The latest articles on Forem by Dimitris Verraros (@vervas). https://forem.com/vervas https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3157108%2F421b633c-537b-4f82-814a-364710e8fa26.jpeg https://forem.com/vervas en Dimitris Verraros Thu, 15 May 2025 09:18:34 +0000 https://forem.com/vervas/log-me-baby-2np2 https://forem.com/vervas/log-me-baby-2np2 <p>A couple of months ago I joined <a href="https://www.cloudrift.ai/" rel="noopener noreferrer">CloudRift</a>, tagging along my long time peer <a href="https://medium.com/@dmitrytrifonov" rel="noopener noreferrer">Dmitry</a> in his new venture. One of the first things that came up was setting up log aggregation — something many projects start without, but quickly realize they need after spinning up more than one server.</p> <p>It should be a mundane task after having done this a few times, but yet again, there is a twist and something new to discover. I pull out my usual cards and start with ELK, since even though there are serious contenders out there, I still find Kibana unbeatable, and most people love it.</p> <p>CloudRift deploys its agents on pools of nodes which in turn communicate with an orchestrator that acts as a centralized resource broker. While in most scenarios log forwarding is handled by a daemon, like filebeat or fluentd, with CloudRift we want to push the logs directly from every instance to simplify installation in various environments. And this is where the fun starts...</p> <h2> Who is this for? </h2> <p>This is going to be a detailed technical post on how to approach log aggregation. While it assumes a technical background, it should be fairly easy to follow as a beginner. It can also be a good read if you are revisiting this problem and you want to know how OpenTelemetry can play into it. Finally, it can be a high-protein meal for your AI agent tasked with implementing a logging pipeline.</p> <p>If it is time to ship the logs of your Rust application to Elasticsearch, go ahead and read on.</p> <h2> The Spectacular Work of Log Forwarding </h2> <p>This seems trivial on the surface. With Elasticsearch on the backend, having SDKs in most popular programming languages, we should be able to push the logs with a few lines of code. This would work but would disregard many of the caveats of log forwarding. Here are a few:</p> <ul> <li>Buffering</li> <li>Batching</li> <li>Retries</li> <li>Non-blocking</li> </ul> <p>All these aspects are normally handled by the log forwarding daemon, but in this case, we have to take care of them while making sure we don't drop any logs or crash the application. To my delight, the <a href="https://opentelemetry.io/" rel="noopener noreferrer">OpenTelemetry</a> project has made great advances. And this feels like the right time to jump into it.</p> <h2> OpenTelemetry meets Rust </h2> <p>CloudRift is written in Rust and is already using <a href="https://github.com/tokio-rs/tracing" rel="noopener noreferrer">tracing</a>. The OpenTelemetry project has a <a href="https://github.com/open-telemetry/opentelemetry-rust" rel="noopener noreferrer">Rust SDK</a>, which in turn integrates with the tracing framework, so this looks like a no-brainer.</p> <p>The puzzle is getting complete with the addition of the <a href="https://github.com/open-telemetry/opentelemetry-collector" rel="noopener noreferrer">OpenTelemetry collector</a>. It is the layer that connects the generic OpenTelemetry exporter to the specific backend, which in our case is Elasticsearch.</p> <p>Here is a diagram outlining the desired flow:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7u9s2p0e28oxchf6za2g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7u9s2p0e28oxchf6za2g.png" alt="OpenTelemetry Log Pipeline" width="800" height="196"></a></p> <p>Our application instances will be pushing the tracing logs to the OpenTelemetry collector, which in turn will format them and write them as JSON documents to Elasticsearch.</p> <p>So let's go ahead and get this up and running.</p> <h2> Getting down with the setup </h2> <p>As usual, it is sensible to develop a prototype that runs locally. With some help from AI and a few minor edits we get our first docker-compose:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">elasticsearch</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">docker.elastic.co/elasticsearch/elasticsearch:9.0.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">elasticsearch</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node.name=elasticsearch</span> <span class="pi">-</span> <span class="s">cluster.name=es-docker-cluster</span> <span class="pi">-</span> <span class="s">discovery.type=single-node</span> <span class="pi">-</span> <span class="s">bootstrap.memory_lock=true</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">ES_JAVA_OPTS=-Xms512m</span><span class="nv"> </span><span class="s">-Xmx512m</span><span class="nv"> </span><span class="s">-Djava.security.egd=file:/dev/./urandom"</span> <span class="pi">-</span> <span class="s">xpack.security.enabled=false</span> <span class="na">ulimits</span><span class="pi">:</span> <span class="na">memlock</span><span class="pi">:</span> <span class="na">soft</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">hard</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elasticsearch-data:/usr/share/elasticsearch/data</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">127.0.0.1:9200:9200</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elk-network</span> <span class="c1"># Kibana: Web UI for visualizing and searching logs</span> <span class="na">kibana</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">docker.elastic.co/kibana/kibana:9.0.