have different instances of HEC receivers in one pipeline? |
That is also a possibility in the future. But for today's use case, our processor is shared among different pipeline so it needs a way to identify which HEC receiver is sending the data. So an example is:
If the processor only checks the scope name, it wouldn't know if it is id1 or id2 sending the data, correct? Unless there are other metadata that let us identify them that I am missing? |
|
If you already have several pipelines, why don't just add different resource processors in each of them? log/pipeline_1:
receivers:
- splunkhec/id1
processors:
- resource/a
- customProcessor
log/pipeline_2:
receivers:
- splunkhec/id2
processors:
- resource/b
- customProcessorwhere processors:
resource/a:
attributes:
- action: insert
key: datasetName
value: a
resource/b:
attributes:
- action: insert
key: datasetName
value: b |
|
This would work if we only have one receiver but the pipeline can have other receivers too: And since resource processor doesn't support conditional statements, it would amend dataset name for all log records. |
|
Ok, then instead of resource processor you can use transform processor transform:
log_statements:
- context: log
statements:
- set(attributes["datasetName"], "a") where instrumentation_scope.name == "otelcol/splunkhec"
- set(attributes["datasetName"], "b") where instrumentation_scope.name == "otelcol/syslog"
- set(attributes["datasetName"], "c") where instrumentation_scope.name == "otelcol/s2s" |
|
ok. This should work. Just to double check, And will the instrumentation scope change for hecreceiver as part of 21382? |
It sets attributes on a plog.LogRecord, but it doesn't matter if you use hec exporter. If you need them on ResourAttributes for any other reason, you can add https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/groupbyattrsprocessor |
If we put these on attributes inside Group by processor doesn't seem to remove log attributes but simply group these records? |
|
Yes, you would have to remove them anyway. It doesn't matter whether they are set on resources or log records. |
|
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping |
|
This issue has been closed as inactive because it has been stale for 120 days with no activity. |
Is your feature request related to a problem? Please describe.
As an user of SplunkHecReceiver, I want to add my own custom metadata as part of the resources for the log records and metrics. Our application requires these metadata to identify which receiver is sending data in the processor and observe metrics on our processor.
Describe the solution you'd like
A new config option is added:
When log records are created, what is specified in the resources are appended as part of the resources.
Describe alternatives you've considered
Adding stanza libs similar to filelogreceiver and syslogreceiver. However, these operators can't be added easily on top of the existing http server.
The text was updated successfully, but these errors were encountered: