search

open-telemetry / opentelemetry-collector-contrib

Contrib repository for the OpenTelemetry Collector
https://opentelemetry.io
Apache License 2.0
2.95k stars 2.29k forks source link

Webhookevent receiver timestamp not set #33702

Open sdejong629 opened 3 months ago

sdejong629 commented 3 months ago

Component(s)

receiver/webhookevent

What happened?

Description

We export minio audit logs to an opentelemetry webhook_event_receiver, but no timestamp is set anywhere in the resulting logs. Clickhouse uses the timestamp to calculate the TTL of the log entries. The TTL expires immediately after the log has entered the system

Steps to Reproduce

  1. Configure a webhook event receiver in opentelemetry
  2. Configure for example minio auditing to send events to the local webhook event receiver: https://min.io/docs/minio/windows/operations/monitoring/minio-logging.html
  3. Export Log the file to a file and find no timestamp in the log entry
  4. Export the log to clickhouse and find that the timestamp is set to 1-1-1970

Expected Result

The expected result would be that a timestamp is set for at least the moment of receiving the event or maybe grab it from the minio logs itself (schema at https://min.io/docs/minio/windows/operations/monitoring/minio-logging.html#audit-log-structure) or some way to point the webhookeventreceiver where to get it's timestamp from.

Actual Result

No timestamp is set for a given log entry. Clickhouse for example therefor removes all logs after the TTL has expired (which is pretty much immediately)

Collector version

0.102.0

Environment information

Environment

Otel client on Ubuntu 22.04 Otel gateway on docker on Ubuntu 22.04

OpenTelemetry Collector configuration

receivers:
  webhookevent/minio_audit:
    endpoint: 0.0.0.0:9191
    read_timeout: "500ms"
    path: "/minio_audit/receiver"
    health_path: "/minio_audit/healthcheck"

processors:
  batch:

exporters:
  file/minio_audit:
    path: /data/logs/audit_logs.json
    rotation:
      max_backups: 10

service:
  extensions:
    - basicauth/logs
  pipelines:
    logs/minio_audit:
      receivers:
        - webhookevent/minio_audit
      processors:
        - batch
      exporters: [file/minio_audit]

Log output

{
  "resource": {
    "attributes": []
  },
  "scopeLogs": [
    {
      "scope": {
        "name": "otlp/webhookevent",
        "version": "0.102.0",
        "attributes": [
          {
            "key": "source",
            "value": {
              "stringValue": "webhookevent/minio_audit"
            }
          },
          {
            "key": "receiver",
            "value": {
              "stringValue": "webhookevent"
            }
          }
        ]
      },
      "logRecords": [
        {
          "body": {
            "stringValue": "REDACTED"
          },
          "traceId": "",
          "spanId": ""
        }
      ]
    }
  ],
  "schemaUrl": "https://opentelemetry.io/schemas/1.6.1"
}

Additional context

No response

github-actions[bot] commented 3 months ago

Pinging code owners:

shalper2 commented 3 months ago

Hey thanks for the issue! I think that there should be a timestamp set at the log level when the receiver gets an event (PR to follow). I would like to point out though that this value will have a different meaning than the time value in the event's payload.

sdejong629 commented 3 months ago

That's okay, at least this will be an indication of time at least

github-actions[bot] commented 1 month ago

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.