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">kibana</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ELASTICSEARCH_HOSTS=http://elasticsearch:9200</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">127.0.0.1:5601:5601</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elasticsearch</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elk-network</span> <span class="c1"># OpenTelemetry Collector: Receives OTLP logs and forwards to Elasticsearch</span> <span class="na">otel-collector</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">otel/opentelemetry-collector-contrib:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">otel-collector</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">--config=/etc/otel-collector-config.yaml"</span> <span class="pi">]</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./otel-collector-config.yaml:/etc/otel-collector-config.yaml:ro</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SERVICE_NAME=rift</span> <span class="pi">-</span> <span class="s">SERVICE_ENVIRONMENT=production</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">127.0.0.1:4318:4318</span> <span class="c1"># OTLP HTTP receiver</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elasticsearch</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elk-network</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">elk-network</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">bridge</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">elasticsearch-data</span><span class="pi">:</span> </code></pre> </div> <p>And in turn our collector config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">receivers</span><span class="pi">:</span> <span class="na">otlp</span><span class="pi">:</span> <span class="na">protocols</span><span class="pi">:</span> <span class="na">http</span><span class="pi">:</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="s">0.0.0.0:4318</span> <span class="na">processors</span><span class="pi">:</span> <span class="na">batch</span><span class="pi">:</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">1s</span> <span class="na">memory_limiter</span><span class="pi">:</span> <span class="na">check_interval</span><span class="pi">:</span> <span class="s">1s</span> <span class="na">limit_mib</span><span class="pi">:</span> <span class="m">1000</span> <span class="na">resource</span><span class="pi">:</span> <span class="na">attributes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">service.environment</span> <span class="na">value</span><span class="pi">:</span> <span class="s">${SERVICE_ENVIRONMENT}</span> <span class="na">action</span><span class="pi">:</span> <span class="s">upsert</span> <span class="na">exporters</span><span class="pi">:</span> <span class="na">elasticsearch/logs</span><span class="pi">:</span> <span class="na">endpoints</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">http://elasticsearch:9200"</span> <span class="pi">]</span> <span class="na">logstash_format</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">service</span><span class="pi">:</span> <span class="na">pipelines</span><span class="pi">:</span> <span class="na">logs</span><span class="pi">:</span> <span class="na">receivers</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">otlp</span> <span class="pi">]</span> <span class="na">processors</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">batch</span><span class="pi">,</span> <span class="nv">memory_limiter</span><span class="pi">,</span> <span class="nv">resource</span> <span class="pi">]</span> <span class="na">exporters</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">elasticsearch/logs</span> <span class="pi">]</span> </code></pre> </div> <p>This is a lot to digest and probably the most important bit of the setup so let's break it down:</p> <h3> Receivers </h3> <p>First we define the collector's <a href="https://github.com/open-telemetry/opentelemetry-collector/blob/main/receiver/otlpreceiver/" rel="noopener noreferrer">OTLP receiver</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">receivers</span><span class="pi">:</span> <span class="na">otlp</span><span class="pi">:</span> <span class="na">protocols</span><span class="pi">:</span> <span class="na">http</span><span class="pi">:</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="s">0.0.0.0:4318</span> </code></pre> </div> <p>There is nothing complicated here. We listen to HTTP on port 4318, which is the default for OTLP. We could additionally use gRPC if we wanted but HTTP is sufficient for us at the moment.