ukor · October 30, 2025 19:23
diff --git a/otel-nginx-collector.yaml b/otel-nginx-collector.yaml
 receivers:
  syslog:
    tcp:
      listen_address: '0.0.0.0:54527'
    protocol: rfc3164
    location: UTC
    operators:
      - type: move
        from: attributes.message
        to: body
  journald:
    directory: /var/log/journal
    start_at: end
    priority: info
  # https://github.com/open-telemetry/semantic-conventions/blob/main/docs/system/system-metrics.md
  # The hostmetrics receiver collects system-level metrics (CPU, memory, disk, network, etc.)
  # It automatically uses the system.* semantic conventions defined in the documentation.
  hostmetrics:
    # How often to scrape the metrics
    collection_interval: 30s
    scrapers:
      # Processor Metrics: system.cpu.*
      cpu:

      # Disk Controller Metrics: system.disk.*
      disk:

      # Filesystem Metrics: system.filesystem.*
      filesystem:

      # Memory Metrics: system.memory.*
      memory:

      # Network Metrics: system.network.*
      network:

      # Paging/Swap Metrics: system.paging.*
      paging:

      # Aggregate System Process Metrics: system.process.*
      process: {}

  filelog/nginx-access-logs:
    include: /var/log/nginx/access.log
    operators:
      # Parse the default nginx access log format. Nginx defaults to the "combined" log format
      # $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
      # For more details, see https://nginx.org/en/docs/http/ngx_http_log_module.html
      - type: regex_parser
        if: body matches '^(?P<remote_addr>[0-9\\.]+) - (?P<remote_user>[^\\s]+) \\[(?P<ts>.+)\\] "(?P<request_method>\\w+?) (?P<request_path>.+?)" (?P<status>[0-9]+) (?P<body_bytes_sent>[0-9]+) "(?P<http_referrer>.+?)" "(?P<http_user_agent>.+?)"$'
        parse_from: body
        parse_to: attributes
        regex: '^(?P<remote_addr>[0-9\.]+) - (?P<remote_user>[^\s]+) \[(?P<ts>.+)\] "(?P<request_method>\w+?) (?P<request_path>.+?)" (?P<status>[0-9]+) (?P<body_bytes_sent>[0-9]+) "(?P<http_referrer>.+?)" "(?P<http_user_agent>.+?)"$'
        timestamp:
          parse_from: attributes.ts
          layout: '02/Jan/2006:15:04:05 -0700'
          layout_type: gotime
        severity:
          parse_from: attributes.status
          overwrite_text: true
          mapping:
            debug: '1xx'
            info:
              - '2xx'
              - '3xx'
            warn: '4xx'
            error: '5xx'
      - type: remove
        if: attributes.ts != nil
        field: attributes.ts
      - type: add
        field: attributes.source
        value: nginx

  filelog/nginx-error-logs:
    include: /var/log/nginx/error.log
    operators:
      # Parse the default nginx error log format.
      # YYYY/MM/DD HH:MM:SS [LEVEL] PID#TID: *CID MESSAGE
      # For more details, see https://github.com/phusion/nginx/blob/master/src/core/ngx_log.c
      - type: regex_parser
        if: body matches '^(?P<ts>.+?) \\[(?P<log_level>\\w+)\\] (?P<pid>\\d+)#(?P<tid>\\d+). \\*(?P<cid>\\d+) (?P<message>.+)$'
        parse_from: body
        parse_to: attributes
        regex: '^(?P<ts>.+?) \[(?P<log_level>\w+)\] (?P<pid>\d+)#(?P<tid>\d+). \*(?P<cid>\d+) (?P<message>.+)$'
        timestamp:
          parse_from: attributes.ts
          layout: '2006/01/02 15:04:05'
          layout_type: gotime
        severity:
          parse_from: attributes.log_level
          overwrite_text: true
          mapping:
            debug: 'debug'
            info:
              - 'info'
              - 'notice'
            warn: 'warn'
            error:
              - 'error'
              - 'crit'
              - 'alert'
            fatal: 'emerg'
      - type: remove
        if: attributes.ts != nil
        field: attributes.ts
      - type: move
        if: attributes.message != nil
        from: attributes.message
        to: body
      - type: add
        field: attributes.source
        value: nginx

 processors:
  batch:
    send_batch_size: 10000
    send_batch_max_size: 11000
    timeout: 10s
  resourcedetection/system:
    detectors: [system] # Automatically detects hostname, OS, etc.
    timeout: 5s
  resource/server_id:
    attributes:
      # Add a static, unique attribute for your environment/role
      - key: server.tag
        value: 'load_balancer'
        action: insert
  memory_limiter:
    # Essential: Sets how often the collector checks its memory usage.
    # This must be greater than zero.
    check_interval: 60s
    # Soft limit (e.g., 900 MiB): When hit, the collector stops receiving new data.
    limit_mib: 900
    # Hard limit (e.g., 700 MiB): When hit, the collector crashes to prevent OOM errors system-wide.
    spike_limit_mib: 700

 exporters:
  otlp:
    endpoint: 10.106.0.5:4317
    tls:
      insecure: true
    timeout: 5s
    sending_queue:
      queue_size: 100
    retry_on_failure:
      enabled: true
      initial_interval: 5s
      max_interval: 30s
      max_elapsed_time: 300s

 service:
  pipelines:
    logs:
      receivers: [journald, syslog, filelog/nginx-access-logs, filelog/nginx-error-logs]
      processors: [resourcedetection/system, resource/server_id, memory_limiter, batch]
      exporters: [otlp]
    metrics:
      receivers: [hostmetrics]
      processors: [resourcedetection/system, resource/server_id, memory_limiter, batch]
      exporters: [otlp]
	receivers:
	syslog:
	tcp:
	listen_address: '0.0.0.0:54527'
	protocol: rfc3164
	location: UTC
	operators:
	- type: move
	from: attributes.message
	to: body
	journald:
	directory: /var/log/journal
	start_at: end
	priority: info
	# https://github.com/open-telemetry/semantic-conventions/blob/main/docs/system/system-metrics.md
	# The hostmetrics receiver collects system-level metrics (CPU, memory, disk, network, etc.)
	# It automatically uses the system.* semantic conventions defined in the documentation.
	hostmetrics:
	# How often to scrape the metrics
	collection_interval: 30s
	scrapers:
	# Processor Metrics: system.cpu.*
	cpu:

