Closed
Description
Component(s)
pkg/translator/azurelogs
Is your feature request related to a problem? Please describe.
Parent issue is #39186.
Describe the solution you'd like
When the record attributes are part of the body, it is not possible to query the record by these attributes. To achieve that, we need to add explicit support for the current categories.
This issue approaches the category FrontDoorAccessLog (the goal is to handle all the other categories currently upstream as well).
This is an example of a log of this category.
{
"time":"2025-04-24T13:14:28.0000000Z",
"resourceId":"/SUBSCRIPTIONS/OPENTELEMETRY-AZURE-SUB/RESOURCEGROUPS/OPENTELEMETRY-FRONTDOOR/PROVIDERS/MICROSOFT.CDN/PROFILES/OPENTELEMETRY-FRONTDOOR-PROFILE",
"category":"FrontDoorAccessLog",
"operationName":"Microsoft.Cdn/Profiles/AccessLog/Write",
"properties":{
"trackingReference":"20250424T131428Z-17587c8c466d76czhC1PARprs40000000q8g00000000d67w",
"httpMethod":"GET",
"httpVersion":"2.0.0.0",
"requestUri":"https://opentelemetry-test-fmagg0exgdcfhefq.z01.azurefd.net:443/",
"sni":"opentelemetry-test-fmagg0exgdcfhefq.z01.azurefd.net",
"requestBytes":"60",
"responseBytes":"1624",
"userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.0",
"clientIp":"2001:1c00:3280:6700:fbfa:bf04:1296:ebfc",
"clientPort":"55262",
"socketIp":"2001:1c00:3280:6700:fbfa:bf04:1296:ebfc",
"timeToFirstByte":"0.035",
"timeTaken":"0.035",
"requestProtocol":"HTTPS",
"securityProtocol":"TLS 1.3",
"rulesEngineMatchNames":[
],
"httpStatusCode":"200",
"httpStatusDetails":"200",
"pop":"PAR",
"cacheStatus":"CONFIG_NOCACHE",
"errorInfo":"NoError",
"ErrorInfo":"NoError",
"result":"N/A",
"endpoint":"opentelemetry-test-fmagg0exgdcfhefq.z01.azurefd.net",
"routingRuleName":"opentelemetry-frontdoor-route",
"hostName":"opentelemetry-test-fmagg0exgdcfhefq.z01.azurefd.net",
"originUrl":"https://opentelemetry-app.azurewebsites.net:443/",
"originIp":"23.100.1.29:443",
"originName":"opentelemetry-app.azurewebsites.net:443",
"originCryptProtocol":"N/A",
"referer":"",
"clientCountry":"Netherlands",
"domain":"6d63ff6a-6a29-4702-bcc0-533a432cc7fa:443",
"securityCipher":"TLS_AES_256_GCM_SHA384",
"securityCurves":"0x11ec:X25519:prime256v1:secp384r1:secp521r1:0x0100:0x0101"
}
}The proposed log attributes are:
| Original Field (JSON) | Log Record Attribute |
|---|---|
trackingReference |
azure.ref |
httpMethod |
http.request.method |
httpVersion |
network.protocol.version |
requestUri |
url.orginalAlso parses it to get fields: 1. url.scheme2. url.fragment3. url.query4. url.path5. url.port |
sni |
tls.server.name |
requestBytes |
http.request.size |
responseBytes |
http.response.size |
userAgent |
user_agent.original |
clientIp |
client.address |
clientPort |
client.port |
socketIp |
source.address |
timeToFirstByte |
azure.time_to_first_byte |
timeTaken |
duration |
requestProtocol |
network.protocol.name |
securityProtocol |
1. tls.protocol.name2. tls.protocol.version |
httpStatusCode |
http.response.status_code |
pop |
azure.pop |
cacheStatus |
azure.cache_status |
errorInfo |
exception.type |
ErrorInfo |
Same as errorInfo |
endpoint |
Either: 1. destination.address if it is equal to hostName2. network.peer.address otherwise. |
hostName |
1. destination.address 2. destination.port, if any |
securityCurves |
tls.curve |
securityCipher |
tls.cipher |
OriginIP |
Split in: 1. server.address2. server.port |
This means that the example of the log I put above, will end up as:
resourceLogs:
- resource:
attributes:
- key: cloud.provider
value:
stringValue: azure
- key: cloud.resource_id
value:
stringValue: /SUBSCRIPTIONS/OPENTELEMETRY-AZURE-SUB/RESOURCEGROUPS/OPENTELEMETRY-FRONTDOOR/PROVIDERS/MICROSOFT.CDN/PROFILES/OPENTELEMETRY-FRONTDOOR-PROFILE
- key: event.name
value:
stringValue: az.resource.log
scopeLogs:
- logRecords:
- attributes:
- key: http.request.size
value:
intValue: "60"
- key: http.response.size
value:
intValue: "60"
- key: client.port
value:
intValue: "55262"
- key: http.response.status_code
value:
intValue: "200"
- key: azure.time_to_first_byte
value:
intValue: "35"
- key: duration
value:
intValue: "35"
- key: url.original
value:
stringValue: https://opentelemetry-test-fmagg0exgdcfhefq.z01.azurefd.net:443/
- key: url.port
value:
intValue: "443"
- key: url.scheme
value:
stringValue: https
- key: url.path
value:
stringValue: /
- key: tls.protocol.name
value:
stringValue: TLS
- key: tls.protocol.version
value:
stringValue: "1.3"
- key: destination.address
value:
stringValue: opentelemetry-test-fmagg0exgdcfhefq.z01.azurefd.net
- key: server.address
value:
stringValue: 23.100.1.29
- key: server.port
value:
intValue: "443"
- key: azure.ref
value:
stringValue: 20250424T131428Z-17587c8c466d76czhC1PARprs40000000q8g00000000d67w
- key: http.request.method
value:
stringValue: GET
- key: network.protocol.version
value:
stringValue: 2.0.0.0
- key: network.protocol.name
value:
stringValue: HTTPS
- key: tls.server.name
value:
stringValue: opentelemetry-test-fmagg0exgdcfhefq.z01.azurefd.net
- key: user_agent.original
value:
stringValue: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.0
- key: client.address
value:
stringValue: 2001:1c00:3280:6700:fbfa:bf04:1296:ebfc
- key: source.address
value:
stringValue: 2001:1c00:3280:6700:fbfa:bf04:1296:ebfc
- key: azure.pop
value:
stringValue: PAR
- key: azure.cache_status
value:
stringValue: CONFIG_NOCACHE
- key: tls.curve
value:
stringValue: 0x11ec:X25519:prime256v1:secp384r1:secp521r1:0x0100:0x0101
- key: tls.cipher
value:
stringValue: TLS_AES_256_GCM_SHA384
- key: azure.category
value:
stringValue: FrontDoorAccessLog
- key: azure.operation.name
value:
stringValue: Microsoft.Cdn/Profiles/AccessLog/Write
body: {}
spanId: ""
timeUnixNano: "1745500468000000000"
traceId: ""
scope:
name: otelcol/azureresourcelogs
version: 1.2.3Describe alternatives you've considered
N/A
Additional context
N/A