HomeBig DataMicroservice observability with Amazon OpenSearch Service half 1: Hint and log correlation

Microservice observability with Amazon OpenSearch Service half 1: Hint and log correlation

Fashionable enterprises are more and more adopting microservice architectures and transferring away from monolithic buildings. Though microservices present agility in growth and scalability, and encourage use of polyglot programs, in addition they add complexity. Troubleshooting distributed companies is tough as a result of the applying behavioral information is distributed throughout a number of machines. Due to this fact, with a view to have deep insights to troubleshoot distributed functions, operational groups want to gather utility behavioral information in a single place to scan via them.

Though establishing monitoring programs focuses on analyzing solely log information might help you perceive what went incorrect and notify about any anomalies, it fails to supply perception into why one thing went incorrect and precisely the place within the utility code it went incorrect. Fixing points in a fancy community of programs is like discovering a needle in a haystack. Observability based mostly on Open Requirements outlined by OpenTelemetry addresses the issue by offering help to deal with logs, traces, and metrics inside a single implementation.

On this sequence, we cowl the setup and troubleshooting of a distributed microservice utility utilizing logs and traces. Logs are immutable, timestamped, discreet occasions taking place over a time period, whereas traces are a sequence of associated occasions that seize the end-to-end request movement in a distributed system. We glance into acquire a big quantity of logs and traces in Amazon OpenSearch Service and correlate these logs and traces to seek out the precise difficulty and the place the problem was generated.

Any investigation of points in enterprise functions must be logged in an incident report, in order that operational and growth groups can collaborate to roll out a repair. When any investigation is carried out, it’s vital to jot down a story in regards to the difficulty in order that it may be utilized in dialogue later. We glance into use the most recent pocket book characteristic in OpenSearch Service to create the incident report.

On this publish, we focus on the structure and utility troubleshooting steps.

Answer overview

The next diagram illustrates the observability answer structure to seize logs and traces.

The answer parts are as follows:

  • Amazon OpenSearch Service is a managed AWS service that makes it simple to deploy, function, and scale OpenSearch clusters within the AWS Cloud. OpenSearch Service helps OpenSearch and legacy Elasticsearch open-source software program (as much as 7.10, the ultimate open-source model of the software program).
  • FluentBit is an open-source processor and forwarder that collects, enriches, and sends metrics and logs to varied locations.
  • AWS Distro for OpenTelemetry is a safe, production-ready, AWS-supported distribution of the OpenTelemetry undertaking. With AWS Distro for OpenTelemetry, you possibly can instrument your functions simply as soon as to ship correlated metrics and traces to a number of AWS and Associate monitoring options, together with OpenSearch Service.
  • Knowledge Prepper is an open-source utility service with the flexibility to filter, enrich, rework, normalize, and combination information to allow an end-to-end evaluation lifecycle, from gathering uncooked logs to facilitating subtle and actionable interactive advert hoc analyses on the information.
  • We use a pattern observability store net utility constructed as a microservice to show the capabilities of the answer parts.
  • Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you should utilize to run Kubernetes on AWS without having to put in, function, and preserve your individual Kubernetes management airplane or nodes. Kubernetes is an open-source system for automating the deployment, scaling, and administration of the container.

On this answer, we have now a pattern o11y (Observability) Store net utility written in Python and Java, and deployed in an EKS cluster. The net utility consists of varied companies. When some operations are performed from the entrance finish, the request travels via a number of companies on the backend. The applying companies are working as separate containers, whereas AWS Distro for OpenTelemetry, FluentBit, and Knowledge Prepper are working as sidecar containers.

FluentBit is used for gathering log information from utility containers, after which sends logs to Knowledge Prepper. For gathering traces, first the applying companies are instrumented utilizing the OpenTelemetry SDK. Then, with AWS Distro for OpenTelemetry collector, hint info is collected and despatched to Knowledge Prepper. Knowledge Prepper forwards the logs and traces information to OpenSearch Service.

We suggest deploying the OpenSearch Service area inside a VPC, so a reverse proxy is required to have the ability to log in to OpenSearch Dashboards.


You want an AWS account with obligatory permissions to deploy the answer.

Arrange the atmosphere

We use AWS CloudFormation to provision the parts of our structure. Full the next steps:

  1. Launch the CloudFormation stack within the us-east-1 Area:
  2. You could preserve the stack identify default to AOS-Observability.
  3. You could change the OpenSearchMasterUserName parameter used for OpenSearch Service login whereas retaining different parameter values to default. The stack provisions a VPC, subnets, safety teams, route tables, an AWS Cloud9 occasion, and an OpenSearch Service area, together with a Nginx reverse proxy. It additionally configures AWS Identification and Entry Administration (IAM) roles. The stack may also generate a brand new random password for OpenSearch Service area which might be seen within the CloudFormation Outputs tab underneath AOSDomainPassword.
  4. On the stack’s Outputs tab, select the hyperlink for the AWS Cloud9 IDE.
  5. Run the next code to put in the required packages, configure the atmosphere variables and provision the EKS cluster:
    curl -sSL https://uncooked.githubusercontent.com/aws-samples/observability-with-amazon-opensearch-blog/major/scripts/eks-setup.sh | bash -s <<CloudFormation Stack Identify>>

    After the sources are deployed, it prints the hostname for the o11y Store net utility.