</p> <h3> Processors </h3> <p>Next we define the <a href="https://github.com/open-telemetry/opentelemetry-collector/blob/main/processor/" rel="noopener noreferrer">processor</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">processors</span><span class="pi">:</span> <span class="na">batch</span><span class="pi">:</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">1s</span> <span class="na">memory_limiter</span><span class="pi">:</span> <span class="na">check_interval</span><span class="pi">:</span> <span class="s">1s</span> <span class="na">limit_mib</span><span class="pi">:</span> <span class="m">1000</span> <span class="na">resource</span><span class="pi">:</span> <span class="na">attributes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">service.environment</span> <span class="na">value</span><span class="pi">:</span> <span class="s">${SERVICE_ENVIRONMENT}</span> <span class="na">action</span><span class="pi">:</span> <span class="s">upsert</span> </code></pre> </div> <p>This is one of the most important parts of the collector. It is responsible for processing the data that is received and handling aspects like batching and rate limiting. This ensures that the collector doesn't overload the backend while adding useful metadata. In our case, it aggregates logs in batches of 1 second and limits the memory usage to 1000 MiB. The batch timeout can be easily increased. A lower value is gives a more real-time view of the logs, while a higher value is relatively more efficient by reducing the number of requests to the backend. A lower value is also useful for testing to facilitate more instant feedback.</p> <p>While the batch and memory processors are part of the core collector repository, the resource processor is part of the contrib collection. The resource processor is particularly useful for adding common metadata to all telemetry data passing through the collector. For example, we can use it to amend our logs with the service name and environment to enrich the information that is sent to the backend. You can read more about it <a href="https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/resourceprocessor" rel="noopener noreferrer">here</a>.</p> <h3> Exporters </h3> <p>The exporter is the part of the collector that actually sends the data to the backend. In our case we are using the <a href="https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/elasticsearchexporter" rel="noopener noreferrer">Elasticsearch exporter</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">exporters</span><span class="pi">:</span> <span class="na">elasticsearch/logs</span><span class="pi">:</span> <span class="na">endpoints</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">http://elasticsearch:9200"</span> <span class="pi">]</span> <span class="na">logstash_format</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>Here you can tweak many settings about how the logs are shipped to Elasticsearch. In our case we are simply setting the endpoint to our local Elasticsearch instance which is routed to the elasticsearch service defined our docker-compose file. Additionally, we enable the Logstash format to automatically create indices on a daily basis. This is pretty useful when it comes to log retention since it is very easy to delete old elasticsearch indices, while purging logs from a big index is nearly impossible. One can further expand the possible settings to tune the exporter to your needs like flush interval, timeout, retries, etc. For now, we rely on the defaults but more details can be found <a href="https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/elasticsearchexporter/README.md" rel="noopener noreferrer">here</a>.</p> <h3> Service </h3> <p>Finally, we define the <a href="https://opentelemetry.io/docs/collector/configuration/#service" rel="noopener noreferrer">service section</a>. This is where we put together the components defined above to create the final pipeline.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">service</span><span class="pi">:</span> <span class="na">pipelines</span><span class="pi">:</span> <span class="na">logs</span><span class="pi">:</span> <span class="na">receivers</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">otlp</span> <span class="pi">]</span> <span class="na">processors</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">batch</span><span class="pi">,</span> <span class="nv">memory_limiter</span><span class="pi">,</span> <span class="nv">resource</span> <span class="pi">]</span> <span class="na">exporters</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">elasticsearch/logs</span> <span class="pi">]</span> </code></pre> </div> <p>We are collecting logs from the OTLP receiver, processing them with the defined processors and exporting them with the Elasticsearch exporter. Later this is the section where we can add extensions like authentication.</p> <h2> OTEL Log Appender for tracing </h2> <p>This has been pretty straightforward so far. Now comes the time when we integrate the OpenTelemetry log appender with our application. We will use the <a href="https://github.com/open-telemetry/opentelemetry-rust/blob/main/opentelemetry-appender-tracing/README.md" rel="noopener noreferrer">OTEL tracing appender</a>.