Using our AWS CloudFormation template, you can deploy a CloudFormation stack to forward application logs from Amazon Elastic Container Service (Amazon ECS) backed by AWS Fargate to the Splunk AppDynamics Common Ingestion Service, where they are associated with the right entities in your observability domains. This page provides instructions for using our CloudFormation template to create a CloudFormation stack.

Prerequisites

  • An Amazon ECS cluster with infrastructure selected as AWS Fargate (serverless)
  • Fargate must be selected in ECS cluster 
  • Fargate Task must have:
    • Linux OS (currently only Linux installation is supported)
    • X86_64 or amd64 architecture

Install the Log Collector on the ECS Cluster

To collect logs from applications running on AWS Fargate, you must install the Log Collector's AWS service components (Lambda functions, s3 buckets, log router, and so on), version 23.10.0 or newer. See Deploy the AWS Services Log Collector using a CloudFormation Stack.

Enable Log Collection

To enable log collection, modify your Fargate task definition as follows. This modification causes AWS Firelens to load the Log Collector's AWS service components in a sidecar container using the AWS fluent bit image public.ecr.aws/aws-observability/aws-for-fluent-bit:stable. The sidecar is attached to the container of the application for which logs need to be collected.

Task Definition Changes for Application (From AWS Console)

  1. On the AWS console, navigate to the Amazon Elastic Container Service dashboard > Task definitions > Fargate.
  2. Make sure the following roles and policies are attached to the Fargate task definition:
    • AmazonECSTaskExecutionRolePolicy
    • AmazonS3FullAccess

  3. In the Fargate task definition, add logConfiguration blocks with the exact values as shown below, but replace the <account> and <region> placeholders with your own values. Example for <region> is "ap-south-1".

    {
    "family": "<your task family>",
    "containerDefinitions": [
        {
            "...",
            "logConfiguration": {
                "logDriver": "awsfirelens",
                "options": {
                    "Name": "s3",
                    "bucket": "appdynamics-s3-services-logs-bucket-<account>-<region>",
                    "region": "<region>",
                    "s3_key_format": "/ECS-FARGATE-$TAG[0]-$TAG[2]/%Y%m%d%H%M%S.log",
                    "s3_key_format_tag_delimiters": ".-",
                    "total_file_size": "20M",
                    "upload_timeout": "1m",
                    "use_put_object": "On"
                },
                "secretOptions": []
            }
        },
        {
            "name": "log_router",
            "image": "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable",
            "...",
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "/ecs/ecs-aws-firelens-sidecar-container",
                    "awslogs-region": "<region>",
                    "awslogs-stream-prefix": "firelens"
                },
                "secretOptions": []
            },             
            "firelensConfiguration": {
                "type": "fluentbit",
                "options": {
                    "enable-ecs-log-metadata": "true"
                }
            }
         }
    ],
    "..."
}
    JSON

  4. Confirm that your Fargate task definition contains the JSON excerpt above, and validate the JSON with a JSON validator.

Validate Setup for Collecting Logs

You can validate your setup through the AWS console as follows.

Task Definition

To validate the task definition:

  1. Navigate to Amazon Elastic Container Service > Cluster > <Your-Cluster> > Services/Task, and click Task.
  2. Confirm that you see two containers inside the task you selected: one for the user application and another for the Log Collector's log router (the firelens fluentbit container). 

Lambda Functions

We provide a Lambda function that is created when an s3 trigger point is configured. To verify that this Lambda function exists, navigate to Lambda > Functions, and look for AppDS3ProcessorLambda.

Trigger and Environment Variables

To validate if the trigger and environment variables are present:

  1. Navigate to Configuration >Triggers and look for s3 Trigger
  2. Navigate to Configuration > Environment variables and look for variables named Bucket_Name, Endpoint, AppD_Lambda_Function_Version, Region, and Secret_name.

s3 Bucket

Navigate to Amazon s3 > Buckets and look for appdynamics-s3-services-logs-bucket-<accountID>-<region>

View Application Logs from Amazon ECS Backed by Fargate 

Normally, you can view logs from applications running on Amazon ECS on the detail view of any of the following entities. 

ECS Entity Pages

  • ECS Cluster
  • ECS Task Definition
  • ECS Service
  • ECS Task
  • ECS Container

However, at the moment, there's a known issue which affects the detail view of some entities: the histogram does not work or does not connect to the Logs page. Workaround: navigate to Explore > Logs and search for log messages from source whose attributes match these values:

Filter AttrributeDescription

aws.ecs_task.launch_type

Set this to fargate

aws.ecs_task.arn

ARN of the ECS Cluster

aws.ecs_task.task_definition_name

Your ECS task definition name

See also: Explore Logs.

View Diagnostics

View Collector Status

On the AWS console, verify the collector deployment on the ECS cluster page under Services tab. A successful deployment has the following characteristics:

  • Deployment and Tasks are green.
  • Revision displays the correct deployed task definition revision.
  • Last deployment is Completed.
  • Prior validation is completed as mentioned above.

Amazon Web Services, the AWS logo, AWS, and any other AWS Marks used in these materials are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.