You can display task logs in the Airflow UI by exporting logs to object storage and configuring the Astro API Server to retrieve them. Start by enabling log display after task completion, then optionally extend the setup to stream logs in real time as tasks run.
This guide explains configuring post-task log display and expanding that configuration to support real-time log streaming.
Set up log uploading so logs are visible in the Airflow UI after task completion. This requires:
values.yaml)The commonEnv block in the following procedures applies environment variables to all Airflow components in the Remote Execution Agent. These variables configure Airflow’s remote logging so that workers and the triggerer upload completed task logs to object storage:
AIRFLOW__LOGGING__REMOTE_LOGGING: Turns on Airflow’s remote log upload.AIRFLOW__LOGGING__REMOTE_LOG_CONN_ID: Names the Airflow connection used to authenticate with object storage.AIRFLOW_CONN_<CONN_ID>: Defines that connection inline, so no separate connection record is required. A URI with no credentials (for example, s3://) causes the underlying cloud SDK to use its default credential chain, which picks up the workload identity attached to the Pod.AIRFLOW__LOGGING__REMOTE_BASE_LOG_FOLDER: Sets the bucket and path prefix that Airflow writes task logs to. Use a Deployment-scoped path so logs from different Deployments don’t collide.AIRFLOW__LOGGING__LOGGING_CONFIG_CLASS: Replaces Airflow’s default logging configuration with the Astronomer Runtime configuration, which installs the task log handler used to write logs to and read logs from object storage.ASTRONOMER_ENVIRONMENT: Set to cloud for Astro Deployments. Astronomer Runtime reads this value to select Astro-specific logging defaults.The Astro Orchestration Plane provides secure private connectivity with a pre-configured S3 Gateway Endpoint.
values.yaml, and replace the path for the AIRFLOW__LOGGING__REMOTE_BASE_LOG_FOLDER value with your information:If you don’t use workload identity and instead want to manually mount a credential, you must also add the following environment variable defining the location of a token file to your Remote Agent’s values.yaml file. You can customize the file path, /tmp/logging-token, to the name of your logging token file.
Run helm upgrade to apply the change to your Agents.
In the Astro UI, navigate to your Deployment and click the Details tab. Click Edit in the Advanced section to access your logging configurations.
Select Bucket Storage in the Task Logs field and fill in the Bucket URL as s3://<bucket>/<deployment-id>. Or, use the path that you configured for AIRFLOW__LOGGING__REMOTE_BASE_LOG_FOLDER in your Remote Agent’s Helm chart’s values.yaml.
In the Workload Identity for Bucket Storage section, select Customer Managed Identity and follow the instructions to set up your Customer Managed Identity so that the identity you create has read access to the specified bucket and path. The Customer Managed Identity must have s3:GetObject and s3:ListBucket permissions on the S3 bucket. Additionally, ensure that no ACLs on the bucket restrict those actions.
Default Identity isn’t currently supported for Task Logs Bucket Storage on AWS. You must use Customer Managed Identity.
AIRFLOW__ASTRONOMER_PROVIDERS_LOGGING__AWS_REGION environment variable for Astronomer-managed components. In the Astro UI, navigate to your Deployment and click the Environment tab. Click Environment Variables, then click (+) Environment Variable to add the following environment variables to your Deployment:AIRFLOW__ASTRONOMER_PROVIDERS_LOGGING__AWS_REGION <The region in which the S3 bucket is configured>Once you have post-completion log visibility, you can enable real-time log display. Remote Execution prevents the Airflow API server from reading logs directly from workers until they reach object storage. Use Vector, included in the Remote Execution Agent Helm chart, to upload partial logs while tasks are running.
Before you configure Vector, ensure that your Remote Execution Deployment is already set up to upload task logs to object storage after task completion.
Use Vector to watch for log file changes and upload updates to object storage during task execution.
In your Helm values.yaml:
loggingSidecar.enabled to true to inject the Vector container into each worker and triggerer Pod:loggingSidecar.volumeMounts to give Vector read access to the Airflow task log files and a writable location for its on-disk checkpoint state:The task-logs mount is the directory Vector reads from. The vector-data mount stores Vector’s file checkpoints so it can resume uploads after a restart without re-sending lines.
The loggingSidecar.config block is the Vector pipeline definition. Each cloud-specific config uses the same three-stage structure:
sources.airflow_task_logs: Tails the local task log files written by Airflow workers and the triggerer. read_from: beginning ensures Vector starts at the top of each file so partial logs aren’t missed.transforms.strip_path_prefix: Removes the local mount path from each event’s file field and writes the result to log_path. This produces an object key that matches the layout Airflow uses when it uploads the complete log after task completion, so the Astro API Server can read both the partial and final logs from the same location.sinks.<cloud>: Uploads the transformed events to object storage. key_prefix (or blob_prefix on Azure) uses the log_path field from the transform to place each log under the right object key. batch.max_bytes and batch.timeout_secs control how often Vector flushes — smaller values stream logs to the UI faster but produce more small objects in storage. See Small file problem.Configure loggingSidecar.config:
Above Vector config assumes a managed identity is set up for authentication, as described in Display task logs after task completion.
If you require a different way to authenticate with AWS, such as static keys, see https://vector.dev/docs/reference/configuration/sinks/aws_s3/#auth for all available options.
Vector expressions are written in Vector Remap Language (VRL). If you want to edit an expression in the Vector config, this online VRL playground is a useful debugging tool.
If you’re having issues uploading logs, you can enable debug logging for the Vector sidecar by adding this to the sink configuration (so you’ll have 2 sinks, e.g. an s3 sink, and a debug sink):
With this second sink, Vector will display debug logs on the console, accessible with kubectl logs [worker pod] -c vector-logging-sidecar.
The following volume configuration creates the shared emptyDir volumes that the Vector sidecar and the Airflow worker or triggerer container both mount. task-logs is the directory Airflow writes logs into and Vector reads from. vector-data holds Vector’s checkpoint state. The worker and triggerer mount task-logs at /usr/local/airflow/logs, which is where Airflow writes by default, while the Vector sidecar mounts the same volume at /var/log/airflow/task_logs to match its sources.airflow_task_logs.include glob.
workers[*].volumes:workers[*].volumeMounts:triggerer.volumes:triggerer.volumeMounts:AIRFLOW__LOGGING__DELETE_LOCAL_LOGS in commonEnv so Airflow removes the local log file after it uploads the complete log to object storage. This keeps the shared task-logs volume from filling up on long-running Pods:Partial logs are uploaded and displayed as follows:
AIRFLOW__LOGGING__LOG_FILENAME_TEMPLATE./var/log/airflow/task_logs/**/*.log and uploads log changes in chunks while the task runs.Using Vector to upload logs assumes Airflow’s logging format is compatible. Significant changes to Airflow logging may require reconfiguration.
After task completion, Airflow uploads the complete log to object storage and deletes the local copy. This causes duplication:
The Airflow API server deduplicates log lines by timestamp and message. Only storage usage is affected; logs are displayed once.
High-frequency, small log file uploads can create many small objects. This may increase storage costs, load on object storage, or trigger rate limits. Adjust file size and upload frequency in your Vector config to balance performance and cost.
Ensure a proper balance between filesize/timeout and log upload frequency in your Vector config.