  6. Copy the hostname and enter it within the browser.

This opens the o11y Store microservice utility, as proven within the following screenshot.

Entry the OpenSearch Dashboards

To entry the OpenSearch Dashboards, full the next steps:

  1. Select the hyperlink for AOSDashboardsPublicIP from the CloudFormation stack outputs. As a result of the OpenSearch Service area is deployed contained in the VPC, we use an Nginx reverse proxy to ahead the visitors to the OpenSearch Service area. As a result of the OpenSearch Dashboards URL is signed utilizing a self-signed certificates, you have to bypass the safety exception. In manufacturing, a sound certificates is advisable for safe entry.
  2. Assuming you’re utilizing Google Chrome, while you’re on this web page, enter thisisunsafe.Google Chrome redirects you to the OpenSearch Service login web page.
  3. Log in with the OpenSearch Service login particulars (discovered within the CloudFormation stack output: AOSDomainUserName and AOSDomainPassword).You’re offered with a dialog requesting you so as to add information for exploration.
  4. Choose Discover by myself.
  5. When requested to pick out a tenant, depart the default choices and select Affirm.
  6. Open the Hamburger menu to discover the plugins inside OpenSearch Dashboards.

That is the OpenSearch Dashboards person interface. We use it within the subsequent steps to research, discover, repair, and discover the basis explanation for the problem.

Logs and traces technology

Click on across the o11y Store utility to simulate person actions. It will generate logs and a few traces for the related microservices saved in OpenSearch Service. You are able to do the method a number of occasions to generate extra pattern logs and traces information.

Create an index sample

An index sample selects the information to make use of and permits you to outline properties of the fields. An index sample can level to a number of indexes, information streams, or index aliases.

It is advisable to create an index sample to question the information via OpenSearch Dashboards.

  1. On OpenSearch Dashboards, select Stack Administration.
  2. Select Index Patterns
  3. Select Create index sample.
  4. For Index sample identify, enter sample_app_logs. OpenSearch Dashboards additionally helps wildcards.
  5. Select Subsequent step.
  6. For Time discipline, select time.
  7. Select Create index sample.
  8. Repeat these steps to create the index sample otel-v1-apm-span* with occasion.time because the time discipline for locating traces.

Search logs

Select the menu icon and search for the Uncover part in OpenSearch Dashboards. The Uncover panel permits you to view and question logs. Verify the log exercise taking place within the microservice utility.

If you happen to can’t see any information, enhance the time vary to one thing massive (just like the final hour). Alternatively, you possibly can play across the o11y Store utility to generate latest logs and traces information.

Instrument functions to generate traces

Functions must be instrumented to generate and ship hint information downstream. There are two sorts of instrumentation:

  • Automated – In automated instrumentation, no utility code change is required. It makes use of an agent that may seize hint information from the working utility. It requires utilization of the language-specific API and SDK, which takes the configuration supplied via the code or atmosphere and offers good protection of endpoints and operations. It robotically determines the span begin and finish.
  • Guide – In handbook instrumentation, builders want so as to add hint seize code to the applying. This offers customization when it comes to capturing traces for a customized code block, naming numerous parts in OpenTelemetry like traces and spans, including attributes and occasions, and dealing with particular exceptions inside the code.

In our utility code, we use handbook instrumentation. Confer with Guide Instrumentation to gather traces within the GitHub repository to know the steps.

Discover hint analytics

OpenSearch Service model 1.3 has a brand new module to help observability.

  1. Select the menu icon and search for the Observability part underneath OpenSearch Plugins.
  2. Select Hint analytics to look at a few of the traces generated by the backend service. If you happen to miss out on ample information, enhance the time vary. Alternatively, select all of the buttons on the pattern app webpage for every utility service to generate ample hint information to debug. You possibly can select every possibility a number of occasions. The next screenshot reveals a summarized view of the traces captured.

    The dashboard view teams traces collectively by hint group identify and offers details about common latency, error fee, and developments related to a selected operation. Latency variance signifies if the latency of a request falls beneath the 95 percentile or above. If there are a number of hint teams, you possibly can scale back the view by including filters on numerous parameters.
  3. Add a filter on the hint group client_checkout.

    The next screenshot reveals our filtered outcomes.

    The dashboard additionally incorporates a map of all of the linked companies. The Service map helps present a high-level view on what’s happening within the companies based mostly on the color-coding grouped by Latency, Error fee, and Throughput. This helps you determine issues by service.
  4. Select Error fee to discover the error fee of the linked companies.Primarily based on the color-coding within the following diagram, it’s evident that the cost service is throwing errors, whereas different companies are working tremendous with none errors.
  5. Change to the Latency view, which reveals the relative latency in milliseconds with totally different colours.
    That is helpful for troubleshooting bottlenecks in microservices.

