Correlating OpenTelemetry logs to services

When deploying the OpenTelemetry Collector as a standalone executable or a service to monitor Linux system logs or Windows event logs, you must assign a service name to each log record manually to correlate logs with services.

You can add the service.name attribute as shown in the following example:

processors:
  transform/enrich_with_service_name:
    error_mode: ignore
    log_statements:
      - context: log
        statements:
          ## Set a "service.name" resource attribute only if the log record is from a specific file.
          ## Example checking the exact file path.
          - set(attributes["service.name"], "My Service 1") where attributes["log.file.path"] == "/path/to/service-1.log"
          ## Example using a regular expression to match a file path.
          - set(attributes["service.name"], "My Service 2") where IsMatch(attributes["log.file.path"], ".*(service-2-dir-name).*")
          ## Example using a custom-defined environment variable with a regex condition on the file path.
          ## Note: This example assumes that the environment variable MY_OTEL_SERVICE_NAME is contains
          ##       the desired service name. You may use any environment variable for this purpose.
          - set(attributes["service.name"], "${env:MY_OTEL_SERVICE_NAME}") where IsMatch(attributes["log.file.path"], ".*(some-otel-service-name).*")
          ## Example using the log path to set the service name dynamically using a named capture group in the regex
          ## to extract the project name as the "service_name" for multiple services with "projects" in their file path.
          - set(attributes["service.name"], ExtractPatterns(attributes["log.file.path"], ".*/projects/(?P<service_name>[^/]+)")["service_name"]) where IsMatch(attributes["log.file.path"], ".*(projects).*")
[...]
service:
  pipelines:
    logs:
      processors:
        # Add other processors here.
        - transform/enrich_with_service_name
        # Always recommended to batch log records.
        - batch

When you use the OpenTelemetry Collector to monitor Kubernetes services, you can add the service.name attribute to each log record by using the k8sattributes processor to extract Kubernetes pod configuration or metadata fields.

When you install the OpenTelemetry Collector by using the Helm Chart, you have access to the preconfigured k8sattributes processor in the opentelemetry-collector/templates/_config.tpl file.

In both cases, ensure that the service.name field is included in the k8sattributes processor configuration to enable service correlation:

processors:
  k8sattributes:
    extract:
      metadata:
        ## Here add any additional metadata you want to extract from the k8s environment.
        ## For the full list of supported attributes: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/k8sattributesprocessor/README.md
        - "service.name"  ## Allows logs to be correlated to specific services by Instana.
        - "k8s.pod.uid"   ## If container.id is unavailable, logs are correlated to a specific Kubernetes pod.
        - "container.id"  ## If this field is available, logs are correlated to specific containers in a Kubernetes pod.
[...]
service:
  pipelines:
    logs:
      processors:
        # Add other processors here.
        - k8sattributes
        # Always recommended to batch log records.
        - batch