Logs
editLogs
editElastic Python APM Agent provides the following log features:
- Log correlation : Automatically inject correlation IDs that allow navigation between logs, traces and services.
- Log reformatting (experimental) : Automatically reformat plaintext logs in ECS logging format.
Elastic Python APM Agent does not send the logs to Elasticsearch. It only injects correlation IDs and reformats the logs. You must use another ingestion strategy. We recommend Filebeat for that purpose.
Those features are part of Application log ingestion strategies.
The ecs-logging-python
library can also be used to use the ECS logging format without an APM agent.
When deployed with the Python APM agent, the agent will provide log correlation IDs.
Log correlation
editLog correlation allows you to navigate to all logs belonging to a particular trace and vice-versa: for a specific log, see in which context it has been logged and which parameters the user provided.
The Agent provides integrations with both the default Python logging library,
as well as structlog
.
Logging integrations
editlogging
editWe use logging.setLogRecordFactory()
to decorate the default LogRecordFactory to automatically add new attributes to
each LogRecord object:
-
elasticapm_transaction_id
-
elasticapm_trace_id
-
elasticapm_span_id
This factory also adds these fields to a dictionary attribute,
elasticapm_labels
, using the official ECS tracing fields.
You can disable this automatic behavior by using the
disable_log_record_factory
setting
in your configuration.
structlog
editWe provide a processor for
structlog
which will add three new keys
to the event_dict of any processed event:
-
transaction.id
-
trace.id
-
span.id
from structlog import PrintLogger, wrap_logger from structlog.processors import JSONRenderer from elasticapm.handlers.structlog import structlog_processor wrapped_logger = PrintLogger() logger = wrap_logger(wrapped_logger, processors=[structlog_processor, JSONRenderer()]) log = logger.new() log.msg("some_event")
Use structlog for agent-internal logging
editThe Elastic APM Python agent uses logging to log internal events and issues.
By default, it will use a logging
logger.
If your project uses structlog, you can tell the agent to use a structlog logger
by setting the environment variable ELASTIC_APM_USE_STRUCTLOG
to true
.
Log correlation in Elasticsearch
editIn order to correlate logs from your app with transactions captured by the Elastic APM Python Agent, your logs must contain one or more of the following identifiers:
-
transaction.id
-
trace.id
-
span.id
If you’re using structured logging, either with a custom solution or with structlog (recommended), then this is fairly easy. Throw the JSONRenderer in, and use Filebeat to pull these logs into Elasticsearch.
Without structured logging the task gets a little trickier. Here we
recommend first making sure your LogRecord objects have the elasticapm
attributes (see logging
), and then you’ll want to combine some specific
formatting with a Grok pattern, either in Elasticsearch using
the grok processor,
or in logstash with a plugin.
Say you have a Formatter that looks like this:
import logging fh = logging.FileHandler('spam.log') formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") fh.setFormatter(formatter)
You can add the APM identifiers by simply switching out the Formatter
object
for the one that we provide:
import logging from elasticapm.handlers.logging import Formatter fh = logging.FileHandler('spam.log') formatter = Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") fh.setFormatter(formatter)
This will automatically append apm-specific fields to your format string:
formatstring = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" formatstring = formatstring + " | elasticapm " \ "transaction.id=%(elasticapm_transaction_id)s " \ "trace.id=%(elasticapm_trace_id)s " \ "span.id=%(elasticapm_span_id)s"
Then, you could use a grok pattern like this (for the Elasticsearch Grok Processor):
{ "description" : "...", "processors": [ { "grok": { "field": "message", "patterns": ["%{GREEDYDATA:msg} | elasticapm transaction.id=%{DATA:transaction.id} trace.id=%{DATA:trace.id} span.id=%{DATA:span.id}"] } } ] }
Log reformatting (experimental)
editStarting in version 6.16.0, the agent can automatically reformat application
logs to ECS format with no changes to dependencies. Prior versions must install
the ecs_logging
dependency.
Log reformatting is controlled by the log_ecs_reformatting
configuration option, and is disabled by default.
The reformatted logs will include both the trace and service correlation IDs.