-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Logs UI] HTTP API for log entries #53798
Conversation
Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui) |
💚 Build Succeeded
To update your PR or re-run it, just comment with: |
💔 Build Failed
To update your PR or re-run it, just comment with: |
x-pack/legacy/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts
Outdated
Show resolved
Hide resolved
return hits.map(hit => { | ||
const logFields = fields.reduce<{ [fieldName: string]: JsonValue }>( | ||
(flattenedFields, field) => { | ||
if (has(field, hit._source)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hard to understand at a glance that hit._source
is an object.path.like.this
. Anything you can do with type definitions to make this more obvious? Or maybe just add a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hear you, but I don't want to dedicate much time to this function. It will go away in a separate PR.
Right now the API is handled in three files
lib/adapters/kibana_log_entries_adapter
, which connects with Elasticsearch.lib/domains/log_entries_domain
, which connects the adapter with the route files- The route file.
This function in the adapter takes the ES response and transforms it onto a LogEntryDocument
, an intermediate format for the domain
that then gets transformed again in the route.
I had a chat with @weltenwort and @Kerry350 a couple of weeks ago about how this code was organised, and the conclusion was to merge the domain
and the adapter
files into one. Once we do that we don't need an intermediate format anymore and this function will go away.
I will take your comment into account when I join the two files in one. I agree with you that it's not clear straight away what is in _source
. I guess there's some documentation somewhere of how filebeat stores the log metadata in ES. We could just add a comment with a link to it.
); | ||
|
||
return { | ||
gid: hit._id, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the above comment in mind, this whole function might be easier to follow if you destructure the hit
at the beginning
const { _id: gid, _source: fieldName, sort: [time, tiebreaker] }
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See previous comment :)
x-pack/legacy/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts
Outdated
Show resolved
Hide resolved
💚 Build Succeeded
To update your PR or re-run it, just comment with: |
We will move the responsibility to parse the dates to the client. The API will only take timestamps
Allows consumers of the API to get log items around a certain cursor
This makes easier to test the pagination. By default it returns a 200 size page.
Co-Authored-By: Zacqary Adam Xeper <[email protected]>
911dac2
to
d04f15e
Compare
💔 Build Failed
To update your PR or re-run it, just comment with: |
💚 Build SucceededTo update your PR or re-run it, just comment with: |
💔 Build FailedTo update your PR or re-run it, just comment with: |
💔 Build FailedTo update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me; once CI is fixed should be good to merge
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798)
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793)
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793) [SR] Enable component integration tests (elastic#53893)
…nsole-dependencies * 'master' of github.com:elastic/kibana: (33 commits) adds strict types to Alerting Client (elastic#53821) [Dashboard] Empty screen redesign (elastic#53681) Migrate config deprecations and `ShieldUser` functionality to the New Platform (elastic#53768) increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793) [SR] Enable component integration tests (elastic#53893) Move index patterns: src/legacy/core_plugins/data 👉 src/plugins/data (elastic#53794) moved Task Manager server code under "server" directory (elastic#53777) Rename `/api/security/oidc` to `/api/security/oidc/callback`. (elastic#53886) ... # Conflicts: # yarn.lock
* Scaffold `log_entries/entries` route * Scaffold a log entry response * Add `after` pagination * Add `before` pagination * Process `query` parameter * Use pre-existing structure for the columns * Change type of date ranges We will move the responsibility to parse the dates to the client. The API will only take timestamps * Add `center` parameter Allows consumers of the API to get log items around a certain cursor * Change default page size * Test the defaults of the API * Add optional `size` parameter This makes easier to test the pagination. By default it returns a 200 size page. * Test the pagination * Test centering around a point * Handle `0` sizes Co-Authored-By: Zacqary Adam Xeper <[email protected]> * Add highlights endpoint * Refactor `processCursor` * Tweak cursor handling in the routes * Refine `LogEntry` type * Add tests for highlights endpoint * Tweak the types for the LogEntry Co-authored-by: Zacqary Adam Xeper <[email protected]>
* [Logs UI] HTTP API for log entries (#53798) * Scaffold `log_entries/entries` route * Scaffold a log entry response * Add `after` pagination * Add `before` pagination * Process `query` parameter * Use pre-existing structure for the columns * Change type of date ranges We will move the responsibility to parse the dates to the client. The API will only take timestamps * Add `center` parameter Allows consumers of the API to get log items around a certain cursor * Change default page size * Test the defaults of the API * Add optional `size` parameter This makes easier to test the pagination. By default it returns a 200 size page. * Test the pagination * Test centering around a point * Handle `0` sizes Co-Authored-By: Zacqary Adam Xeper <[email protected]> * Add highlights endpoint * Refactor `processCursor` * Tweak cursor handling in the routes * Refine `LogEntry` type * Add tests for highlights endpoint * Tweak the types for the LogEntry Co-authored-by: Zacqary Adam Xeper <[email protected]> * Skip failing test (#54100) ES behaves differently in master and in 7.x, causing the test to fail in the latter. Co-authored-by: Zacqary Adam Xeper <[email protected]>
Summary
Part of #51047.
This PR adds (will add) two endpoints:
/log_entries/entries
for the log entries themselves. They will be used in the log stream view./log_entries/highlights
for the log entry highlights. They will be used to highlight messages in the log stream view.The API is not used yet, since its interface differs from the GraphQL implementation. The API will be used once we change the UI to allow date ranges.
Examples
Get entries from the top (oldest)
The API has only two mandatory parameters:
startDate
andendDate
. Both take an epoch in milliseconds.By default the request gives the first page of entries, in ascending order, starting at
startDate
.To get the following page: pass the
after
parameter with the value of thebottomCursor
Get entries from the bottom (newest)
To get the last entries in the range, the user needs to specify the parameter
before
with the special value"last"
.To get the entries before, pass the value of the
topCursor
in thebefore
parameter.Get entries around a specific cursor
Sometimes is interesting to get entries with a specific log line in the center. To do so the user must pass a cursor as a
center
parameter. If the user doesn't know the value of thetiebreaker
for a specific line, they must use0
. The response will then contain logs around the timestamp.The user then can get the pages before or after using the
topCursor
and thebottomCursor
of the response.Add a query
All options support a
query
parameter to filter. The value must be the parsed query from the searchbarGet highlights
The
/log_entries/highlights
endpoint takes the same parameters as the/log_entries/entries
endpoint, plus an array of highlight terms. The response is an array with the entries for each highlight term.Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.This was checked for cross-browser compatibility, including a check against IE11Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportDocumentation was added for features that require explanation or tutorials[ ] This was checked for keyboard-only and screenreader accessibility