OpenTelemetry Exporter (om_otel)

This module establishes HTTP(S) and GRPC connections to an OpenTelemetry collector or backend using the OpenTelemetry Protocol (OTLP) Specification. It supports traces and logs.

OpenTelemetry, or OTel, is an open-source observability framework that provides APIs and other tools for collecting and exporting telemetry data, such as traces, metrics, and logs. OTel is vendor-agnostic, and many observability platforms, libraries, services, and applications integrate it. It supports HTTP/1.1 and HTTP/2 connections.

To examine the supported platforms, see the list of installation packages.

Configuration

The om_otel module accepts the following directives in addition to the common module directives.

Required directives

URL

Specifies the URL for the module to send the event data.

Optional directives

Format

Specifies the format used to send the events. The possible values are grpc, json, and protobuf. The default is grpc.

AddHeader

This optional directive can be specified multiple times to add custom headers to each HTTP request.

Compression

This optional directive can be used to enable HTTP compression for outgoing HTTP messages. The possible values are none, gzip, and deflate (not supported together with the grpc format). By default, compression is disabled. Please note that some HTTP servers may not accept compressed HTTP requests. If a server doesn’t support a specific compression method, it may return 415 Unsupported Media Type errors in response to compressed requests.

HTTPBasicAuthUser

HTTP basic authorization username. You must also set the HTTPBasicAuthPassword directive to use HTTP authorization. This directive is not supported together with the grpc format.

HTTPBasicAuthPassword

HTTP basic authorization password. You must also set the HTTPBasicAuthUser directive to use HTTP authorization. This directive is not supported together with the grpc format.

HTTPSAllowExpired

This boolean directive specifies whether the connection should be allowed with an expired certificate. If set to TRUE, the remote host will be able to connect with an expired certificate. The default is FALSE: the certificate must not be expired. This directive is not supported together with the grpc format.

HTTPSAllowUntrusted

This boolean directive specifies that the connection should be allowed without certificate verification. If set to TRUE, the connection will be allowed even if the remote host presents an unknown or self-signed certificate. The default value is FALSE: the remote host must present a trusted certificate. This directive is not supported together with the grpc format.

HTTPSCADir

This directive specifies a path to a directory containing certificate authority (CA) certificates. These certificates will be used to verify the certificate presented by the remote host. The certificate files must be named using the OpenSSL hashed format, i.e. the hash of the certificate followed by .0, .1 etc. To find the hash of a certificate using OpenSSL:

$ openssl x509 -hash -noout -in ca.crt

For example, if the certificate hash is e2f14e4a, then the certificate filename should be e2f14e4a.0. If there is another certificate with the same hash then it should be named e2f14e4a.1 and so on.

A remote host’s self-signed certificate (which is not signed by a CA) can also be trusted by including a copy of the certificate in this directory.

The default operating system root certificate store will be used if this directive is not specified. Unix-like operating systems commonly store root certificates in /etc/ssl/certs. Windows operating systems use the Windows Certificate Store, while macOS uses the Keychain Access Application as the default certificate store. See Certification Authority (CA) certificates in the NXLog Platform User Guide for more information on using this directive.

This directive is not supported together with the grpc format.

HTTPSCAFile

This specifies the path of the certificate authority (CA) certificate that will be used to verify the certificate presented by the remote host. A remote host’s self-signed certificate (which is not signed by a CA) can be trusted by specifying the remote host certificate itself. In the case of certificates signed by an intermediate CA, the certificate specified must contain the complete certificate chain (certificate bundle).

HTTPSCertFile

This specifies the path of the certificate file that will be presented to the remote host during the HTTPS handshake.

HTTPSCertKeyFile

This specifies the path of the private key file that was used to generate the certificate specified by the HTTPSCertFile directive. This is used for the HTTPS handshake.

Proxy

This optional directive is used to specify the protocol, IP address (or hostname) and port number of the HTTP or SOCKS proxy server to be used. The format is protocol://hostname:port. This directive is not supported together with the grpc format.

Reconnect

This optional directive sets the reconnect interval in seconds. If it is set, the module attempts to reconnect in every defined second. If it is not set, the reconnect interval will start at 1 second and doubles on every attempt. If the duration of the successful connection is greater than the current reconnect interval, then the reconnect interval will be reset to 1 sec.

Output log format

om_otel forwards structured log records according to the directive Format. Each log record includes the same fields as the ones supported by im_otel, except that $raw_event, $RecordType, and $Severity are not included.

Besides this, om_otel automatically defines the values of the following fields if they are empty:

Log record type Empty field Replacement value

Logs

$TimeUnixNano

$EventTime or the current time if both fields are empty

$ObservedTimeUnixNano

$EventReceivedTime or the current time if both fields are empty

$SeverityText

$Severity

$Body

$Message

$Resource

$SourceName will populate $Resource['Attributes']

Traces

$Name

$Message or $raw_event if both fields are empty

$TraceId

Random generated ID

$SpanId

Random generated ID

$StartTimeUnixNano

$EventTime, $EventReceivedTime, or the current time, depending on the first non-empty field found

$EndTimeUnixNano

$EventTime, $EventReceivedTime, or the current time, depending on the first non-empty field found