Skip to content

[8.x] [Logs Data Telemetry] Add logs-dsns `logs-*-*` pattern to obs telemetry patterns (#192874)#193969

Merged
kibanamachine merged 1 commit intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-192874
Sep 25, 2024
Merged

[8.x] [Logs Data Telemetry] Add logs-dsns `logs-*-*` pattern to obs telemetry patterns (#192874)#193969
kibanamachine merged 1 commit intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-192874

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Sep 25, 2024

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@awahab07 @elasticmachine
[Logs Data Telemetry] Add logs-dsns logs-*-* pattern to obs telemet…
c18ebda 
…ry patterns (elastic#192874)

## Summary

Adds the `logs-*-*` logs pattern in observability telemetry patterns to
separate out logs with indices named per the Data Stream Naming Scheme
([ref](https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme))
vs. the generic logs indices not conforming to DSNS naming.

For a typical scenario (test data), the addition of `logs-*-*` affects
the collection as (notice the addition of "dsns-logs" object):
<table>
  <thead>
    <tr>
      <th>Before</th>
      <th>After</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>

```yml
[
  {
    "pattern_name": "heartbeat",
    "shipper": "heartbeat",
    "doc_count": 9530,
    "structure_level": {
      "5": 9530
    },
    "index_count": 1,
    "failure_store_doc_count": 9530,
    "failure_store_index_count": 1,
    "namespace_count": 0,
    "field_count": 1508,
    "field_existence": {
      "container.id": 9530,
      "log.level": 9530,
      "container.name": 9530,
      "host.name": 9530,
      "host.hostname": 9530,
      "kubernetes.pod.name": 9530,
      "kubernetes.pod.uid": 9530,
      "cloud.provider": 9530,
      "agent.type": 9530,
      "event.dataset": 9530,
      "event.category": 9530,
      "event.module": 9530,
      "service.name": 9530,
      "service.type": 9530,
      "service.version": 9530,
      "message": 9530,
      "event.original": 9530,
      "error.message": 9530,
      "@timestamp": 9530,
      "data_stream.dataset": 9530,
      "data_stream.namespace": 9530,
      "data_stream.type": 9530
    },
    "size_in_bytes": 13090458,
    "managed_by": [],
    "package_name": [],
    "beat": [
      "heartbeat"
    ]
  },
  {
    "pattern_name": "nginx",
    "doc_count": 10080,
    "structure_level": {
      "6": 10080
    },
    "index_count": 1,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 1,
    "field_count": 1562,
    "field_existence": {
      "container.id": 10080,
      "log.level": 10080,
      "host.name": 10080,
      "kubernetes.pod.uid": 10080,
      "cloud.provider": 10080,
      "event.dataset": 10080,
      "service.name": 10080,
      "message": 10080,
      "@timestamp": 10080,
      "data_stream.dataset": 10080,
      "data_stream.namespace": 10080,
      "data_stream.type": 10080
    },
    "size_in_bytes": 12098071,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "apache",
    "doc_count": 1643,
    "structure_level": {
      "6": 1643
    },
    "index_count": 2,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 2,
    "field_count": 1562,
    "field_existence": {
      "container.id": 1643,
      "log.level": 1643,
      "host.name": 1643,
      "kubernetes.pod.uid": 1643,
      "cloud.provider": 1643,
      "event.dataset": 1643,
      "service.name": 1643,
      "message": 1643,
      "@timestamp": 1643,
      "data_stream.dataset": 1643,
      "data_stream.namespace": 1643,
      "data_stream.type": 1643
    },
    "size_in_bytes": 5593675,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "generic-logs",
    "doc_count": 123979,
    "structure_level": {
      "2": 112925,
      "3": 11054
    },
    "index_count": 18,
    "failure_store_doc_count": 2,
    "failure_store_index_count": 1,
    "namespace_count": 3,
    "field_count": 1582,
    "field_existence": {
      "container.id": 11054,
      "log.level": 123979,
      "host.name": 123979,
      "kubernetes.pod.uid": 11046,
      "cloud.provider": 11046,
      "event.dataset": 11046,
      "service.name": 123971,
      "message": 11054,
      "@timestamp": 123979,
      "data_stream.dataset": 123979,
      "data_stream.namespace": 123979,
      "data_stream.type": 123979
    },
    "size_in_bytes": 60270084,
    "managed_by": [],
    "package_name": [],
    "beat": []
  }
]
```