</p> <p>The README has no instructions on how to use it, but thankfully there is an <a href="https://github.com/open-telemetry/opentelemetry-rust/blob/main/opentelemetry-appender-tracing/examples/basic.rs" rel="noopener noreferrer">example</a> to start with. Since we already have tracing set up, we can simply create the <code>otel_layer</code> and just add it to the tracing registry:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">use</span> <span class="nn">opentelemetry_appender_tracing</span><span class="p">::</span><span class="n">layer</span><span class="p">;</span> <span class="k">use</span> <span class="nn">opentelemetry_sdk</span><span class="p">::{</span><span class="nn">logs</span><span class="p">::</span><span class="n">SdkLoggerProvider</span><span class="p">,</span> <span class="n">Resource</span><span class="p">};</span> <span class="k">use</span> <span class="nn">tracing</span><span class="p">::</span><span class="n">error</span><span class="p">;</span> <span class="k">use</span> <span class="nn">tracing_subscriber</span><span class="p">::{</span><span class="nn">prelude</span><span class="p">::</span><span class="o">*</span><span class="p">,</span> <span class="n">EnvFilter</span><span class="p">};</span> <span class="k">fn</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="k">let</span> <span class="n">exporter</span> <span class="o">=</span> <span class="nn">opentelemetry_stdout</span><span class="p">::</span><span class="nn">LogExporter</span><span class="p">::</span><span class="nf">default</span><span class="p">();</span> <span class="k">let</span> <span class="n">provider</span><span class="p">:</span> <span class="n">SdkLoggerProvider</span> <span class="o">=</span> <span class="nn">SdkLoggerProvider</span><span class="p">::</span><span class="nf">builder</span><span class="p">()</span> <span class="nf">.with_resource</span><span class="p">(</span> <span class="nn">Resource</span><span class="p">::</span><span class="nf">builder</span><span class="p">()</span> <span class="nf">.with_service_name</span><span class="p">(</span><span class="s">"log-appender-tracing-example"</span><span class="p">)</span> <span class="nf">.build</span><span class="p">(),</span> <span class="p">)</span> <span class="nf">.with_simple_exporter</span><span class="p">(</span><span class="n">exporter</span><span class="p">)</span> <span class="nf">.build</span><span class="p">();</span> <span class="k">let</span> <span class="n">filter_otel</span> <span class="o">=</span> <span class="nn">EnvFilter</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span><span class="s">"info"</span><span class="p">)</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"hyper=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"opentelemetry=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"tonic=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"h2=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"reqwest=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">());</span> <span class="k">let</span> <span class="n">otel_layer</span> <span class="o">=</span> <span class="nn">layer</span><span class="p">::</span><span class="nn">OpenTelemetryTracingBridge</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span><span class="o">&amp;</span><span class="n">provider</span><span class="p">)</span><span class="nf">.with_filter</span><span class="p">(</span><span class="n">filter_otel</span><span class="p">);</span> <span class="nn">tracing_subscriber</span><span class="p">::</span><span class="nf">registry</span><span class="p">()</span> <span class="nf">.with</span><span class="p">(</span><span class="n">otel_layer</span><span class="p">)</span> <span class="nf">.init</span><span class="p">();</span> <span class="nd">error!</span><span class="p">(</span><span class="n">name</span><span class="p">:</span> <span class="s">"my-event-name"</span><span class="p">,</span> <span class="n">target</span><span class="p">:</span> <span class="s">"my-system"</span><span class="p">,</span> <span class="n">event_id</span> <span class="o">=</span> <span class="mi">20</span><span class="p">,</span> <span class="n">user_name</span> <span class="o">=</span> <span class="s">"otel"</span><span class="p">,</span> <span class="n">user_email</span> <span class="o">=</span> <span class="s">"otel@opentelemetry.io"</span><span class="p">,</span> <span class="n">message</span> <span class="o">=</span> <span class="s">"This is an example message"</span><span class="p">);</span> <span class="k">let</span> <span class="n">_</span> <span class="o">=</span> <span class="n">provider</span><span class="nf">.shutdown</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>We put this together and run it, but we quickly stumble upon the compiler error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>error[E0277]: the trait bound `opentelemetry_stdout::LogExporter: opentelemetry_sdk::logs::LogExporter` is not satisfied --&gt; src/main.rs:14:31 </code></pre> </div> <p>For a Rust newbie I start sweating a bit. First I switch to the <code>opentelemetry_otlp::LogExporter</code> and see if this gets me further. The <code>default()</code> constructor is not there anymore, so I go for the builder instead per my IDEs suggestion.