    The Hint analytics dashboard additionally reveals distribution of traces over time and hint error fee over time.
  6. To find the checklist of traces, underneath Hint analytics within the navigation pane, select Traces.
  7. To search out the checklist of companies, depend of traces per service, and different service-level statistics, select Providers within the navigation pane.

Search traces

Now we wish to drill down and be taught extra about troubleshoot errors.

  1. Return to the Hint analytics dashboard.
  2. Select Error Charge Service Map and select the cost service on the graph.The cost service is in darkish pink. This additionally units the cost service filter on the dashboard, and you’ll see the hint group within the higher pane.
  3. Select the Traces hyperlink of the client_checkout hint group.

    You’re redirected to the Traces web page. The checklist of traces for the client_checkout hint group might be discovered right here.
  4. To view particulars of the traces, select Hint IDs.You possibly can see a pie chart exhibiting how a lot time the hint has spent in every service. The hint consists of a number of spans, which is outlined as a timed operation that represents a chunk of workflow within the distributed system. On the best, it’s also possible to see time spent in every span, and which have an error.
  5. Copy the hint ID within the client-checkout group.

Log and hint correlation

Though the log and hint information offers useful info individually, the precise benefit is after we can relate hint information to log information to seize extra particulars about what went incorrect. There are 3 ways we are able to correlate traces to logs:

  • Runtime – Logs, traces, and metrics can report the second of time or the vary of time the run befell.
  • Run context – That is often known as the request context. It’s commonplace apply to report the run context (hint and span IDs in addition to user-defined context) within the spans. OpenTelemetry extends this apply to logs the place potential by together with the TraceID and SpanID within the log information. This enables us to straight correlate logs and traces that correspond to the identical run context. It additionally permits us to correlate logs from totally different parts of a distributed system that participated within the specific request.
  • Origin of the telemetry – That is often known as the useful resource context. OpenTelemetry traces and metrics comprise details about the useful resource they arrive from. We prolong this apply to logs by together with the useful resource within the log information.

These three correlation strategies might be the inspiration of highly effective navigational, filtering, querying, and analytical capabilities. OpenTelemetry goals to report and acquire logs in a way that allows such correlations.

  1. Use the copied traceId from the earlier part and seek for corresponding logs on the Occasion analytics web page.
    We use the next PPL question:
    supply = sample_app_logs | the place traceId = “<<trace_id>>

    Make certain to extend the time vary to not less than the final hour.

  2. Select Replace to seek out the corresponding log information for the hint ID.
  3. Select the develop icon to seek out extra particulars.This reveals you the small print of the log together with the traceId. This log reveals that the cost checkout operation failed. This correlation allowed us to seek out key info within the log that permits us to go to the applying and debug the code.
  4. Select the Traces tab to see the corresponding hint information linked with the log information.
  5. Select View surrounding occasions to find different occasions taking place on the identical time.

This info might be useful if you wish to perceive what’s happening in the entire utility, notably how different companies are impacted throughout that point.


This part offers the mandatory info for deleting numerous sources created as a part of this publish.

It is strongly recommended to carry out the beneath steps after going via the subsequent publish of the sequence.

  1. Execute the next command on the Cloud9 terminal to take away Elastic Kubernetes Service Cluster and its sources.
    eksctl delete cluster --name=observability-cluster

  2. Execute the script to delete the Amazon Elastic Container Registry repositories.
    cd observability-with-amazon-opensearch-blog/scripts
    bash 03-delete-ecr-repo.sh

  3. Delete the CloudFormation stacks in sequence - eksDeploy, AOS-Observability.


On this publish, we deployed an Observability (o11y) Store microservice utility with numerous companies and captured logs and traces from the applying. We used FluentBit to seize logs, AWS Distro for Open Telemetry to seize traces, and Knowledge Prepper to gather these logs and traces and ship it to OpenSearch Service. We confirmed use the Hint analytics web page to look into the captured traces, particulars about these traces, and repair maps to seek out potential points. To correlate log and hint information, we demonstrated use the Occasion analytics web page to jot down a easy PPL question to seek out corresponding log information. The implementation code might be discovered within the GitHub repository for reference.

The following publish in our sequence covers using PPL to create an operational panel to watch our microservices together with an incident report utilizing notebooks.

Concerning the Creator

Subham Rakshit is a Streaming Specialist Options Architect for Analytics at AWS based mostly within the UK. He works with clients to design and construct search and streaming information platforms that assist them obtain their enterprise goal. Outdoors of labor, he enjoys spending time fixing jigsaw puzzles together with his daughter.

Marvin Gersho is a Senior Options Architect at AWS based mostly in New York Metropolis. He works with a variety of startup clients. He beforehand labored for a few years in engineering management and hands-on utility growth, and now focuses on serving to clients architect safe and scalable workloads on AWS with a minimal of operational overhead. In his free time, Marvin enjoys biking and technique board video games.

Rafael Gumiero is a Senior Analytics Specialist Options Architect at AWS. An open-source and distributed programs fanatic, he offers steering to clients who develop their options with AWS Analytics companies, serving to them optimize the worth of their options.


Most Popular

Recent Comments