	# Disk Controller Metrics: system.disk.*
	disk:

	# Filesystem Metrics: system.filesystem.*
	filesystem:

	# Memory Metrics: system.memory.*
	memory:

	# Network Metrics: system.network.*
	network:

	# Paging/Swap Metrics: system.paging.*
	paging:

	# Aggregate System Process Metrics: system.process.*
	process: {}

	filelog/nginx-access-logs:
	include: /var/log/nginx/access.log
	operators:
	# Parse the default nginx access log format. Nginx defaults to the "combined" log format
	# $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
	# For more details, see https://nginx.org/en/docs/http/ngx_http_log_module.html
	- type: regex_parser
	if: body matches '^(?P<remote_addr>[0-9\\.]+) - (?P<remote_user>[^\\s]+) \\[(?P<ts>.+)\\] "(?P<request_method>\\w+?) (?P<request_path>.+?)" (?P<status>[0-9]+) (?P<body_bytes_sent>[0-9]+) "(?P<http_referrer>.+?)" "(?P<http_user_agent>.+?)"$'
	parse_from: body
	parse_to: attributes
	regex: '^(?P<remote_addr>[0-9\.]+) - (?P<remote_user>[^\s]+) \[(?P<ts>.+)\] "(?P<request_method>\w+?) (?P<request_path>.+?)" (?P<status>[0-9]+) (?P<body_bytes_sent>[0-9]+) "(?P<http_referrer>.+?)" "(?P<http_user_agent>.+?)"$'
	timestamp:
	parse_from: attributes.ts
	layout: '02/Jan/2006:15:04:05 -0700'
	layout_type: gotime
	severity:
	parse_from: attributes.status
	overwrite_text: true
	mapping:
	debug: '1xx'
	info:
	- '2xx'
	- '3xx'
	warn: '4xx'
	error: '5xx'
	- type: remove
	if: attributes.ts != nil
	field: attributes.ts
	- type: add
	field: attributes.source
	value: nginx

	filelog/nginx-error-logs:
	include: /var/log/nginx/error.log
	operators:
	# Parse the default nginx error log format.
	# YYYY/MM/DD HH:MM:SS [LEVEL] PID#TID: *CID MESSAGE
	# For more details, see https://github.com/phusion/nginx/blob/master/src/core/ngx_log.c
	- type: regex_parser
	if: body matches '^(?P<ts>.+?) \\[(?P<log_level>\\w+)\\] (?P<pid>\\d+)#(?P<tid>\\d+). \\*(?P<cid>\\d+) (?P<message>.+)$'
	parse_from: body
	parse_to: attributes
	regex: '^(?P<ts>.+?) \[(?P<log_level>\w+)\] (?P<pid>\d+)#(?P<tid>\d+). \*(?P<cid>\d+) (?P<message>.+)$'
	timestamp:
	parse_from: attributes.ts
	layout: '2006/01/02 15:04:05'
	layout_type: gotime
	severity:
	parse_from: attributes.log_level
	overwrite_text: true
	mapping:
	debug: 'debug'
	info:
	- 'info'
	- 'notice'
	warn: 'warn'
	error:
	- 'error'
	- 'crit'
	- 'alert'
	fatal: 'emerg'
	- type: remove
	if: attributes.ts != nil
	field: attributes.ts
	- type: move
	if: attributes.message != nil
	from: attributes.message
	to: body
	- type: add
	field: attributes.source
	value: nginx

	processors:
	batch:
	send_batch_size: 10000
	send_batch_max_size: 11000
	timeout: 10s
	resourcedetection/system:
	detectors: [system] # Automatically detects hostname, OS, etc.
	timeout: 5s
	resource/server_id:
	attributes:
	# Add a static, unique attribute for your environment/role
	- key: server.tag
	value: 'load_balancer'
	action: insert
	memory_limiter:
	# Essential: Sets how often the collector checks its memory usage.
	# This must be greater than zero.
	check_interval: 60s
	# Soft limit (e.g., 900 MiB): When hit, the collector stops receiving new data.
	limit_mib: 900
	# Hard limit (e.g., 700 MiB): When hit, the collector crashes to prevent OOM errors system-wide.
	spike_limit_mib: 700

	exporters:
	otlp:
	endpoint: 10.106.0.5:4317
	tls:
	insecure: true
	timeout: 5s
	sending_queue:
	queue_size: 100
	retry_on_failure:
	enabled: true
	initial_interval: 5s
	max_interval: 30s
	max_elapsed_time: 300s

	service:
	pipelines:
	logs:
	receivers: [journald, syslog, filelog/nginx-access-logs, filelog/nginx-error-logs]
	processors: [resourcedetection/system, resource/server_id, memory_limiter, batch]
	exporters: [otlp]
	metrics:
	receivers: [hostmetrics]
	processors: [resourcedetection/system, resource/server_id, memory_limiter, batch]
	exporters: [otlp]
No results found