Hi All,
We are looking to integrate Metabase logs to ELK stack, using Elastic Agent. For that, the ECS Format (Link) is the most preferred.
Following guides at:
Get started | ECS Logging Java Reference [1.x] | Elastic (Select log4j2 tab)
I did the following:
-
Updated Metabase Open Source to latest version i.e. v0.50.7
-
Added
log4j2-ecs-layout-1.6.0.jarto plugins folder of Metabase. Jar was downloaded from here. -
Made a custom
log4j2.xmlfile, with content as follows:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG">
<Appenders>
<Console name="STDOUT" target="SYSTEM_OUT" follow="true">
<EcsLayout serviceName="metabase" serviceVersion="v1" serviceEnvironment="production" serviceNodeName="node-1"/>
</Console>
<RollingFile name="LogToFile" fileName="/var/log/metabase/metabase.json" filePattern="/var/log/metabase/metabase-%i.json">
<Policies>
<SizeBasedTriggeringPolicy size="500 MB"/>
</Policies>
<DefaultRolloverStrategy max="2"/>
<EcsLayout serviceName="metabase" serviceVersion="v1" serviceEnvironment="production" serviceNodeName="node-1"/>
</RollingFile>
</Appenders>
<Loggers>
<Logger name="metabase" level="INFO"/>
<Logger name="metabase-enterprise" level="INFO"/>
<Logger name="metabase.metabot" level="DEBUG"/>
<Logger name="metabase.plugins" level="DEBUG"/>
<Logger name="metabase.server.middleware" level="DEBUG"/>
<Logger name="metabase.query-processor.async" level="DEBUG"/>
<Logger name="com.mchange" level="ERROR"/>
<Logger name="org.quartz" level="INFO"/>
<Logger name="liquibase" level="ERROR"/>
<Logger name="net.snowflake.client.jdbc.SnowflakeConnectString" level="ERROR"/>
<Root level="WARN">
<AppenderRef ref="STDOUT"/>
<AppenderRef ref="LogToFile"/>
</Root>
</Loggers>
</Configuration>
- Modified Metabase to use the log4j configuration file as follows:
java -Dlog4j.configurationFile=file:log4j2.xml -jar metabase.jar
Despite this, when I do
tail -f /var/log/metabase/metabase.json
I see output in below format:
GET /api/user/current 200 125.0 ms (11 DB calls) App DB connections: 0/4 Jetty threads: 3/50 (3 idle, 0 queued) (52 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 23}
GET /api/collection/root 200 20.8 ms (2 DB calls) App DB connections: 0/4 Jetty threads: 5/50 (3 idle, 0 queued) (52 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 23}
GET /api/bookmark 200 21.8 ms (1 DB calls) App DB connections: 4/4 Jetty threads: 8/50 (0 idle, 0 queued) (54 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 23}
GET /api/database 200 63.1 ms (1 DB calls) App DB connections: 4/4 Jetty threads: 9/50 (2 idle, 0 queued) (56 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 23}
GET /api/search 200 201.6 ms (4 DB calls) App DB connections: 1/11 Jetty threads: 6/50 (4 idle, 0 queued) (56 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 23}
Expected format would be ECS (Elastic Common Schema) format, which is essentially json with some additional keys. E.g.
{
"@timestamp": "2024-06-27T14:12:32.123Z",
"log.level": "INFO",
"message": "Some log message",
"ecs.version": "1.6.0",
"service.name": "metabase",
"service.version": "v1",
"service.environment": "production",
"service.node.name": "node-1",
"log.origin": {
"file.name": "SomeFile.java",
"file.line": 123,
"function": "someFunction"
}
}
Can anyone suggest what I might be doing wrong? Any help is appreciated.