Skip to main content
Sumo Logic

Collect Apache Logs and Metrics for Kubernetes environments

In a Kubernetes environment, we use the Telegraf Operator, which is packaged with our Kubernetes collection. You can learn more about it here.The diagram below illustrates how data is collected from Apache in Kubernetes environments. In the architecture shown below, there are four services that make up the metric collection pipeline: Telegraf, Prometheus, Fluentd and FluentBit.

The first service in the pipeline is Telegraf. Telegraf collects metrics from Apache. Note that we’re running Telegraf in each pod we want to collect metrics from as a sidecar deployment: i.e. Telegraf runs in the same pod as the containers it monitors. Telegraf uses the Apache input plugin to obtain metrics. (For simplicity, the diagram doesn’t show the input plugins.) The injection of the Telegraf sidecar container is done by the Telegraf Operator. We also have Fluentbit that collects logs written to standard out and standard error and forwards them to FluentD, which in turn sends all the logs and metrics data to a Sumo Logic HTTP Source.

Follow the instructions below to set up the metric collection:

  1. Configure Metrics Collection
    1. Setup Kubernetes Collection with the Telegraf operator
    2. Add annotations on your Apache pods
  2. Configure Logs Collection
    1. Configure logging in Apache.
    2. Add labels on your Apache pods to capture logs from standard output and standard error.

Prerequisites

  • Please ensure that you are monitoring your Kubernetes clusters with the Telegraf operator -  If you are not, then please follow these instructions to do so. 

Step 1 Configure Metrics Collection

Follow the steps below to collect metrics from a Kubernetes environment:

  1. Add configuration to enable metric on Apache pods

configuration: |-

ServerName localhost:8080
  <IfModule status_module>
    ExtendedStatus On
    <Location /server-status>
      Sethandler server-status
      order deny,allow
      allow from all
    </Location>
  </IfModule>
  1. Add annotations on your Apache pods

podAnnotations:

  telegraf.influxdata.com/class: sumologic-prometheus
  prometheus.io/scrape: "true" 
  prometheus.io/port: "9273"
  telegraf.influxdata.com/inputs: |+
    [[inputs.apache]]
      urls = ["http://localhost:8080/server-status?auto"]
      [inputs.apache.tags]
        environment = "prod"
        component = "webserver"
        webserver_system = "apache"
        webserver_farm = "app1apacheeks"

Please enter in values for the following parameters (marked in bold above):

  • telegraf.influxdata.com/inputs - This contains the required configuration for the Telegraf Apache Input plugin. Please refer to this doc for more information on configuring the Apache input plugin for Telegraf. Note: As telegraf will be run as a sidecar the host should always be localhost. 

    • In the input plugins section i.e. : 

      • urls - The URL to the Apache server

      • In the tags section i.e.  [inputs.apache.tags]

        • environment - This is the deployment environment where the Apache webserver farm identified by the value of urls resides. For example: dev, prod or qa. While this value is optional we highly recommend setting it. 

        • webserver_farm - Enter a name to uniquely identify this Apache Webserver farm. This Apache webserver farm name will be shown in the Sumo Logic dashboards.

Here’s an explanation for additional values set by this configuration that we request you please do not modify these values as they will cause the Sumo Logic apps to not function correctly.

  • telegraf.influxdata.com/class: sumologic-prometheus - This instructs the Telegraf operator what output to use. This should not be changed.

  • prometheus.io/scrape: "true" - This ensures our Prometheus will scrape the metrics.

  • prometheus.io/port: "9273" - This tells prometheus what ports to scrape on. This should not be changed.

  • telegraf.influxdata.com/inputs

    • In the tags section i.e.  [inputs.apache.tags]

      • component: “webserver” - This value is used by Sumo Logic apps to identify application components. 

      • webserver_system: “apache” - This value identifies the webserver system.

For more information on all other parameters please see this doc for more properties that can be configured in the Telegraf agent globally.

For more information on configuring the Apache input plugin for Telegraf please see this doc. 

  1. Sumo Logic Kubernetes collection will automatically start collecting metrics from the pods having the configuration and annotations defined in the previous step. 

  2. Verify metrics in Sumo Logic by running the following metrics query:

websrever_farm=<your_apache_webserver_farmname> component="webserver" and webserver_system="apache"

Step 2 Configure Logs Collection

This section explains the steps to collect Apache logs from a Kubernetes environment.

  1. Collect Apache logs written to standard output and standard error

If your Apache helm chart/pod is writing the logs to standard output or standard error then follow the steps listed below to collect the logs:

  1. On your Apache Pods, add the following pod labels

podLabels:

 environment: "prod"
  component: "webserver"
  webserver_system: "apache"
  webserver_farm: "app1apacheeks"

Please enter in values for the following parameters (marked in bold above):

  • environment - This is the deployment environment where the Apache webserver farm identified by the value of urls resides. For example: dev, prod or qa. While this value is optional we highly recommend setting it.

  • webserver_farm - Enter a name to identify this Apache webserver farm. This Apache webserver farm name will be shown in the Sumo Logic dashboards.

Here’s an explanation for additional values set by this configuration that we request you please do not modify as they will cause the Sumo Logic apps to not function correctly.

  • component: “webserver” - This value is used by Sumo Logic apps to identify application components. 

  • webserver_system: “apache” - This value identifies the webserver system.

For all other parameters please see this doc for more properties that can be configured in the Telegraf agent globally.

Make sure that the Apache pods are running and annotations are applied by using the command: kubectl describe pod <apache_pod_name>

The Sumo Logic Kubernetes Collection process will automatically capture the logs from stdout / stderr and will send the logs to Sumo Logic. For more information on deploying the Sumo Logic -Kubernetes -Collection, please see this page.

  1. Add an FER to normalize the fields in Kubernetes environments

Labels created in Kubernetes environments automatically are prefixed with pod_labels. To normalize these for our app to work, we need to create a Field Extraction Rule if not already created for Web Server Application Components. To do so:

  1. Go to Manage Data > Logs > Field Extraction Rules.

  2. Click the + Add button on the top right of the table.

  3. The following form appears:


  1. Enter the following options:

    • Rule Name: Enter the name as App Observability - Webserver

    • Applied At: Choose Ingest Time

    • Scope: Select Specific Data

      • Scope: Enter the following keyword search expression: 

pod_labels_environment=* pod_labels_component=webserver pod_labels_webserver_system=* pod_labels_webserver_farm=*
  • Parse Expression.Enter the following parse expression:

 environment: "prod"
  component: "webserver"
  webserver_system: "apache"
  webserver_farm: "app1apacheeks"
  1. xClick Save to create the rule.

  1. Verify logs are flowing into Sumo Logic by running the following logs query:

component=webserver webserver_system=apache webserver_farm=<your_apache_webserver_farmname>