tencent-cloud-cls

Description

The tencent-cloud-cls Plugin uses TencentCloud CLS API to forward APISIX logs to your topic.

Attributes

NameTypeRequiredDefaultValid valuesDescription
cls_hoststringYesCLS API host,please refer Uploading Structured Logs.
cls_topicstringYestopic id of CLS.
secret_idstringYesSecretId of your API key.
secret_keystringYesSecretKey of your API key.
sample_rationumberNo1[0.00001, 1]How often to sample the requests. Setting to 1 will sample all requests.
include_req_bodybooleanNofalse[false, true]When set to true includes the request body in the log. If the request body is too big to be kept in the memory, it can’t be logged due to NGINX’s limitations.
include_req_body_exprarrayNoFilter for when the include_req_body attribute is set to true. Request body is only logged when the expression set here evaluates to true. See lua-resty-expr for more.
include_resp_bodybooleanNofalse[false, true]When set to true includes the response body in the log.
include_resp_body_exprarrayNoFilter for when the include_resp_body attribute is set to true. Response body is only logged when the expression set here evaluates to true. See lua-resty-expr for more.
global_tagobjectNokv pairs in JSON,send with each log.
log_formatobjectNoLog format declared as key value pairs in JSON format. Values only support strings. APISIX or Nginx variables can be used by prefixing the string with $.

NOTE: encrypt_fields = {"secret_key"} is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.

This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every 5 seconds or when the data in the queue reaches 1000. See Batch Processor for more information or setting your custom configuration.

Example of default log format

  1. {
  2. "response": {
  3. "headers": {
  4. "content-type": "text/plain",
  5. "connection": "close",
  6. "server": "APISIX/3.7.0",
  7. "transfer-encoding": "chunked"
  8. },
  9. "size": 136,
  10. "status": 200
  11. },
  12. "route_id": "1",
  13. "upstream": "127.0.0.1:1982",
  14. "client_ip": "127.0.0.1",
  15. "apisix_latency": 100.99985313416,
  16. "service_id": "",
  17. "latency": 103.99985313416,
  18. "start_time": 1704525145772,
  19. "server": {
  20. "version": "3.7.0",
  21. "hostname": "localhost"
  22. },
  23. "upstream_latency": 3,
  24. "request": {
  25. "headers": {
  26. "connection": "close",
  27. "host": "localhost"
  28. },
  29. "url": "http://localhost:1984/opentracing",
  30. "querystring": {},
  31. "method": "GET",
  32. "size": 65,
  33. "uri": "/opentracing"
  34. }
  35. }

Metadata

You can also set the format of the logs by configuring the Plugin metadata. The following configurations are available:

NameTypeRequiredDefaultDescription
log_formatobjectFalseLog format declared as key value pairs in JSON format. Values only support strings. APISIX or Nginx variables can be used by prefixing the string with $.
tencent-cloud-cls - 图1IMPORTANT

Configuring the Plugin metadata is global in scope. This means that it will take effect on all Routes and Services which use the tencent-cloud-cls Plugin.

The example below shows how you can configure through the Admin API:

tencent-cloud-cls - 图2note

You can fetch the admin_key from config.yaml and save to an environment variable with the following command:

  1. admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
  1. curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/tencent-cloud-cls \
  2. -H "X-API-KEY: $admin_key" -X PUT -d '
  3. {
  4. "log_format": {
  5. "host": "$host",
  6. "@timestamp": "$time_iso8601",
  7. "client_ip": "$remote_addr"
  8. }
  9. }'

With this configuration, your logs would be formatted as shown below:

  1. {"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","route_id":"1"}
  2. {"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","route_id":"1"}

Enable Plugin

The example below shows how you can enable the Plugin on a specific Route:

  1. curl http://127.0.0.1:9180/apisix/admin/routes/1 \
  2. -H "X-API-KEY: $admin_key" -X PUT -d '
  3. {
  4. "plugins": {
  5. "tencent-cloud-cls": {
  6. "cls_host": "ap-guangzhou.cls.tencentyun.com",
  7. "cls_topic": "${your CLS topic name}",
  8. "global_tag": {
  9. "module": "cls-logger",
  10. "server_name": "YourApiGateWay"
  11. },
  12. "include_req_body": true,
  13. "include_resp_body": true,
  14. "secret_id": "${your secret id}",
  15. "secret_key": "${your secret key}"
  16. }
  17. },
  18. "upstream": {
  19. "type": "roundrobin",
  20. "nodes": {
  21. "127.0.0.1:1980": 1
  22. }
  23. },
  24. "uri": "/hello"
  25. }'

Example usage

Now, if you make a request to APISIX, it will be logged in your cls topic:

  1. curl -i http://127.0.0.1:9080/hello

Delete Plugin

To disable this Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.

  1. curl http://127.0.0.1:9180/apisix/admin/routes/1 \
  2. -H "X-API-KEY: $admin_key" -X PUT -d '
  3. {
  4. "uri": "/hello",
  5. "plugins": {},
  6. "upstream": {
  7. "type": "roundrobin",
  8. "nodes": {
  9. "127.0.0.1:1980": 1
  10. }
  11. }
  12. }'