Configure the Telemetry module to send logs, metrics, and traces from your cluster to an SAP Cloud Logging instance. By centralizing this data in your SAP Cloud Logging instance, you can store, visualize, and analyze the observability of your applications.
-
Kyma as the target deployment environment, with the following modules added (see Adding and Deleting a Kyma Module):
-
Telemetry module
-
To collect data from your Istio service mesh: Istio module (default module)
-
SAP BTP Operator module (default module)
-
-
An instance of SAP Cloud Logging with OpenTelemetry ingestion enabled. For details, see Ingest via OpenTelemetry API Endpoint.
Create the SAP Cloud Logging instance with the SAP BTP service operator (see Create an SAP Cloud Logging Instance through SAP BTP Service Operator), because it takes care of creation and rotation of the required Secret. However, you can choose any other method of creating the instance and the Secret, as long as the parameter for OTLP ingestion is enabled in the instance. For details, see Configuration Parameters.
-
A Secret in the respective namespace in your Kyma cluster, holding the credentials and endpoints for the instance. It’s recommended that you rotate your Secret (see SAP BTP Security Recommendation BTP-CLS-0003). In the following example, the Secret is named “sap-cloud-logging” and the namespace “sap-cloud-logging-integration”, as illustrated in the secret-example.yaml.
-
Kubernetes CLI (kubectl) (see Install the Kubernetes Command Line Tool).
-
UNIX shell or Windows Subsystem for Linux (WSL) to execute commands.
The Telemetry module supports shipping logs and ingesting distributed traces as well as metrics from applications and the Istio service mesh to SAP Cloud Logging.
First, set up the Telemetry module to ship the logs, traces, and metrics to your backend by deploying the pipelines and other required resources. Then, you configure Kyma dashboard integration. Finally, set up SAP Cloud Logging alerts and dashboards.
SAP Cloud Logging is an instance-based and environment-agnostic observability service to store, visualize, and analyze logs, metrics, and traces.
You can set up ingestion of logs from applications and the Istio service mesh to the OTLP endpoint of the SAP Cloud Logging service instance.
Set Up Application Logs
-
Deploy a
LogPipelinefor application logs:kubectl apply -f - <<EOF apiVersion: telemetry.kyma-project.io/v1beta1 kind: LogPipeline metadata: name: sap-cloud-logging spec: input: runtime: enabled: true output: otlp: endpoint: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-endpoint tls: cert: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-cert key: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-key EOF -
Verify that the
LogPipelineis running:kubectl get logpipelines
Set Up Istio Access Logs
By default, Istio sidecar injection and Istio access logs are disabled in Kyma. To analyze them, you must enable them:
-
Enable Istio sidecar injection for your workload (see Enabling Istio Sidecar Proxy Injection).
-
Configure the Istio
Telemetryresource (see Configure Istio Access Logs) with thekyma-logsextension provider.
You can set up ingestion of distributed traces from applications and the Istio service mesh to the OTLP endpoint of the SAP Cloud Logging service instance.
Set Up Traces
-
Deploy a
TracePipeline:kubectl apply -f - <<EOF apiVersion: telemetry.kyma-project.io/v1beta1 kind: TracePipeline metadata: name: sap-cloud-logging spec: output: otlp: endpoint: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-endpoint tls: cert: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-cert key: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-key EOF -
Verify that the
TracePipelineis running:kubectl get tracepipelines
Set Up Istio Tracing
By default, Istio sidecar injection and Istio tracing are disabled in Kyma. To analyze them, you must enable them:
-
Enable Istio sidecar injection for your workload (see Enabling Istio Sidecar Proxy Injection).
-
Configure the Istio
Telemetryresource to use thekyma-tracesextension provider based on OTLP (see Configure Istio Tracing).
You can set up ingestion of metrics from applications and the Istio service mesh to the OTLP endpoint of the SAP Cloud Logging service instance.
-
Deploy a
MetricPipeline:kubectl apply -f - <<EOF apiVersion: telemetry.kyma-project.io/v1beta1 kind: MetricPipeline metadata: name: sap-cloud-logging spec: input: prometheus: enabled: false istio: enabled: false runtime: enabled: false output: otlp: endpoint: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-endpoint tls: cert: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-cert key: valueFrom: secretKeyRef: name: sap-cloud-logging namespace: sap-cloud-logging-integration key: ingest-otlp-key EOFThe default configuration creates a gateway to receive OTLP metrics from your applications.
-
Optional: To collect additional metrics, such as those from the runtime or Istio, configure the presets in the
inputsection of theMetricPipeline. For the available options, see Collecting Metrics. -
Verify that the
MetricPipelineis running:kubectl get metricpipelines
You can add direct links from Kyma dashboard to SAP Cloud Logging.
-
If your Secret has a name or namespace different from the example, download the file and edit the
dataSourcessection before you apply it. -
Apply the
ConfigMap:kubectl apply -f https://raw.githubusercontent.com/kyma-project/telemetry-manager/main/docs/user/integration/sap-cloud-logging/kyma-dashboard-configmap.yaml
You can import predefined alerts for SAP Cloud Logging to monitor the health of your telemetry integration.
-
In the SAP Cloud Logging dashboard, define a “notification channel” to receive alert notifications.
-
To import a monitor, use the development tools of the SAP Cloud Logging dashboard.
-
Execute
POST _plugins/_alerting/monitors, followed by the contents of the respective JSON file. -
Depending on the pipelines you are using, enable some or all of the following alerts:
The alerts are based on JSON documents defining a
Monitorfor the alerting plugin.Monitored Component
File
Description
SAP Cloud Logging
Monitors the health of the underlying OpenSearch cluster in SAP Cloud Logging using the cluster health API. Triggers if the cluster status becomes red.
SAP Cloud Logging
Monitors the
cls-rejected-*index for new data. Triggers if new rejected data is observed.Kyma Telemetry Integration
Monitors the status of the Telemetry module. Triggers if the module reports a non-ready state.
Kyma Telemetry Integration
Monitors the
LogPipeline. Triggers if log data stops flowing.Kyma Telemetry Integration
Monitors the
TracePipeline. Triggers if trace data stops flowing to SAP Cloud Logging.Kyma Telemetry Integration
Monitors the
MetricPipeline. Triggers if metric data stops flowing to SAP Cloud Logging. -
After importing, edit the monitor to attach your notification channel or destination and adjust thresholds as needed.
-
Verify that the new monitor definition is listed among the SAP Cloud Logging alerts.
You can view logs, traces, and metrics in SAP Cloud Logging dashboards. Several dashboards come with SAP Cloud Logging, and you can import additional dashboards as needed.
-
For the status of the SAP Cloud Logging integration with the Telemetry module, import the file dashboard-status.ndjson.
-
For application logs and Istio access logs: Use the preconfigured dashboard Overview.
-
For traces, use the OpenSearch plugin “Observability”.
-
For runtime metrics, import the file dashboard-runtime.ndjson.
-
For Istio Pod metrics, import the file dashboard-istio.ndjson.