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gh">diff --git a/src/main.rs b/src/main.rs index 1af9407..67b10b1 100644 </span><span class="gd">--- a/src/main.rs </span><span class="gi">+++ b/src/main.rs </span><span class="p">@@ -1,10 +1,11 @@</span> use opentelemetry_appender_tracing::layer; <span class="gi">+use opentelemetry_otlp::LogExporter; </span> use opentelemetry_sdk::{logs::SdkLoggerProvider, Resource}; use tracing::error; use tracing_subscriber::{prelude::*, EnvFilter}; <span class="err"> </span> fn main() { <span class="gd">- let exporter = opentelemetry_stdout::LogExporter::default(); </span><span class="gi">+ let exporter = LogExporter::builder().with_http().build().unwrap(); </span> let provider: SdkLoggerProvider = SdkLoggerProvider::builder() .with_resource( Resource::builder() <span class="err"> </span></code></pre> </div> <p>We go ahead with running the program and it successfully completes. No error message in our stdout though so let's check <a href="http://127.0.0.1:5601/app/discover#" rel="noopener noreferrer">Kibana</a>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flbzs8p657zdx70g2ojhn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flbzs8p657zdx70g2ojhn.png" alt="Kibana" width="800" height="575"></a></p> <p>And voilà! We have our first log entry! On the side we can see all the details of the event:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gnk7bg8v2xog7g0vtid.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gnk7bg8v2xog7g0vtid.png" alt="Log entry" width="542" height="713"></a></p> <p>It is interesting to note a few details here. First, the index is automatically created for us on today's date. Second, we can see the service environment attribute that we added to the resource processor. Finally, we can see that each parameter of our log entry is indexed separately unlocking many search capabilities.</p> <h2> Moving to production </h2> <p>Our little POC is working locally, so it is time to make this fly. We are first going to test with pushing our logs to the local exporter which in turn pushes it to the remote Elasticsearch instance. Then we deploy our collector and let our application push its logs to it.</p> <h3> Deploying Elasticsearch </h3> <p>We went for deploying a cloud instance of Elasticsearch offered from their <a href="http://www.elastic.co/cloud" rel="noopener noreferrer">website</a>, however as with the local instance, this setup would work with any Elasticsearch instance. First We need to add the basicauth extension and provide our credentials to it along with the remote Elasticsearch endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code> diff --git a/otel-collector-config.yaml b/otel-collector-config.yaml <span class="gh">index b2a3411..9b45f97 100644 </span><span class="gd">--- a/otel-collector-config.yaml </span><span class="gi">+++ b/otel-collector-config.yaml </span><span class="p">@@ -18,11 +18,20 @@</span> processors: <span class="err"> </span> exporters: elasticsearch/logs: <span class="gd">- endpoints: ["http://elasticsearch:9200"] </span><span class="gi">+ endpoint: "https://****.kb.****.es.io:443" + auth: + authenticator: basicauth </span> logstash_format: enabled: true <span class="err"> </span><span class="gi">+extensions: + basicauth: + client_auth: + username: ******* + password: ******* + </span> service: <span class="gi">+ extensions: [basicauth] </span> pipelines: logs: receivers: [otlp] </code></pre> </div> <p>We wait hoping to see the first log appearing in our remote instance, but instead we get the following error in the collector's logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>2025-04-30T09:57:26.454836419Z 2025-04-30T09:57:26.454Z error elasticsearchexporter@v0.121.0/bulkindexer.go:346 bulk indexer flush error {"otelcol.component.id": "elasticsearch/logs", "otelcol.component.kind": "Exporter", "otelcol.signal": "logs", "error": "flush failed (404): "} </code></pre> </div> <p><code>flush failed (404)</code> This can't be right. Having a closer look though I spot a little <code>.kb.</code> as part of the subdomain of the Elasticsearch dashboard used in our configuration. Clearly this is not the elasticsearch endpoint but the kibana one. Looking into the cloud dashboard of Elastic and I find a place to copy the URL for Elasticsearch from the deployment's management page:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmt9jaieug8ecwppevf7k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmt9jaieug8ecwppevf7k.png" alt="Elastic Management Console" width="474" height="202"></a></p> <p>Funny enough, the only bit that I had to change was <code>.kb.</code> to <code>.es.</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gh">diff --git a/otel-collector-config.yaml b/otel-collector-config.yaml index 9b45f97..f8f9208 100644 </span><span class="gd">--- a/otel-collector-config.yaml </span><span class="gi">+++ b/otel-collector-config.yaml </span><span class="p">@@ -18,7 +18,7 @@</span> processors: <span class="err"> </span> exporters: elasticsearch/logs: <span class="gd">- endpoint: "https://*****.kb.****.es.io:443" </span><span class="gi">+ endpoint: "https://*****.es.****.es.io:443" </span> auth: authenticator: basicauth logstash_format: </code></pre> </div> <p>We try another run of our service and successfully see our log entry in the remote Elasticsearch instance!