This message was deleted.
# generals
Slackbot
02/02/2024, 12:15 PMThis message was deleted.
d
Darach Ennis
02/02/2024, 4:53 PMI can’t speak for all orgs but at Wayfair they had a centralized observability team within platform engineering.
Since 2018 to now this has mainly been orchestrated by https://www.tremor.rs ( disclaimer - i’m a maintainer of the project ).
In 2018 influx was used for metrics with elastic for logs - mostly on premise. In 2023 Wayfair are mostly cloud native.
With otel - you could start with the otel-collector and map your other log formats to this ( using a tool like tremor, or vector ) and then forward it to a cloud provider that supports otel like Honeycomb ( or Axiom.co where i work ) or to your internal systems of record if they support otel natively.
Darach Ennis
02/02/2024, 4:55 PMI know @Endre Karlson has built an otel based system for this at his last organisation - he was using
tremorDarach Ennis
02/02/2024, 4:56 PMIt is getting easier every day to use otel for this purpose. Would love to hear about your successes and any gotchas if you try this route!
e
Endre Karlson
02/02/2024, 4:58 PMOTELCOL id think
d
Darach Ennis
02/02/2024, 4:59 PMYes. Best place to start if there’s no remapping or transformations to do and very quick to test
s
S
02/04/2024, 2:01 PM@Endre Karlson @Darach Ennis thanks a lot for valuable information
S
02/04/2024, 2:02 PMSo can we use otel-collector with tremor or vector to filter the logs?
d
Darach Ennis
02/04/2024, 2:05 PMYou can with tremor as it has otel sinks and sources. Vector IIRC doesn’t have otel sinks
s
S
02/04/2024, 2:06 PMI think, otel-collector does not have any mechanism to filter the logs, am I right?
S
02/04/2024, 2:10 PMAnd one more question, what is your experience, does it make sense to deploy otel-collector of each kubernetes cluster( +500 clusters) and collecting logs from each of them to centralized one?
e
Endre Karlson
02/04/2024, 2:20 PMNo it does have Processors for this purpose
Endre Karlson
02/04/2024, 2:21 PMto Filter & Transform using what they call Opentelemetry Transformation Language -> https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/pkg/ottl/README.md
s
S
02/04/2024, 2:22 PMSo no need to use different vendor, am I correct?
e
Endre Karlson
02/04/2024, 2:22 PMI think it totally depends on what you want to do and if OTC supports what you want to do 😉
d
Darach Ennis
02/04/2024, 2:23 PMThis. If OTC gives you what you need then its the simplest workable solution
s
S
02/04/2024, 2:23 PMtbh, we are trying to find the best practices. In our organization. as I mentioned before we have ~400 engineering teams using their own k8s cluster
S
02/04/2024, 2:23 PMMain goal is centralized the logs in single place
S
02/04/2024, 2:23 PMWith log management policies
d
Darach Ennis
02/04/2024, 2:24 PMIf you have diversity of sources and no consistency around normalization - than having the ability to normalize the various feeds is useful. This is where something like tremor becomes useful
e
Endre Karlson
02/04/2024, 2:24 PMIHMO, try OTC and see how far you get
d
Darach Ennis
02/04/2024, 2:25 PMFor example - if you need to classify logs and do some kind of traffic shaping etc..
Darach Ennis
02/04/2024, 2:25 PMStarting with OTC is still a great start
e
Endre Karlson
02/04/2024, 2:25 PMYou can do alot of remaps / tranform just by using OTL instead of Tremor, and introducing Tremor is then a diff piece the puzzle to learn, maintain, deploy etc... and if you need something more advanced for the task Tremor is great I think
6 Views