Troubleshooting
SUSE Observability
Last updated
SUSE Observability
SUSE Observability
Last updated
There are a lot of configuration options but more importantly, every (Kubernetes) environment is slightly different. To find out where the problem is the quickest approach is to pick a pod from which telemetry data is expected:
Check the beginning of the logs for the pod, SDKs will log warnings or errors when instrumentation fails at startup
Check the logs also for any errors related to sending data to the collector
Check the logs of the collector pod(s) for configuration or initialization errors, these will be logged right after the startup of the pod
Check the collector logs also for errors related to sending data to SUSE Observability
The error(s) in the logs usually give a good indication of the problem. We list the most common causes for Open Telemetry data not being available for some or all of your instrumented applications. If the problem is not listed here you can also look at the or the from Open Telemetry.
Make sure you use the same Kubernetes cluster name for the same cluster when:
Installing the Open Telemetry Collector
Installing the SUSE Observability agent
Installing the Kubernetes StackPack
When different names are used for the same cluster SUSE Observability will not be able to match the data from Open Telemetry with the data from the SUSE Observability agent and the traces perspective will remain empty.
If there are connection errors it is possible the OTLP endpoint is incorrect. If there are authentication/authorization errors (status codes 401 and 403) it is likely the API key is not valid (anymore). Check that the configured OTLP endpoint is the URL for your SUSE Observability, prefixed with otlp- and suffixed with :443. For example, the OTLP endpoint for play.stackstate.com is otlp-play.stackstate.com:443.
To ensure the api key is configured correctly check that:
the secret contains a valid API key (verify this in SUSE Observability)
the secret is used as environment variables on the pod
the bearertokenauth extension is using the correct scheme and the value from the API_KEY environment variable
the bearertokenauth extension is used by the otlp/suse-observability exporter
If the collector needs to send data to SUSE Observability through a proxy or a firewall it can be that they either block the traffic completely or possibly drop some parts of the gRPC messages or unexpectedly drop the long-lived gRPC connection completely. The easiest fix is to switch from gRPC to use HTTP instead, by replacing the otlp/suse-observability exporter configuration and all its references with the otlphttp/suse-observability exporter which is already configured and ready.
The Open Telemetry collector enriches the telemetry data with Kubernetes metadata. The way it is configured all telemetry data that cannot be enriched is dropped. However, the collector cannot enrich pods that are running with hostNetwork: true set automatically. This is not possible because pod identification happens using the IP address of the pod and pods that use the host network use the IP address of the host.
To help the collector to identify a pod we can add the k8s.pod.uid attribute to the metadata by instructing the SDK to add it directly. To do this modify your pod spec and add the following environment variables to your instrumented application container:
If the OTEL_RESOURCE_ATTRIBUTES env var is already set simply add the k8s.pod.uid, using a comma as separator. The value is a comma-separated list.
The Node.js SDK, only on GKE, expects that the Kubernetes namespace is set via the NAMESPACE environment variable. If it is not set it will still add the k8s.namespace.name attribute but with an empty value. This prevents the Kubernetes attributes processor from inserting the correct namespace name. Until this is fixed a workaround is to update your pod spec and add this environment variable to the instrumented container(s):
During the installation of the collector, a cluster role and cluster role binding are created in Kubernetes that allows the collector to read metadata from Kubernetes resources. If this fails or they get removed the collector will not be able to query the Kubernetes API anymore. This will appear as errors in the collector log, the errors include the resource types for which the metadata could not be retrieved.
To fix this re-install the collector with the Helm chart and make sure you have the required permissions to create the cluster role and cluster role binding. Alternatively, ask your cluster administrator to do the collector installation with the required permissions.
Here <otlp-http-suse-observability-endpoint> is similar to the <otlp-suse-observability-endpoint>, but instead of a otlp- prefix it has otlp-http- prefix, for example, otlp-http-play.stackstate.com. For more details see the .
If the SDK logs errors about not being able to resolve the collector DNS name it may be the configured collector URL is incorrect. In Kubernetes, your application is usually deployed in a separate namespace from the collector. This means that the SDK needs to be configured with the fully qualified domain name for the collector service:http://<service-name>.<namespace>.svc.cluster.local:4317. In the , this was http://opentelemetry-collector.open-telemetry.svc.cluster.local:4317, but if you used a different namespace or release name for the collector this may be different for your situation.
If the SDK logs network connection timeouts it can be that either there is a misconfiguration on the collector or the is used. But it is also possible that Kubernetes network policies are blocking network traffic from your application to the collector. This is best verified with your Kubernetes administrator. Network policies should at least allow TCP traffic on the configured port (4317 and/or 4318) from all of your applications to the collector.
Not all language SDKs have support for gRPC. If OTLP over gRPC is not supported it is best to switch to OTLP over HTTP. The describes how to make this switch.
Using the wrong port usually appears as a connection error but can also show up as network connections being unexpectedly closed. Make sure the SDK exporter is using the right port when sending data. See the .
The auto instrumentation for Node.js, configured via environment variables, only supports traces. At least until this is resolved. To enable metrics from the automatic instrumentation code changes are needed. Please follow the instructions in the to make these changes.