-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using ECS to track the source of errors or exceptions #154
Comments
A fully filled (though contrived) error example can be found here with corresponding spec here. We're not thrilled about the error.exception / error.log model but haven't made concrete plans to change that. Some notable differences:
Have you considered an error level? |
Excellent, thanks @graphaelli for the detailed answer and the example log :-)
Back to an important point that's not in the bullet list, though. What do you mean when you say the following?
Is it because you feel there's a disconnect between the concept of error vs exception? Something else entirely? |
I was referring to actual naming, sorry that wasn't clear. Currently we don't have |
Gotcha. Yeah I still need to find some time to get acquainted with APM, and see it from up close :-) |
Historically we put the failure message of the ingest pipeline into @webmat As we already have some error fields, I'm wondering if we hit some issues / limitation with these that cause this issue? Would be good to discuss this on an actual use case we need to solve. |
@ruflin Yeah I don't think I've actually seen a concrete clash between userland errors vs pipeline errors. But it's the first thing I thought when I started using Ingest Node, and saw that the convention was to put IN errors right in This led me to noticing other places where pipeline details get mixed in with userland data, examples:
I haven't expressed my grand vision (haha) on this But to get back to the simplest part of this issue: if one tracks an error log and processes it with Ingest Node, then potentially their system's |
An other place where we use I wonder if for now would could leave it up to the implementer to make sure |
Yeah I don't feel like it's pressing to get this right for GA. This whole idea of a |
Along these lines, some of the logging tools I use have the option to emit the filename and line number the log message came from (e.g. |
@sporkmonger +1 |
With the current schema, is it reasonable to add the exception message and full stack trace to |
More APM stack trace discussions going on in elastic/apm#40 |
I think some of the suggested fields can have more shared usage. For example, line number can show the line number of the generic logging commands, not just the errors. Let's assume I have a line in my code like this: myLogger.logInfo("Books has been successfully retrieved."); This is not an error, but I have still information about,
Imho, these fields may be more of a candidate of event fieldset. Actually, action field in event fieldset looks like corresponding to the method name information, and dataset field in event fieldset looks like corresponding to the class name information. Of course, this is only a wild guess, since the documentation does not talk about that fields like this. |
I have created #562 to add |
@felixbarny Great addition, thank you! |
It would be great if we could generalise parsed/structured stack traces so they're not only defined for errors/exceptions. The other use case I have in mind is profiling (proposal doc). The gist is that we would create documents that associate one or more metrics with a stack trace and metadata -- labels, host name, etc. This use case would require indexing the stack traces. |
Beats use Also, I created #1373 which I now found is related to this issue. You may close #1373 if you want to keep the two topics (errors from the event and errors from the pipeline while processing the event) together. |
Thanks, @ypid-geberit! Let's leave the two topics separated and discuss further in #1373. |
Leaving a comment to connect two tickets: elastic/ecs-dotnet#158 In .NET we added stack frames as We are about to release an ECS logging variant of the sink that adheres to ECS and ECS logging more strictly: https://github.com/elastic/ecs-dotnet/tree/main/src/Elastic.CommonSchema.Serilog.Sink Not being able to persist and query for stack frames is definitely a big feature loss for folks looking to migrate. E.g while |
I'd like to discuss the use case of tracking the source of program errors / exceptions (line numbers, function names, etc) with ECS. These fields may end up under the field sets
file
and/orerror
.I'd like to get feedback on how we could approach this. Information we may like to track about where the error was raised:
Please let me know if there's anything I'm missing in terms of relevant data to support.
Here's a suggestion of a mapping for the above:
error source file: file.path
error.line
(long
)error.message
(text
)error.function
(keyword
)method
, IMO, so can serve both use cases.Error class: error.id
Error fields
stack trace:
error.stack_trace
(non indexed)@graphaelli or @roncohen I'd like your POV on how you're doing it currently in APM
@ruflin I'd like your opinion on this as well
The text was updated successfully, but these errors were encountered: