Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Add First Integration into Observability #1411

Closed
YANG-DB opened this issue Feb 16, 2023 · 0 comments
Closed

[FEATURE] Add First Integration into Observability #1411

YANG-DB opened this issue Feb 16, 2023 · 0 comments
Assignees
@YANG-DB
Labels
design documentation Improvements or additions to documentation enhancement New feature or request integration Integration project

Comments

@YANG-DB
Copy link
Member

YANG-DB commented Feb 16, 2023
edited
Loading

Is your feature request related to a problem?
As part of the Integration RFC we would like to add the first Integration use case for NginX pre-canned dashboards including the logs & metrics observability schema supported signals

New repo structure

Proposal for Observability repo new structure structure

- build-tools
- config/checkstyle
- gradle/wrapper
- release-notes
- schema
    - observability
       - logs
       - traces
       - metrics
- scripts
- src
- integrations
   - observability
       - nginX

What solution would you like?

Integrating Component Structure

The following section details the structure and composition of an integration component and how it may be utilized for the Observability use-cases.

Structure

As mentioned above, integration is a collection of elements that formulate how to observe a specific data emitting resource - in our case a telemetry data producer.

A typical Observability Integration consists of the following parts:

Metadata

* Observability data producer resource
* Supplement Indices (mapping & naming)
* Collection Agent Version
* Transformation schema 
* Optional test harnesses repository
* Verified version and documentation 
* Category & classification (logs/traces/alerts/metrics)

Display components

* Dashboards 
* Maps
* Applications
* Notebooks
* Operations Panels
* Saved PPL/SQL/DQL Queries
* Alerts

A major factor in the following RFC is that structured data has an enormous contribution to the understanding of the system behaviour.
Once input content has form and shape - it can and will be used to calculate and correlate different pieces of data.

The next parts of this document will present Integrations For Observability which has a key concept of Observability schema.

It will overview the concepts of observability, will describe the current issues customers are facing with observability and continue to elaborate on how to mitigate them using Integrations and structured schemas.

Creating An Integration

Integrations are an encapsulated collection of elements and a such have a specific structure.

NginX

Lets examine the next NginX integration component:

nginX
    config.json
    display`
        ApplicationA.json
        Maps.json
        DashboardB.json
    queries
      QueryA.json
    schemas
      transformation.json
    samples
      nginx.access logs
      nginx.error logs
      nginx.stats metrics
      expected transformation results
    metadata
      ...
    info  
      documentation

Definitions

  • config.json defines the general configuration for the entire integration component.
  • display this is the folder in which the actual visualization components are stored
  • queries this is the folder in which the actual PPL queries are stored
  • schemas this is the folder in which the schemas are stored - schema for mapping translations or index mapping.
  • samples this folder contains sample logs and translated logs are present
  • metadata this folder contains additional metadata definitions such as security and policies
  • info this folder contains documentations, licences and external references

Config.json file includes the following Integration configuration

{
  "name": "nginx",
  "version": {
        "integ": "0.1.0",
        "schema": "1.0.0",
        "resource": "^1.23.0",
   }
  "description": "Nginx HTTP server collector",
  "identification": "instrumentationScope.attributes.identification",
  "categories": [
    "web",
  ],
  "collection":[
    {
       "logs": [{
                    "info": "access logs",
                    "input_type":"logfile",
                    "dataset":"nginx.access",
                    "labels" :["`nginx"``,``"access"``],`
                    "schema": "./schema/logs/access.json"
                },
                {
                    "info": "error logs",
                    "input_type":"logfile",
                    "labels" :["nginx","error"],
                    "dataset":"nginx.error",
                    "schema": "./schema/logs/error.json"
                }]
    },
    {
        "metrics": [{
                    "info": "`status metrics`",
                    "input_type":"`metrics`",
                    "dataset":"nginx.status",
                    "labels" :["nginx","status"],
                    "schema": "./schema/metrics/status.json"
                }]
    }
  ],
  "repo": {
    "github": ".../"
  }
}

Definitions:

  "version": {
        "integ": "0.1.0",
        "schema": "1.0.0",
        "resource": "^1.23.0",
   }

version:
This references the next semantic versioning:

  • integ version indicates the version for this specific Integration
  • schema version indicates the Observability schema version
  • resource version indicates the actual resource version which is being integrated.

identification:
This references the field this integration is using to explicitly identify the resource the signal is generated from

In this case the field resides in the instrumentationScope.attributes.identification path and should have a value that corresponds to the name of the integration.

"identification": "instrumentationScope.attributes.identification",

Categories:
This section defines the classification categories associated to this Integration according to ECS specification (https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-category.html)

collection:
This references the different types of collection this integration if offering. It can be one of the following
{ Traces, Logs, Metrics, Alerts, Supplements }.

Collections

Let's dive into a specific log collection:

       "logs": [{
                    "info": "access logs",
                    "input_type":"logfile",
                    "dataset":"nginx.access",
                    "labels" :["`nginx"``,``"access"``],`
                    "schema": "./schema/logs/access.json"
                },

This log collects nginx access logs as described in the info section.
The input_type is a categorical classification of the log kind which is specified in the ECS specification as well.

  • dataset is defined above and indicates the target routing index.
  • lables are general purpose labeling tags that allow further correlation and associations.
  • schema is the location of the mapping configuration between the original log format to the Observability Log format.

Display:

Visualization contains the relevant visual components associated with this integration.

The visual display component will need to be validated to the schema that it is expected to work on - this may be part of the Integration validation flow...

Queries

Queries contains specific PPL queries that precisely demonstrates some common and useful use-case .

Example:

-- The visual display component will need to be validated to the schema that it is expected to work on

source = logs-*-prod | ... where ...

What alternatives have you considered?
A clear and concise description of any alternative solutions or features you've considered.

Do you have any additional context?
@YANG-DB YANG-DB added documentation Improvements or additions to documentation enhancement New feature or request design labels Feb 16, 2023
@YANG-DB YANG-DB self-assigned this Feb 16, 2023
This was referenced Feb 17, 2023
Open
Closed
@YANG-DB YANG-DB linked a pull request Mar 1, 2023 that will close this issue
First Nginx integration bundle #1418
Closed
6 tasks
@YANG-DB YANG-DB mentioned this issue Mar 1, 2023
Merged
6 tasks
YANG-DB added a commit that referenced this issue Mar 4, 2023
@YANG-DB
create first Nginx Integration bundle (#1442)
68bcb0c 
* add integration API flow documentation
* add UX diagram and screen shots 
* add schema catalog folder
   * Observability domain
   * security domain
   * system domain
* add integration folder
   * add nginx integration

see #1411

Signed-off-by: YANGDB <[email protected]>

---------
@YANG-DB YANG-DB added the integration Integration project label Mar 7, 2023
@YANG-DB YANG-DB moved this to Done in Integration Mar 7, 2023
@YANG-DB YANG-DB closed this as completed Mar 7, 2023
@YANG-DB YANG-DB mentioned this issue Apr 5, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@YANG-DB YANG-DB

Labels
design documentation Improvements or additions to documentation enhancement New feature or request integration Integration project
Projects
Integration
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

First Nginx integration bundle
1 participant
@YANG-DB