</p> <p>There is an interesting sidenote here. Instead of the basic auth used in the above example one can also use API keys. At the date of writing, the <a href="https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/elasticsearchexporter/README.md#configuration-options" rel="noopener noreferrer">documentation</a> mentions the <code>api_key</code> option, which was my initial approach, but since there is no example of how to use it, or a complete schema definition, the position of this setting quickly became very elusive. The unorthodox way I managed to get it to work was by following the Kibana onboarding which in turn provides you with zip with some pre-configured settings and a new API key to use with. Eventually, the setting is defined right next to the endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">exporters</span><span class="pi">:</span> <span class="na">elasticsearch/logs</span><span class="pi">:</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://*****.es.****.es.io:443"</span> <span class="na">api_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">BASE64_ENCODED_API_KEY"</span> <span class="s">...</span> </code></pre> </div> <p>More API keys can be created from within Kibana under the security section of the stack management page. This is important since in the case of the cloud offering, it should not be confused with any key management settings provided on that console instead.</p> <h3> Deploying OpenTelemetry Collector </h3> <p>Since the collector is a stateless container, we can easily deploy it anywhere by using the upstream docker image and attaching the complete configuration file to it as a secret considering the sensitive values defined in it. We used Google Cloud's CloudRun service to deploy the collector, which is a serverless platform provided by Google based on Knative. The following is a sample knative service definition that deploys the collector so make sure you adapt to your needs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">serving.knative.dev/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">opentelemetry-collector</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">your-namespace</span> <span class="c1"># Replace with your target namespace</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">opentelemetry-collector</span> <span class="na">annotations</span><span class="pi">:</span> <span class="c1"># Add any relevant Knative or general annotations here</span> <span class="c1"># e.g., autoscaling.knative.dev/minScale: "1"</span> <span class="na">autoscaling.knative.dev/maxScale</span><span class="pi">:</span> <span class="s2">"</span><span class="s">5"</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">opentelemetry-collector</span> <span class="na">annotations</span><span class="pi">:</span> <span class="c1"># Add any relevant pod-level annotations here</span> <span class="c1"># e.g., sidecar.istio.io/inject: "true" if using Istio</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containerConcurrency</span><span class="pi">:</span> <span class="m">80</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="m">300</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">opentelemetry-collector-container</span> <span class="na">image</span><span class="pi">:</span> <span class="s">otel/opentelemetry-collector-contrib:latest</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">--config=/etc/otel/otel-collector-config.yaml</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">otlp-grpc</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">4317</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">otlp-http</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">4318</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">health-check</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">13133</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">SERVICE_NAME</span> <span class="na">value</span><span class="pi">:</span> <span class="s">your-application-name</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DEPLOYMENT_ENVIRONMENT</span> <span class="na">value</span><span class="pi">:</span> <span class="s">your-environment</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">512Mi</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">250m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256Mi</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">otel-collector-config-vol</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/etc/otel</span> <span class="na">startupProbe</span><span class="pi">:</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">3</span> <span class="na">tcpSocket</span><span class="pi">:</span> <span class="na">port</span><span class="pi">:</span> <span class="m">13133</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">otel-collector-config-vol</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">opentelemetry-collector-config</span> <span class="c1"># Name of the K8s secret holding the config</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">otel-collector-config.yaml</span> <span class="c1"># The key in the secret data</span> <span class="na">path</span><span class="pi">:</span> <span class="s">otel-collector-config.yaml</span> <span class="c1"># The filename to mount</span> <span class="na">traffic</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">percent</span><span class="pi">:</span> <span class="m">100</span> <span class="na">latestRevision</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>Our final OTEL configuration looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">receivers</span><span class="pi">:</span> <span class="na">otlp</span><span class="pi">:</span> <span class="na">protocols</span><span class="pi">:</span> <span class="na">http</span><span class="pi">:</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="s">0.0.0.0:4318</span> <span class="na">processors</span><span class="pi">:</span> <span class="na">batch</span><span class="pi">:</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">1s</span> <span class="na">memory_limiter</span><span class="pi">:</span> <span class="na">check_interval</span><span class="pi">:</span> <span class="s">1s</span> <span class="na">limit_mib</span><span class="pi">:</span> <span class="m">1000</span> <span class="na">resource</span><span class="pi">:</span> <span class="na">attributes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">service.environment</span> <span class="na">value</span><span class="pi">:</span> <span class="s">${SERVICE_ENVIRONMENT}</span> <span class="na">action</span><span class="pi">:</span> <span class="s">upsert</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">service.name</span> <span class="na">value</span><span class="pi">:</span> <span class="s">${SERVICE_NAME}</span> <span class="na">action</span><span class="pi">:</span> <span class="s">upsert</span> <span class="na">exporters</span><span class="pi">:</span> <span class="na">elasticsearch/logs</span><span class="pi">:</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="s2">"</span><span class="s">your-elasticsearch-endpoint:port"</span> <span class="na">api_key</span><span class="pi">:</span> <span class="s">${ES_API_KEY}</span> <span class="na">logstash_format</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">service</span><span class="pi">:</span> <span class="na">pipelines</span><span class="pi">:</span> <span class="na">logs</span><span class="pi">:</span> <span class="na">receivers</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">otlp</span><span class="pi">]</span> <span class="na">processors</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">batch</span><span class="pi">,</span> <span class="nv">memory_limiter</span><span class="pi">,</span> <span class="nv">resource</span><span class="pi">]</span> <span class="na">exporters</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">elasticsearch/logs</span><span class="pi">]</span> </code></pre> </div> <p>With this, we deployed our collector remotely as well. Now we need to point our application to it.</p> <h3> Pushing logs to the remote Collector </h3> <p>Let's go back to our application and define the remote collector endpoint. Looking at the <a href="https://github.com/open-telemetry/opentelemetry-rust" rel="noopener noreferrer">docs</a> this is not clearly stated. After a bit of digging, I offload the task to AI and it comes back with the following:</p> <ul> <li>use the environment variable <code>OTEL_EXPORTER_OTLP_ENDPOINT</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">export </span><span class="nv">OTEL_EXPORTER_OTLP_ENDPOINT</span><span class="o">=</span><span class="s2">"http://your-collector-endpoint:4318"</span> cargo run </code></pre> </div> <ul> <li>or use the <code>.with_endpoint</code> method of the LogExporterBuilder </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code> diff --git a/src/main.rs b/src/main.rs <span class="gh">index 67b10b1..f08ff26 100644 </span><span class="gd">--- a/src/main.rs </span><span class="gi">+++ b/src/main.rs </span><span class="p">@@ -1,11 +1,17 @@</span> <span class="p">use opentelemetry_appender_tracing::layer; </span><span class="gd">-use opentelemetry_otlp::LogExporter; </span><span class="gi">+use opentelemetry_otlp::{LogExporter, Protocol, WithExportConfig}; </span><span class="p">use opentelemetry_sdk::{logs::SdkLoggerProvider, Resource}; use tracing::error; use tracing_subscriber::{prelude::*, EnvFilter}; </span><span class="err"> </span><span class="p">fn main() { </span><span class="gd">- let exporter = LogExporter::builder().with_http().build().unwrap(); </span><span class="gi">+ let exporter = LogExporter::builder() + .with_http() + .with_endpoint("http://your-collector-endpoint:4318/v1/logs") + .with_protocol(Protocol::HttpJson) // or Protocol::Grpc + .build() + .unwrap(); + </span> let provider: SdkLoggerProvider = SdkLoggerProvider::builder() .with_resource( Resource::builder() <span class="err"> </span></code></pre> </div> <p>Note an important difference between the above; while the environment variable is good to go without setting any PATH in the URL, the <code>with_endpoint</code> method requires the <code>/v1/logs/</code> PATH to be appended.