Open Metal-Mighty opened 1 year ago
Mandur
commented
1 year ago Hello @metal-mighty,
Could you please give some details about the issue, in my Azure Log management I am seeing correctly the timecreated of each log line (cf below)
When using docker logs are you using the -t option? For me this seems to add the timestamp as expected.
Let me know if I am missing something or if you would want to discuss this orally
Metal-Mighty
commented
1 year ago Hi !
Since we don't always have a SSH access to our IoT Edge machines, we usually use the Troubleshoot view on the Azure Edge Device modules as a last resort (which happens more often than we'd like...) and it doesn't display the timestamps.
I don't think I have ever seen this log view, is that related to the observability implementation described in the documentation? I think it would be helpful if we could query the logs like you do, but I feel like adding the timestamps to the logs in Troubleshoot could help too for quick debugging. I don't know if that's up to you or another team dedicated to the IoT Hub Azure resource though.
I didn't know the -t option on the docker logs command though so thanks for that :)
Mandur
commented
1 year ago As far as I know Docker generates timestamps attached to each logs, this is how the -t command (and the Azure monitor) is able to get the emission time. The screenshot above is coming from our CI using Azure monitor (I think you are using ELK and not Azure monitor).
I am not a filebeat specialist, but based on diverse articles, it seems that filebeat do take the docker timestamp by default (source : https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-container.html), can you paste your logfile config here to compare?
Are you sure you don't have this timestamp field exposed in your logs? I would recommend asking this question to a filebeat specialist as it is not a technology I am very familiar with.
Metal-Mighty
commented
1 year ago Ah there might be a misunderstanding: we don't have any issue when publishing the logs in our ELK, but they aren't always deployed in our production environments. Each of our clients have to deploy machines to handle our logs and forward them to our main ELK instance, but this deployment is handled by another team and isn't in sync with our deployments.
That's why we rely a lot on the Troubleshoot screen in the Aure IoT Hub's Edge Devices, even more so when we don't have a direct access to the clients' machines (mainly due to security), and why the lack of timestamps on this particular screen can impact us.
Is your feature request related to a problem? Please describe. The lack of timestamps in the LNS logs sometimes makes it hard to debug issues while using Azure's troubleshooting tools or Docker containers logs.
Describe the solution you'd like Pending a possible implementation of log formatters (see #1131), a date/time before the actual log would help a lot. I would expect it to be in UTC for consistency across various timezones.
Describe alternatives you've considered
Additional context