Metoro provides comprehensive logging capabilities by capturing every log emitted from all containers in your infrastructure. It automatically collects both standard output (stdout) and standard error (stderr) from every container, aggregating them in a centralized platform for easy access and analysis. The log view is accessible from the left sidebar or here. Additionally, logs can now be viewed directly within the trace view for enhanced debugging context. logs.png

Log Search and Performance

The log view allows you to filter logs using multiple methods:
  • Regex search using re2 format
  • Attribute-based filtering
  • Time range selection
  • Clauses are combined with AND, by default
You can use regex search on any attribute by using the syntax attribute = regex: <re2 expression>. For example:
  • service.name = regex: .*metoro.* will match logs from any service containing “metoro”
  • message = regex: error|warning will match logs containing “error” or “warning”
  • kubernetes.container.name = regex: ^api-.* will match containers starting with “api-”
Metoro’s logging system is highly performant, capable of searching through billions of logs in seconds.

Default Attributes

Each log entry is automatically tagged with several default attributes:
  • Container ID (the unique id of the container that emitted the log)
  • Environment
  • Namespace (the namespace the container belongs to)
  • Service name (the service the container belongs to)
  • Host (source of the log)

Structured Logs

Metoro automatically parses structured JSON logs and other formats like LogZero, making every field searchable. Key features include:
  • Automatic parsing of JSON log formats and LogZero format
  • Flattening of nested JSON structures using dot notation
  • Every key and value is indexed for searching
  • Similar search performance to regex searches when filtering by specific JSON fields
For detailed information about structured log parsing and best practices, see our Structured Logs Guide.

Log Clustering and Hashing

Metoro implements an intelligent log clustering system that:
  • Assigns unique hashes to similar log lines
  • Groups logs that are similar but differ in dynamic elements (like timestamps)
  • Enables searching for similar types of errors using hash-based clustering
  • Helps identify patterns in your logs more effectively
You can see this as the pattern.hash attribute in each log entry.

Logs in Trace Context

Metoro now provides integrated log viewing within the trace view, allowing you to:
  • View all logs associated with a trace by clicking “View Logs” in the trace header
  • See logs for specific spans by selecting a span and switching to the “Logs” tab
  • Automatically filter logs by traceId or spanId based on your selection
  • Maintain full context while debugging issues without switching views
This integration leverages Metoro’s trace ID and span ID correlation, providing a seamless debugging experience across logs and traces.

Log Analytics and Alerting

Beyond basic log viewing and searching, Metoro provides advanced analytics capabilities:
  • Chart log volume over time - apply filters and group logs by any attribute
  • Create visualizations filtered by specific log patterns
  • Build alerts based on log patterns and frequencies

Bring your own Logs (OpenTelemetry Log Ingestion)

In addition to automatically collecting container logs, Metoro supports ingesting logs from any source that implements the OpenTelemetry protocol. This allows you to:
  • Send logs from applications running outside your Kubernetes cluster
  • Integrate existing logging pipelines with Metoro
  • Maintain a unified logging experience across all your infrastructure
To learn more about setting up OpenTelemetry log ingestion, see our OpenTelemetry Log Integration Guide.