</td>
      <td>

```yml
[
  {
    "pattern_name": "heartbeat",
    "shipper": "heartbeat",
    "doc_count": 9530,
    "structure_level": {
      "5": 9530
    },
    "index_count": 1,
    "failure_store_doc_count": 9530,
    "failure_store_index_count": 1,
    "namespace_count": 0,
    "field_count": 1508,
    "field_existence": {
      "container.id": 9530,
      "log.level": 9530,
      "container.name": 9530,
      "host.name": 9530,
      "host.hostname": 9530,
      "kubernetes.pod.name": 9530,
      "kubernetes.pod.uid": 9530,
      "cloud.provider": 9530,
      "agent.type": 9530,
      "event.dataset": 9530,
      "event.category": 9530,
      "event.module": 9530,
      "service.name": 9530,
      "service.type": 9530,
      "service.version": 9530,
      "message": 9530,
      "event.original": 9530,
      "error.message": 9530,
      "@timestamp": 9530,
      "data_stream.dataset": 9530,
      "data_stream.namespace": 9530,
      "data_stream.type": 9530
    },
    "size_in_bytes": 13090458,
    "managed_by": [],
    "package_name": [],
    "beat": [
      "heartbeat"
    ]
  },
  {
    "pattern_name": "nginx",
    "doc_count": 10080,
    "structure_level": {
      "6": 10080
    },
    "index_count": 1,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 1,
    "field_count": 1562,
    "field_existence": {
      "container.id": 10080,
      "log.level": 10080,
      "host.name": 10080,
      "kubernetes.pod.uid": 10080,
      "cloud.provider": 10080,
      "event.dataset": 10080,
      "service.name": 10080,
      "message": 10080,
      "@timestamp": 10080,
      "data_stream.dataset": 10080,
      "data_stream.namespace": 10080,
      "data_stream.type": 10080
    },
    "size_in_bytes": 12098071,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "apache",
    "doc_count": 1643,
    "structure_level": {
      "6": 1643
    },
    "index_count": 2,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 2,
    "field_count": 1562,
    "field_existence": {
      "container.id": 1643,
      "log.level": 1643,
      "host.name": 1643,
      "kubernetes.pod.uid": 1643,
      "cloud.provider": 1643,
      "event.dataset": 1643,
      "service.name": 1643,
      "message": 1643,
      "@timestamp": 1643,
      "data_stream.dataset": 1643,
      "data_stream.namespace": 1643,
      "data_stream.type": 1643
    },
    "size_in_bytes": 5593675,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "dsns-logs",
    "doc_count": 123971,
    "structure_level": {
      "2": 112925,
      "6": 11046
    },
    "index_count": 17,
    "failure_store_doc_count": 0,
    "failure_store_index_count": 0,
    "namespace_count": 2,
    "field_count": 1581,
    "field_existence": {
      "container.id": 11046,
      "log.level": 123971,
      "host.name": 123971,
      "kubernetes.pod.uid": 11046,
      "cloud.provider": 11046,
      "event.dataset": 11046,
      "service.name": 123971,
      "message": 11046,
      "@timestamp": 123971,
      "data_stream.dataset": 123971,
      "data_stream.namespace": 123971,
      "data_stream.type": 123971
    },
    "size_in_bytes": 60245641,
    "managed_by": [],
    "package_name": [],
    "beat": []
  },
  {
    "pattern_name": "generic-logs",
    "doc_count": 8,
    "structure_level": {
      "3": 8
    },
    "index_count": 1,
    "failure_store_doc_count": 2,
    "failure_store_index_count": 1,
    "namespace_count": 3,
    "field_count": 1582,
    "field_existence": {
      "container.id": 8,
      "log.level": 8,
      "host.name": 8,
      "message": 8,
      "@timestamp": 8,
      "data_stream.dataset": 8,
      "data_stream.namespace": 8,
      "data_stream.type": 8
    },
    "size_in_bytes": 24826,
    "managed_by": [],
    "package_name": [],
    "beat": []
  }
]
```

</td>
</tr>
</tbody>
</table>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 8d7dad2)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Sep 25, 2024
@kibanamachine kibanamachine enabled auto-merge (squash) September 25, 2024 11:02
@botelastic botelastic Bot added the ci:project-deploy-observability Create an Observability project label Sep 25, 2024
@kibanamachine kibanamachine mentioned this pull request Sep 25, 2024
Merged
@kibana-ci
Copy link
Copy Markdown

kibana-ci commented Sep 25, 2024

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @awahab07

@kibanamachine kibanamachine merged commit 9bc643d into elastic:8.x Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@awahab07 awahab07

Labels

backport This PR is a backport of another PR ci:project-deploy-observability Create an Observability project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @kibana-ci @awahab07