Coding and logging are naturally related. Nearly everyone starts by printing ‘Hello World!’ to the console. But your code is not the only thing that writes out log messages. The entire tech stack, including the operating system and every other piece of software, also writes out log messages. There’s a mature market of tools that ship, aggregate, and index logs. Instana is proud to now fully support the market leader, Splunk.
Where Splunk fits
Instana enables automatic code observability with our AutoTrace™ technology for most language runtimes across many platforms. AutoTrace™ automatically captures log messages that are at ‘WARN’ or higher. The log messages are then indexed and easily searchable, taking you directly to the traces that contain the log message.
While this capability covers several use cases, there are a few others that can be addressed. It is important to remember that every program produces logs, with many of them being written in C/C++ which makes them difficult to be automatically observable. Also, when debugging a tricky issue it can be beneficial to gather additional information from log messages even if they’re below the ‘WARN’ level.
These areas are where log aggregation technologies like Splunk show their value. With Splunk, all of your logs are in one place, fully indexed, and searchable. Instana links directly to the matching log entries. The fields from the log files are extracted and indexed making it easy to click into specific log entries based on fields such as: Docker container identifier, host name, and Kubernetes Pod identifier from the Instana UI.
Splunk integration in action
To create screenshots of this integration we used Kubernetes on GKE with Stan’s Robot Shop (a sample microservice application) deployed along with Fluentd using the Splunk HTTP Event Collector (HEC) shipper sending logs to Splunk.
This Instana dashboard shows the details of a Kubernetes (K8s) Pod and, because a logging integration has been configured, there is an additional dropdown to quickly navigate to the matching log entries. Most users would only configure one logging integration, but for the purposes of these screenshots two integrations have been configured.
When clicking into the logs, the logging dashboard opens in a new tab on your browser. The search term is pre populated with context and the time range that matches the Instana dashboard you were viewing when you clicked through. In this screenshot you can see that there are additional ‘INFO’ level messages that could potentially be useful to identify why your code is not doing what you think it should be.
Best of breed
Instana is the best of breed solution for monitoring cloud-native, containerized microservice applications. Instana is focused on the challenges presented by these complex, highly dynamic environments, rather than trying to be a Jack of all trades. By integrating with other best of breed solutions for log aggregation, Instana gives you the freedom to choose the solutions that best cover all of your unique use cases.