chore(access-logs): trace access logs via sentry exception option (#97183)

cvxluo · web-flow · commit 037b02971141 · 2025-08-08T15:08:32.000-07:00
Send a (very very) small portion of API access log stack traces to Sentry. We're having difficulty debugging [missing organization id](https://linear.app/getsentry/issue/ID-805/fix-missing-organization-id-in-api-access-logs) from access logs, and so we want to send the stack traces to check if the request and request auth have the correct fields. Planning to roll this out at 0.0001 — with [~10M access logs created per hour](https://app.datadoghq.com/metric/explorer?fromUser=false&graph_layout=stacked&start=1754407289153&end=1754410889153&paused=false#N4Ig7glgJg5gpgFxALlAGwIYE8D2BXJVEADxQEYAaELcqyKBAC1pEbghkcLIF8qo4AMwgA7CAgg4RKUAiwAHOChASAtnADOcAE4RNIKtrgBHPJoQaUAbVBGN8qVoD6gnNtUZCKiOq279VKY6epbINiAiGOrKQdpYZAYgUJ4YThr42gDGSsgg6gi6mZaBZnHKGniqyFoiBVgAdKrQUGhwYBhG9RiZ2RoaTmg4MPWZRp5wUMAAVDxd-Zn4tQAUAJQgPAC6VK7ueJih4TuqexjKmZUVqkux8WubVBpyrTIg8hitCAg5SUNOmfsaCCZRJoURwJxyRTlHCgqAgsFOehMZQiNweNDrfgQeyYLAQhTfUEiJSbHh8EA48QAYSkwhgKBEezQPCAA) we should get ~1000 access logs an hour, or ~16 a minute — should be very doable by sentry.
diff --git a/src/sentry/middleware/access_log.py b/src/sentry/middleware/access_log.py
@@ -5,13 +5,15 @@
 from collections.abc import Callable
 from dataclasses import dataclass
 
+import sentry_sdk
 from django.conf import settings
 from django.utils.encoding import force_str
 from rest_framework.authentication import get_authorization_header
 from rest_framework.request import Request
 from rest_framework.response import Response
 
 from sentry.auth.services.auth import AuthenticatedToken
+from sentry.options.rollout import in_random_rollout
 from sentry.types.ratelimit import RateLimitMeta, SnubaRateLimitMeta
 from sentry.utils import metrics
 
@@ -128,6 +130,10 @@ def _create_api_access_log(
             log_metrics["token_last_characters"] = force_str(auth[1])[-4:]
         api_access_logger.info("api.access", extra=log_metrics)
         metrics.incr("middleware.access_log.created")
+
+        if in_random_rollout("issues.log-access-logs") and not org_id:
+            sentry_sdk.capture_message("Acesss log created without org_id", level="debug")
+
     except Exception:
         api_access_logger.exception("api.access: Error capturing API access logs")
 
diff --git a/src/sentry/options/defaults.py b/src/sentry/options/defaults.py
@@ -3441,6 +3441,8 @@
 # Enable enhancing access logs with snuba responses
 register("issues.use-snuba-error-data", type=Float, default=0.0, flags=FLAG_AUTOMATOR_MODIFIABLE)
 
+register("issues.log-access-logs", type=Float, default=0.0, flags=FLAG_AUTOMATOR_MODIFIABLE)
+
 # Use "first-seen" group instead of "most-seen" group when merging
 register(
     "issues.merging.first-seen",
