log-aggregator
Platform:
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/edge | 18 | 09 Jun 2026 | |
| dev/edge | 20 | 08 Jul 2026 |
juju deploy log-aggregator --channel edge
-
always_enable_jaeger_grpc | boolean
Force-enable the receiver for the 'jaeger_grpc' protocol in OpenTelemetry Collector, even if there is no integration currently requesting it.
-
always_enable_jaeger_thrift_http | boolean
Force-enable the receiver for the 'jaeger_thrift_http' protocol in OpenTelemetry Collector, even if there is no integration currently requesting it.
-
always_enable_zipkin | boolean
Force-enable the receiver for the 'zipkin' protocol in OpenTelemetry Collector, even if there is no integration currently requesting it.
-
cpu | string
K8s cpu resource limit, e.g. "1" or "500m". Default is unset (no limit). This value is used for the "limits" portion of the resource requirements (the "requests" portion is automatically deduced from it). Note that changing this config option will churn the pod. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
debug_exporter_for_logs | boolean
Add a debug exporter to the logs pipeline of the OpenTelemetry Collector config. WARNING: Using the debug exporter in a production environment is discouraged, as it will write all collected telemetry to stdout, i.e. to syslog, which is likely to cause log flooding. This can be avoided with the correct usage of the
path_excludeconfig option. -
debug_exporter_for_metrics | boolean
Add a debug exporter to the metrics pipeline of the OpenTelemetry Collector config. WARNING: Using the debug exporter in a production environment is discouraged, as it will write all collected telemetry to stdout, i.e. to syslog, which is likely to cause log flooding. This can be avoided with the correct usage of the
path_excludeconfig option. -
debug_exporter_for_traces | boolean
Add a debug exporter to the traces pipeline of the OpenTelemetry Collector config. WARNING: Using the debug exporter in a production environment is discouraged, as it will write all collected telemetry to stdout, i.e. to syslog, which is likely to cause log flooding. This can be avoided with the correct usage of the
path_excludeconfig option. -
expose_otlp_grpc_externally | boolean
Expose the always-on OTLP gRPC receiver (port 4317) outside the Kubernetes cluster by creating a dedicated Service of type LoadBalancer alongside the default ClusterIP service. Use this to receive OTLP from a collector in another Juju model, controller, or cloud without a cross-model relation. This only controls external reachability at the Kubernetes networking layer; the OTLP gRPC receiver itself is always active.
-
extra_alert_labels | string
Comma separated key-value pairs of labels to be added to all alerts. This could be useful for differentiating between staging and production environments.
-
forward_alert_rules | boolean
Default: True
Toggle forwarding of alert rules.
-
global_scrape_interval | string
Default: 1m
How frequently should instances be scraped. Supported units: y, w, d, h, m, s.
-
global_scrape_timeout | string
Default: 10s
How long to wait before timing out a scrape from a target. Supported units: y, w, d, h, m, s.
-
max_elapsed_time_min | int
Default: 5
Maximum time in minutes to wait for the storage backend. After this time, data loss will occur.
-
memory | string
K8s memory resource limit, e.g. "1Gi". Default is unset (no limit). This value is used for the "limits" portion of the resource requirements (the "requests" portion is automatically deduced from it). Note that changing this config option will churn the pod. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
otlp_receiver_client_ca_secret | string
Juju secret URI containing the CA certificate used to authenticate clients connecting to the OTLP receivers (mutual TLS). The secret must contain a single key:
- ca-cert: PEM CA certificate that signed the senders' client certs
Requires the receiver to already have a server certificate (via the receive-server-cert / tls-certificates relation). When set, the OTLP gRPC (4317) and OTLP HTTP (4318) receivers require and verify client certificates; a sender without a CA-signed client cert is rejected at the TLS handshake. If the server certificate is missing, the charm blocks rather than emitting a half-configured receiver. Leave unset to keep the receivers on server-side TLS only.
Pairs naturally with expose_otlp_grpc_externally=true to secure a cross-controller OTLP gRPC receiver with client authentication.
Example: juju add-secret otlp-client-ca ca-cert="$(cat ca.crt)" juju grant-secret otlp-client-ca log-aggregator juju config log-aggregator otlp_receiver_client_ca_secret=secret:abc123
-
processors | string
A global opentelemetry-collector "processors" config in YAML format, without the "processors:" top-level key. For example, to represent a "processors" section such as:
processors: batch: memory_limiter: limit_mib: 4000you could use
juju config otelcol processors=@processors.yaml, with:# processors.yaml batch: memory_limiter: limit_mib: 4000The provided processors section will be applied to all relevant pipelines.
Reference: https://opentelemetry.io/docs/collector/configuration/#processors
-
queue_size | int
Default: 1000
Maximum number of incoming batches of metrics, logs, traces the queue can accept. Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/exporterhelper/README.md#configuration
-
syslog_endpoints | string
Syslog server endpoints to forward logs to, in YAML format. Each endpoint can have different protocol, network, and TLS settings. If not set, syslog forwarding is disabled.
Format (YAML list): syslog_endpoints: | - endpoint: rsyslog1.example.com:514 protocol: rfc5424 network: tcp tls_enabled: false - endpoint: rsyslog2.example.com:6514 protocol: rfc5424 network: tcp tls_enabled: true tls_secret: secret:abc123 tls_skip_verify: false
-
syslog_json_transform | boolean
Default: True
When true, log bodies are normalized to JSON before syslog forwarding. Map and key-value string bodies are converted via ToJSON/ParseKeyValue. Syslog attribute mapping (appname, hostname, proc_id) is always applied regardless of this setting. Disable this if your SIEM does not require JSON-formatted log bodies or if you prefer to supply your own transform via the 'processors' config option.
-
tls_insecure_skip_verify | boolean
Flag to skip the validation of certificates from servers we connect to with TLS. If "true", self-signed certs can be used seamlessly; this setting will be applied to all the otelcol exporter configurations and any receivers which actively make requests to servers, e.g. the prometheus receiver scraping metrics endpoints.
-
tracing_sampling_rate_charm | float
Default: 100.0
This property defines the percentage of charm traces that are sent to the tracing backend. Setting it to 100 would mean all charm traces are kept, setting to 0 means charm traces aren't sent to the tracing backend at all. Anything outside of 0-100 range will be clamped to this range by OpenTelemetry Collector.
-
tracing_sampling_rate_error | float
Default: 100.0
This property defines the percentage of error traces (from all sources) that are sent to the tracing backend. Setting it to 100 would mean all error traces are kept, setting to 0 means error traces aren't sent to the tracing backend at all. Anything outside of 0-100 range will be clamped to this range by OpenTelemetry Collector.
-
tracing_sampling_rate_workload | float
Default: 1.0
This property defines the percentage of workload traces that are sent to the tracing backend. Setting it to 100 would mean all workload traces are kept, setting to 0 means workload traces aren't sent to the tracing backend at all. Anything outside of 0-100 range will be clamped to this range by OpenTelemetry Collector.