This document outlines the protocol and semantic conventions for Red Hat OpenShift Logging’s OpenTelemetry support with Logging 6.1.
The OpenTelemetry Protocol (OTLP) output log forwarder is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope. |
Red Hat OpenShift Logging collects and forwards logs to OpenTelemetry endpoints using OTLP Specification. OTLP encodes, transports, and delivers telemetry data. You can also deploy Loki storage, which provides an OTLP endpont to ingest log streams. This document defines the semantic conventions for the logs collected from various OpenShift cluster sources.
The log collector in this solution gathers the following log streams:
Container logs
Cluster node journal logs
Cluster node auditd logs
Kubernetes and OpenShift API server logs
OpenShift Virtual Network (OVN) logs
You can forward these streams according to the semantic conventions defined by OpenTelemetry semantic attributes. The semantic conventions in OpenTelemetry define a resource as an immutable representation of the entity producing telemetry, identified by attributes. For example, a process running in a container includes attributes such as container_name
, cluster_id
, pod_name
, namespace
, and possibly deployment
or app_name
. These attributes are grouped under the resource object, which helps reduce repetition and optimizes log transmission as telemetry data.
In addition to resource attributes, logs might also contain scope attributes specific to instrumentation libraries and log attributes specific to each log entry. These attributes provide greater detail about each log entry and enhance filtering capabilities when querying logs in storage.
The following sections define the attributes that are generally forwarded.
All log streams include the following log data fields:
The Applicable Sources column indicates which log sources each field applies to:
all
: This field is present in all logs.
container
: This field is present in Kubernetes container logs, both application and infrastructure.
audit
: This field is present in Kubernetes, OpenShift API, and OVN logs.
auditd
: This field is present in node auditd logs.
journal
: This field is present in node journal logs.
Name | Applicable Sources | Comment |
---|---|---|
|
all |
|
|
all |
|
|
all |
|
|
container, journal |
|
|
all |
(Optional) Present when forwarding stream specific attributes |
Log entries include a set of resource, scope, and log attributes based on their source, as described in the following table.
The Location column specifies the type of attribute:
resource
: Indicates a resource attribute
scope
: Indicates a scope attribute
log
: Indicates a log attribute
The Storage column indicates whether the attribute is stored in a LokiStack using the default openshift-logging
mode and specifies where the attribute is stored:
stream label
:
Enables efficient filtering and querying based on specific labels.
Can be labeled as required
if the Loki Operator enforces this attribute in the configuration.
structured metadata
:
Allows for detailed filtering and storage of key-value pairs.
Enables users to use direct labels for streamlined queries without requiring JSON parsing.
With OTLP, users can filter queries directly by labels rather than using JSON parsing, improving the speed and efficiency of queries.
Name | Location | Applicable Sources | Storage (LokiStack) | Comment |
---|---|---|---|---|
|
resource |
all |
required stream label |
(DEPRECATED) Compatibility attribute, contains same information as |
|
resource |
all |
required stream label |
(DEPRECATED) Compatibility attribute, contains same information as |
|
resource |
container |
stream label |
(DEPRECATED) Compatibility attribute, contains same information as |
|
resource |
all |
stream label |
(DEPRECATED) Compatibility attribute, contains same information as |
|
resource |
container |
required stream label |
(DEPRECATED) Compatibility attribute, contains same information as |
|
resource |
container |
stream label |
(DEPRECATED) Compatibility attribute, contains same information as |
|
resource |
all |
(DEPRECATED) Compatibility attribute, contains same information as |
|
|
log |
container, journal |
(DEPRECATED) Compatibility attribute, contains same information as |
|
|
resource |
all |
required stream label |
|
|
resource |
all |
required stream label |
|
|
resource |
all |
required stream label |
|
|
resource |
all |
structured metadata |
|
|
resource |
all |
stream label |
|
|
resource |
container |
required stream label |
|
|
resource |
container |
stream label |
|
|
resource |
container |
structured metadata |
|
|
resource |
container |
stream label |
|
|
resource |
container |
structured metadata |
|
|
resource |
container |
stream label |
Conditionally forwarded based on creator of pod |
|
resource |
container |
stream label |
Conditionally forwarded based on creator of pod |
|
resource |
container |
stream label |
Conditionally forwarded based on creator of pod |
|
resource |
container |
stream label |
Conditionally forwarded based on creator of pod |
|
resource |
container |
structured metadata |
Conditionally forwarded based on creator of pod |
|
resource |
container |
stream label |
Conditionally forwarded based on creator of pod |
|
log |
container |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
log |
audit |
structured metadata |
|
|
resource |
journal |
structured metadata |
|
|
resource |
journal |
structured metadata |
|
|
resource |
journal |
structured metadata |
|
|
resource |
journal |
structured metadata |
|
|
resource |
journal |
stream label |
|
|
log |
journal |
structured metadata |
|
|
log |
journal |
structured metadata |
Attributes marked as Compatibility attribute support minimal backward compatibility with the ViaQ data model. These attributes are deprecated and function as a compatibility layer to ensure continued UI functionality. These attributes will remain supported until the Logging UI fully supports the OpenTelemetry counterparts in future releases. |
Loki changes the attribute names when persisting them to storage. The names will be lowercased, and all characters in the set: (.
,/
,-
) will be replaced by underscores (_
). For example, k8s.namespace.name
will become k8s_namespace_name
.