Skip to content

Commit

Permalink
[Logs Data Telemetry] Add logs-dsns logs-*-* pattern to obs telemet…
Browse files Browse the repository at this point in the history 
…ry patterns (#192874)

## Summary

Adds the `logs-*-*` logs pattern in observability telemetry patterns to
separate out logs with indices named per the Data Stream Naming Scheme
([ref](https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme))
vs. the generic logs indices not conforming to DSNS naming.

For a typical scenario (test data), the addition of `logs-*-*` affects
the collection as (notice the addition of "dsns-logs" object):
<table>
  <thead>
    <tr>
      <th>Before</th>
      <th>After</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>

```yml
[
  {
    "pattern_name": "heartbeat",
    "shipper": "heartbeat",
    "doc_count": 9530,
    "structure_level": {
      "5": 9530
    },
    "index_count": 1,
    "failure_store_doc_count": 9530,
    "failure_store_index_count": 1,
    "namespace_count": 0,
    "field_count": 1508,
    "field_existence": {
      "container.id": 9530,
      "log.level": 9530,
      "container.name": 9530,
      "host.name": 9530,
      "host.hostname": 9530,
      "kubernetes.pod.name": 9530,
      "kubernetes.pod.uid": 9530,
      "cloud.provider": 9530,
      "agent.type": 9530,
      "event.dataset": 9530,
      "event.category": 9530,
      "event.module": 9530,
      "service.name": 9530,
      "service.type": 9530,
      "service.version": 9530,
      "message": 9530,
      "event.original": 9530,
      "error.message": 9530,
      "@timestamp": 9530,
      "data_stream.dataset": 9530,
      "data_stream.namespace": 9530,
      "data_stream.type": 9530
    },
    "size_in_bytes": 13090458,
    "managed_by": [],
    "package_name": [],
    "beat": [
      "heartbeat"
    ]
  },
  {
    "pattern_name": "nginx",
    "doc_count": 10080,
    "structure_level": {
      "6": 10080
    },
    "index_count": 1,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 1,
    "field_count": 1562,
    "field_existence": {
      "container.id": 10080,
      "log.level": 10080,
      "host.name": 10080,
      "kubernetes.pod.uid": 10080,
      "cloud.provider": 10080,
      "event.dataset": 10080,
      "service.name": 10080,
      "message": 10080,
      "@timestamp": 10080,
      "data_stream.dataset": 10080,
      "data_stream.namespace": 10080,
      "data_stream.type": 10080
    },
    "size_in_bytes": 12098071,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "apache",
    "doc_count": 1643,
    "structure_level": {
      "6": 1643
    },
    "index_count": 2,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 2,
    "field_count": 1562,
    "field_existence": {
      "container.id": 1643,
      "log.level": 1643,
      "host.name": 1643,
      "kubernetes.pod.uid": 1643,
      "cloud.provider": 1643,
      "event.dataset": 1643,
      "service.name": 1643,
      "message": 1643,
      "@timestamp": 1643,
      "data_stream.dataset": 1643,
      "data_stream.namespace": 1643,
      "data_stream.type": 1643
    },
    "size_in_bytes": 5593675,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "generic-logs",
    "doc_count": 123979,
    "structure_level": {
      "2": 112925,
      "3": 11054
    },
    "index_count": 18,
    "failure_store_doc_count": 2,
    "failure_store_index_count": 1,
    "namespace_count": 3,
    "field_count": 1582,
    "field_existence": {
      "container.id": 11054,
      "log.level": 123979,
      "host.name": 123979,
      "kubernetes.pod.uid": 11046,
      "cloud.provider": 11046,
      "event.dataset": 11046,
      "service.name": 123971,
      "message": 11054,
      "@timestamp": 123979,
      "data_stream.dataset": 123979,
      "data_stream.namespace": 123979,
      "data_stream.type": 123979
    },
    "size_in_bytes": 60270084,
    "managed_by": [],
    "package_name": [],
    "beat": []
  }
]
```

