-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add OTLP/Traces output support #613
Commits on Feb 5, 2024
-
feat: add OTLP/Traces output support
Add OTLP/Traces output support, using stable OTEL golang SDK. Folding Falco events into traces allows them to be represented as "hierarchical" views. Using a TraceID taken from `container.id` (or Kubernetes labels down to `k8s.pod.name` if present), all Falco events will be "rooted" under the container where it occurred, enabling a tree~ish view of these. It's implemented alongside other outputs (`outputs/otlp.go`), using existing configuration approach (YAML config and/or environment vars), excerpt from `config_example.yaml` changes: ```yaml otlp: traces: # endpoint: "" # OTLP endpoint in the form of http://{domain or ip}:4318/v1/traces # protocol: "" # OTLP protocol http/json, http/protobuf, grpc (default: "" which uses SDK default: http/json) # timeout: "" # OTLP timeout: timeout value in milliseconds (default: "" which uses SDK default: 10000) # headers: "" # OTLP headers: list of headers to apply to all outgoing traces in the form of "some-key=some-value,other-key=other-value" (default: "") # synced: false # Set to true if you want traces to be sent synchronously (default: false) # duration: 1000 # Artificial span duration in milliseconds (default: 1000) # extraenvvars: # Extra env vars (override the other settings) # OTEL_EXPORTER_OTLP_TRACES_TIMEOUT: 10000 # OTEL_EXPORTER_OTLP_TIMEOUT: 10000 ``` As the implementation uses upstream golang OTEL SDK, all OTEL environment variables [can also be used](https://opentelemetry.io/docs/concepts/sdk-configuration/otlp-exporter-configuration/), namely * OTEL_EXPORTER_OTLP_HEADERS, OTEL_EXPORTER_OTLP_TRACES_HEADERS * OTEL_EXPORTER_OTLP_TIMEOUT, OTEL_EXPORTER_OTLP_TRACES_TIMEOUT * OTEL_EXPORTER_OTLP_PROTOCOL, OTEL_EXPORTER_OTLP_TRACES_PROTOCOL See [otlp_traces.md](./docs/outputs/otlp_traces.md) for more details, including a `docker_compose.yaml` to stage a whole stack (falco, falcosidekick, Grafana Tempo and Grafana visualization). This PR idea and 1st draft was originally crafted during a hackathon at @grafana Labs, together with @mostafa and @petewall. -- Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d462c5d - Browse repository at this point
Copy the full SHA d462c5dView commit details -
fix `key: value` in config_example.yaml Co-authored-by: Thomas Labarussias <issif+github@gadz.org> Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ed59731 - Browse repository at this point
Copy the full SHA ed59731View commit details -
Co-authored-by: Thomas Labarussias <issif+github@gadz.org> Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for dd78c57 - Browse repository at this point
Copy the full SHA dd78c57View commit details -
Co-authored-by: Thomas Labarussias <issif+github@gadz.org> Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1aaed16 - Browse repository at this point
Copy the full SHA 1aaed16View commit details -
Co-authored-by: Thomas Labarussias <issif+github@gadz.org> Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8fe9a5f - Browse repository at this point
Copy the full SHA 8fe9a5fView commit details -
address more @Issif feedback (cleanup)
Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1a2b17d - Browse repository at this point
Copy the full SHA 1a2b17dView commit details -
use go 1.20 (fix CI), fix NewClient() call to use new `types.InitClie…
…ntArgs` Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9e4a081 - Browse repository at this point
Copy the full SHA 9e4a081View commit details -
add screenshots from running whole OTLP stack (under docker-compose, …
…as documented) Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9353d05 - Browse repository at this point
Copy the full SHA 9353d05View commit details -
remove wrongly added local files
Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b283312 - Browse repository at this point
Copy the full SHA b283312View commit details -
clarify the un-need to parse OTLP.Traces.Headers field
Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 53e50cc - Browse repository at this point
Copy the full SHA 53e50ccView commit details -
fix outputs/otlp_test.go for NewClient() using
types.InitClientArgs
Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d2ade1a - Browse repository at this point
Copy the full SHA d2ade1aView commit details
Commits on Feb 6, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 367f3a6 - Browse repository at this point
Copy the full SHA 367f3a6View commit details -
Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for c753a13 - Browse repository at this point
Copy the full SHA c753a13View commit details