Configure task log collection and exporting to ElasticSearch

Airflow task logs are stored in a logging backend to ensure you can access them after your Pods terminate. By default, Astronomer uses Fluentd to collect task logs and export them to an ElasticSearch instance.

You can configure how Astronomer collects Deployment task logs and exports them to ElasticSearch. The following are the supported methods for exporting task logs to ElasticSearch:

• Using a Fluentd Daemonset pod on each Kubernetes node in your cluster.
• Using container sidecars for Deployment components.

Export task logs using a Fluentd DaemonSet

By default, Astronomer Software uses a Fluentd DaemonSet to aggregate task logs. The is the workflow for the default implementation:

• Deployments write task logs to stdout.
• Kubernetes takes the output from stdout and writes it to the Deployment’s node.
• A Fluentd pod reads logs from the node and forwards them to ElasticSearch.

This implementation is recommended for organizations that:

• Run longer tasks using Celery executor.
• Run Astronomer Software in a dedicated cluster.
• Run privileged containers in a cluster with a ClusterRole.

This approach is not suited for organizations that run many small tasks using the Kubernetes executor. Because task logs exist only for the lifetime of the pod, your pods running small tasks might complete before Fluentd can collect their task logs.

Export logs using container sidecars

You can use a logging sidecar container to collect and export logs. In this implementation:

• Each container running an Airflow component for a Deployment receives its own Vector sidecar.
• Task logs are written to a shared directory.
• The Vector sidecar reads logs from the shared directory and writes them to ElasticSearch.

This implementation is recommended for organizations that:

• Run Astronomer Software in a multi-tenant cluster, where security is a concern.
• Use the KubernetesExecutor to run many short-lived tasks, which requires improved reliability.

Configure logging sidecars

1. Retrieve your values.yaml file. See Apply a config change.

2. Add the following entry to your values.yaml file:

   1
   global:
   2
     fluentdEnabled: false
   3
     loggingSidecar:
   4
       enabled: true
   5
       name: sidecar-log-consumer
   If you’re migrating from Fluentd, additionally set the following configuration so that Astronomer Software can retain logs:

   1
   global:
   2
     logging:
   3
       indexNamePrefix: <your-index-prefix>

3. Push the configuration change. See Apply a config change.

Customize Vector logging sidecars

You can customize the default Astronomer Vector logging sidecar to have different transformations and sinks based on your team’s requirements. This is useful if you want to annotate, otherwise customize, or filter your logs before sending them to your logging platform.

1. Add the following line to your values.yaml file:

   1
   global:
   2
     loggingSidecar:
   3
       enabled: true
   4
       name: sidecar-log-consumer
   5
       customConfig: true

2. Push the configuration change to your cluster. See Apply a config change.

3. Create a custom vector configuration yaml file to change how and where sidecars forward your logs. The following examples are template configurations for each commonly used external logging service. For the complete default logging sidecar configmap, see the Astronomer GitHub.

1
log_schema:
2
  timestamp_key : "@timestamp"
3
data_dir: "${SIDECAR_LOGS}"
4
sources:
5
  airflow_log_files:
6
    type: file
7
    include:
8
      - "${SIDECAR_LOGS}/*.log"
9
    read_from: beginning
10
transforms:
11
  transform_airflow_logs:
12
    type: remap
13
    inputs:
14
      - airflow_log_files
15
    source: |
16
      .component = "${COMPONENT:--}"
17
      .workspace = "${WORKSPACE:--}"
18
      .release = "${RELEASE:--}"
19
      .date_nano = parse_timestamp!(.@timestamp, format: "%Y-%m-%dT%H:%M:%S.%f%Z")
20
21
  filter_common_logs:
22
    type: filter
23
    inputs:
24
      - transform_airflow_logs
25
    condition:
26
      type: "vrl"
27
      source: '!includes(["worker","scheduler"], .component)'
28
29
  filter_scheduler_logs:
30
    type: filter
31
    inputs:
32
      - transform_airflow_logs
33
    condition:
34
      type: "vrl"
35
      source: 'includes(["scheduler"], .component)'
36
37
  filter_worker_logs:
38
    type: filter
39
    inputs:
40
      - transform_airflow_logs
41
    condition:
42
      type: "vrl"
43
      source: 'includes(["worker"], .component)'
44
45
  filter_gitsyncrelay_logs:
46
    type: filter
47
    inputs:
48
      - transform_airflow_logs
49
    condition:
50
      type: "vrl"
51
      source: 'includes(["git-sync-relay"], .component)'
52
53
  transform_task_log:
54
    type: remap
55
    inputs:
56
      - filter_worker_logs
57
      - filter_scheduler_logs
58
    source: |-
59
      . = parse_json(.message) ?? .
60
      .@timestamp = parse_timestamp(.timestamp, "%Y-%m-%dT%H:%M:%S%Z") ?? now()
61
      .check_log_id = exists(.log_id)
62
      if .check_log_id != true {
63
      .log_id = join!([to_string!(.dag_id), to_string!(.task_id), to_string!(.execution_date), to_string!(.try_number)], "_")
64
      }
65
      .offset = to_int(now()) * 1000000000 + to_unix_timestamp(now()) * 1000000
66
67
  final_task_log:
68
    type: remap
69
    inputs:
70
      - transform_task_log
71
    source: |
72
      .component = "${COMPONENT:--}"
73
      .workspace = "${WORKSPACE:--}"
74
      .release = "${RELEASE:--}"
75
      .date_nano = parse_timestamp!(.@timestamp, format: "%Y-%m-%dT%H:%M:%S.%f%Z")
76
77
  transform_remove_fields:
78
    type: remap
79
    inputs:
80
      - final_task_log
81
      - filter_common_logs
82
      - filter_gitsyncrelay_logs
83
    source: |
84
      del(.host)
85
      del(.file)
86
# Configuration for ElasticSearch sink.
87
sinks:
88
  out:
89
    type: elasticsearch
90
    # Specify the transforms you want to run before your logs are exported.
91
    inputs:
92
      - transform_remove_fields
93
    mode: bulk
94
    compression: none
95
    endpoint: "http://example-host:<example-port>"
96
    auth:
97
      strategy: "basic"
98
      user: "example-user"
99
      password : "example-pass"
100
    bulk:
101
      index: "vector.${RELEASE:--}.%Y.%m.%d"
102
      action: create

4. Run the following command to add the configuration file to your cluster as a Kubernetes secret:

   1
   kubectl create secret generic sidecar-config --from-file=vector-values.yaml=vector-values.yaml -n <your-platform-namespace>

5. Run the following command to annotate the secret so that it’s automatically applied to all new Deployments:

   1
   kubectl annotate secret sidecar-config astronomer.io/commander-sync="platform-release=astronomer" -n <your-platform-namespace>

6. Run the following command to sync existing Deployments with the new configuration:

   1
   kubectl create job --from=cronjob/astronomer-config-syncer sync-secrets -n <your-platform-namespace>

Use an external Elasticsearch instance for Airflow task log management

Add Airflow task logs from your Astronomer Deployment to an existing Elasticsearch instance on Elastic Cloud to centralize log management and analysis. Centralized log management allows you to quickly identify, troubleshoot, and resolve task failure issues. Although these examples use Elastic Cloud, you can also use AWS Managed OpenSearch Service or any other elastic service (managed or hosted). With an external Elasticsearch instance configured for Astronomer Software, you can see the logs in your Elasticsearch instance and browse the logs from the Software UI.

Create an Elastic Deployment and endpoint

1. In your browser, go to https://cloud.elastic.co/ and create a new Elastic Cloud deployment. See Create a deployment.

2. Copy and save your Elastic Cloud deployment credentials when the Save the deployment credentials screen appears.

3. On the Elastic dashboard, click the Gear icon for your Deployment.

4. Click Copy endpoint next to Elasticsearch.

5. Optional. Test the Elastic Cloud deployment endpoint:

   • Open a new browser window, paste the endpoint you copied in step 4 in the Address bar, and then press Enter.
   • Enter the username and password you copied in step 2 and click Sign in. Output similar to the following appears:

       name	"instance-0000000000"
       cluster_name	"<cluster-name>"
       cluster_uuid	"<cluster-uuid>"
       version
       number	"8.3.2"
       build_type	"docker"
       build_hash	"8b0b1f23fbebecc3c88e4464319dea8989f374fd"
       build_date	"2022-07-06T15:15:15.901688194Z"
       build_snapshot	false
       lucene_version	"9.2.0"
       minimum_wire_compatibility_version	"7.17.0"
       minimum_index_compatibility_version	"7.0.0"
       tagline	"You Know, for Search"

Save your Elastic Cloud deployment credentials

After you’ve created an Elastic deployment and endpoint, you have two options to store your Elastic deployment credentials. You can store the credentials in your Astronomer Software helm values, or for greater security, as a secret in your Astronomer Software Kubernetes cluster. For additional information about adding an Astronomer Software configuration change, see Apply a config change.

$
   echo -n "<username>:<password>" | base64

1
global:
2
  fluentdEnabled: true
3
  customLogging:
4
    enabled: true
5
    scheme: https
6
    # host endpoint copied from elasticsearch console with https
7
    # and port number removed.
8
    host: "<host-URL>"
9
    port: "9243"
10
    # encoded credentials from above step 1
11
    secret: "<encoded credentials>"

1
tags:
2
  logging: false

$
helm upgrade -f values.yaml --version=0.37 --namespace=<your-platform-namespace> <your-platform-release-name> astronomer/astronomer

View Airflow task logs in Elastic

1. On the Elastic dashboard in the Elasticsearch Service area, click the Deployment name.

2. Click Menu > Discover. The Create index pattern screen appears.

3. Enter fluentd.*, or vector.* if you use Vector Sidecar Logging. In the Name field, enter @timestamp in the Timestamp field, and then click Create index pattern.

4. Click Menu > Dashboard to view all of the Airflow task logs for your Deployment on Astronomer.