</td>
      <td>

```yml
[
  {
    "pattern_name": "heartbeat",
    "shipper": "heartbeat",
    "doc_count": 9530,
    "structure_level": {
      "5": 9530
    },
    "index_count": 1,
    "failure_store_doc_count": 9530,
    "failure_store_index_count": 1,
    "namespace_count": 0,
    "field_count": 1508,
    "field_existence": {
      "container.id": 9530,
      "log.level": 9530,
      "container.name": 9530,
      "host.name": 9530,
      "host.hostname": 9530,
      "kubernetes.pod.name": 9530,
      "kubernetes.pod.uid": 9530,
      "cloud.provider": 9530,
      "agent.type": 9530,
      "event.dataset": 9530,
      "event.category": 9530,
      "event.module": 9530,
      "service.name": 9530,
      "service.type": 9530,
      "service.version": 9530,
      "message": 9530,
      "event.original": 9530,
      "error.message": 9530,
      "@timestamp": 9530,
      "data_stream.dataset": 9530,
      "data_stream.namespace": 9530,
      "data_stream.type": 9530
    },
    "size_in_bytes": 13090458,
    "managed_by": [],
    "package_name": [],
    "beat": [
      "heartbeat"
    ]
  },
  {
    "pattern_name": "nginx",
    "doc_count": 10080,
    "structure_level": {
      "6": 10080
    },
    "index_count": 1,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 1,
    "field_count": 1562,
    "field_existence": {
      "container.id": 10080,
      "log.level": 10080,
      "host.name": 10080,
      "kubernetes.pod.uid": 10080,
      "cloud.provider": 10080,
      "event.dataset": 10080,
      "service.name": 10080,
      "message": 10080,
      "@timestamp": 10080,
      "data_stream.dataset": 10080,
      "data_stream.namespace": 10080,
      "data_stream.type": 10080
    },
    "size_in_bytes": 12098071,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "apache",
    "doc_count": 1643,
    "structure_level": {
      "6": 1643
    },
    "index_count": 2,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 2,
    "field_count": 1562,
    "field_existence": {
      "container.id": 1643,
      "log.level": 1643,
      "host.name": 1643,
      "kubernetes.pod.uid": 1643,
      "cloud.provider": 1643,
      "event.dataset": 1643,
      "service.name": 1643,
      "message": 1643,
      "@timestamp": 1643,
      "data_stream.dataset": 1643,
      "data_stream.namespace": 1643,
      "data_stream.type": 1643
    },
    "size_in_bytes": 5593675,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "dsns-logs",
    "doc_count": 123971,
    "structure_level": {
      "2": 112925,
      "6": 11046
    },
    "index_count": 17,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 2,
    "field_count": 1581,
    "field_existence": {
      "container.id": 11046,
      "log.level": 123971,
      "host.name": 123971,
      "kubernetes.pod.uid": 11046,
      "cloud.provider": 11046,
      "event.dataset": 11046,
      "service.name": 123971,
      "message": 11046,
      "@timestamp": 123971,
      "data_stream.dataset": 123971,
      "data_stream.namespace": 123971,
      "data_stream.type": 123971
    },
    "size_in_bytes": 60245641,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "generic-logs",
    "doc_count": 8,
    "structure_level": {
      "3": 8
    },
    "index_count": 1,
    "failure_store_doc_count": 2,
    "failure_store_index_count": 1,
    "namespace_count": 3,
    "field_count": 1582,
    "field_existence": {
      "container.id": 8,
      "log.level": 8,
      "host.name": 8,
      "message": 8,
      "@timestamp": 8,
      "data_stream.dataset": 8,
      "data_stream.namespace": 8,
      "data_stream.type": 8
    },
    "size_in_bytes": 24826,
    "managed_by": [],
    "package_name": [],
    "beat": []
  }
]
```

</td>
</tr>
</tbody>
</table>

Co-authored-by: Elastic Machine <[email protected]>
  • Loading branch information
@awahab07 @elasticmachine
awahab07 and elasticmachine authored Sep 25, 2024
1 parent e92c905 commit 8d7dad2
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions src/plugins/telemetry/server/telemetry_collection/get_data_telemetry/constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ export const DATA_DATASETS_INDEX_PATTERNS = [
{ pattern: 'fluent-bit*', patternName: 'fluentbit' },
{ pattern: '*nginx*', patternName: 'nginx' },
{ pattern: '*apache*', patternName: 'apache' }, // Already in Security (keeping it in here for documentation)
{ pattern: 'logs-*-*', patternName: 'dsns-logs' },
{ pattern: '*logs*', patternName: 'generic-logs' },

// Security - Elastic
Expand Down
4 changes: 3 additions & 1 deletion ...lugins/observability_solution/dataset_quality/server/services/data_telemetry/constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ export const EXCLUDE_ELASTIC_LOGS = ['logs-synth', 'logs-elastic', 'logs-endpoin

export const TELEMETRY_CHANNEL = 'logs-data-telemetry';

const LOGS_INDEX_PATTERN_NAMES = [
type ObsPatternName = (typeof DATA_DATASETS_INDEX_PATTERNS_UNIQUE)[number]['patternName'];
const LOGS_INDEX_PATTERN_NAMES: ObsPatternName[] = [
'filebeat',
'generic-filebeat',
'metricbeat',
Expand All @@ -43,6 +44,7 @@ const LOGS_INDEX_PATTERN_NAMES = [
'fluentbit',
'nginx',
'apache',
'dsns-logs',
'generic-logs',
];

Expand Down

0 comments on commit 8d7dad2

Please sign in to comment.