</p> <p>Here is the complete Rust code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">use</span> <span class="nn">opentelemetry_appender_tracing</span><span class="p">::</span><span class="n">layer</span><span class="p">;</span> <span class="k">use</span> <span class="nn">opentelemetry_otlp</span><span class="p">::{</span><span class="n">LogExporter</span><span class="p">,</span> <span class="n">Protocol</span><span class="p">,</span> <span class="n">WithExportConfig</span><span class="p">};</span> <span class="k">use</span> <span class="nn">opentelemetry_sdk</span><span class="p">::{</span><span class="nn">logs</span><span class="p">::</span><span class="n">SdkLoggerProvider</span><span class="p">,</span> <span class="n">Resource</span><span class="p">};</span> <span class="k">use</span> <span class="nn">tracing</span><span class="p">::</span><span class="n">error</span><span class="p">;</span> <span class="k">use</span> <span class="nn">tracing_subscriber</span><span class="p">::{</span><span class="nn">prelude</span><span class="p">::</span><span class="o">*</span><span class="p">,</span> <span class="n">EnvFilter</span><span class="p">};</span> <span class="k">fn</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="k">let</span> <span class="n">exporter</span> <span class="o">=</span> <span class="nn">LogExporter</span><span class="p">::</span><span class="nf">builder</span><span class="p">()</span> <span class="nf">.with_http</span><span class="p">()</span> <span class="nf">.with_endpoint</span><span class="p">(</span><span class="s">"http://your-collector-endpoint:4318/v1/logs"</span><span class="p">)</span> <span class="nf">.with_protocol</span><span class="p">(</span><span class="nn">Protocol</span><span class="p">::</span><span class="n">HttpJson</span><span class="p">)</span> <span class="c1">// or Protocol::Grpc</span> <span class="nf">.build</span><span class="p">()</span> <span class="nf">.unwrap</span><span class="p">();</span> <span class="k">let</span> <span class="n">provider</span><span class="p">:</span> <span class="n">SdkLoggerProvider</span> <span class="o">=</span> <span class="nn">SdkLoggerProvider</span><span class="p">::</span><span class="nf">builder</span><span class="p">()</span> <span class="nf">.with_resource</span><span class="p">(</span> <span class="nn">Resource</span><span class="p">::</span><span class="nf">builder</span><span class="p">()</span> <span class="nf">.with_service_name</span><span class="p">(</span><span class="s">"log-appender-tracing-example"</span><span class="p">)</span> <span class="nf">.build</span><span class="p">(),</span> <span class="p">)</span> <span class="nf">.with_simple_exporter</span><span class="p">(</span><span class="n">exporter</span><span class="p">)</span> <span class="nf">.build</span><span class="p">();</span> <span class="k">let</span> <span class="n">filter_otel</span> <span class="o">=</span> <span class="nn">EnvFilter</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span><span class="s">"info"</span><span class="p">)</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"hyper=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"opentelemetry=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"tonic=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"h2=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">())</span> <span class="nf">.add_directive</span><span class="p">(</span><span class="s">"reqwest=off"</span><span class="nf">.parse</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">());</span> <span class="k">let</span> <span class="n">otel_layer</span> <span class="o">=</span> <span class="nn">layer</span><span class="p">::</span><span class="nn">OpenTelemetryTracingBridge</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span><span class="o">&amp;</span><span class="n">provider</span><span class="p">)</span><span class="nf">.with_filter</span><span class="p">(</span><span class="n">filter_otel</span><span class="p">);</span> <span class="nn">tracing_subscriber</span><span class="p">::</span><span class="nf">registry</span><span class="p">()</span> <span class="nf">.with</span><span class="p">(</span><span class="n">otel_layer</span><span class="p">)</span> <span class="nf">.init</span><span class="p">();</span> <span class="nd">error!</span><span class="p">(</span><span class="n">name</span><span class="p">:</span> <span class="s">"my-event-name"</span><span class="p">,</span> <span class="n">target</span><span class="p">:</span> <span class="s">"my-system"</span><span class="p">,</span> <span class="n">event_id</span> <span class="o">=</span> <span class="mi">20</span><span class="p">,</span> <span class="n">user_name</span> <span class="o">=</span> <span class="s">"otel"</span><span class="p">,</span> <span class="n">user_email</span> <span class="o">=</span> <span class="s">"otel@opentelemetry.io"</span><span class="p">,</span> <span class="n">message</span> <span class="o">=</span> <span class="s">"This is an example message"</span><span class="p">);</span> <span class="k">let</span> <span class="n">_</span> <span class="o">=</span> <span class="n">provider</span><span class="nf">.shutdown</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h2> Wrapping up </h2> <p>With the solutions provided by the OpenTelemetry project, we could easily put the pieces together and get our application logging to Elasticsearch. While both the opentelemetry-rust SDK and the opentelemetry-collector exporter for Elasticsearch are in early stages of development, they are already bring a lot of value. the documentation can be improved for both, but with some AI agent doing some research in the codebase of the projects we managed to extract the information we need.</p> <p>If you have any questions, comments or suggestions, please add to the discussion below!</p> rust opentelemetry elasticsearch logging