accesslog: support stat-level AccessLogFilter in stats AccessLog

[TAOXUY]

Commit Message: with the PR, we can filter out stats based on their on AccessLogFilter within accesslogger. The use case can be like

• The gauge support can rely on this PR to add/subtract by defining multiple gauges with different log_type_filter(TcpConnectionStart, TcpConnectionEnd, etc).
• we can have counters for connection error by using response_flag_filter(one of AccessLogFilter) isn't empty

Risk Level: no risk
Testing: added
Docs Changes: no need
Release Notes: no need as the stats AccessLog extension hasn't been released.
Platform Specific Features: no

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @wbpcode
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #42676 was opened by TAOXUY.

see: more, trace.

[TAOXUY]

@kyessenov @ggreenway

[ggreenway]

To be consistent with other access loggers, using

envoy/api/envoy/config/accesslog/v3/accesslog.proto

Line 38 in 9b74448

AccessLogFilter filter = 2;

to filter, and then having multiple instances of this access logger seems preferable. And that is already implemented.

Is there a use case where that wouldn't be sufficient?

/wait-any

[TAOXUY]

To be consistent with other access loggers, using

envoy/api/envoy/config/accesslog/v3/accesslog.proto

Line 38 in 9b74448

AccessLogFilter filter = 2;

to filter, and then having multiple instances of this access logger seems preferable. And that is already implemented.
Is there a use case where that wouldn't be sufficient?

/wait-any

Updated the description. PTAL

[repokitteh-read-only]

CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).
envoyproxy/dependency-shepherds assignee is @agrawroh

🐱

Caused by: #42676 was synchronize by TAOXUY.

see: more, trace.

[TAOXUY]

Sry for making a push by mistake and loop in so many peoples. I am not maintainers and I cannot unassign the reviewers unfortunately.

[ggreenway]

@wbpcode this feels weird to me from an API level because there's also a filter outside the access logger. But I can see how this would be useful in lowering the amount of config needed for some cases. WDYT?

[kyessenov]

I don't have a strong opinion on adding this API - will let API folks decide. I think you are not saving much on the costs yet (you could have two access logs with two filters, instead of one access log filter each with filter), unless I'm missing something. Generally, you want to evaluate predicate as early as possible, so it's calling for some nested matcher support down the line. Access log filters are difficult to use IMO, harder than it should be.

[TAOXUY]

you could have two access logs with two filters, instead of one access log filter each with filter

That's a good point actually. Though feasible, it seems not ideal.

[ravenblackx]

I believe this PR is waiting for API name change to be reversed.

/wait

[TAOXUY]

I believe this PR is waiting for API name change to be reversed.

/wait

updated.

[ravenblackx]

updated.

No commit has been pushed to the PR. (The waiting label will automatically be removed when a change is pushed.)

Edit: even if github then shows the push as occurring in the past so that the sequence of events looks weird!

[ggreenway]

I still think this is an awkward API with two different levels of the same filtering. @wbpcode can you weigh in as the api-shepherd on this PR?

[TAOXUY]

I still think this is an awkward API with two different levels of the same filtering. @wbpcode can you weigh in as the api-shepherd on this PR?

Hi @ggreenway , not only

I still think this is an awkward API with two different levels of the same filtering. @wbpcode can you weigh in as the api-shepherd on this PR?

Another use case as I put above is that we can use response_flag_filter(one of AccessLogFilter) to filter out connections with errors.

[TAOXUY]

Close for now, I will make another PR for filter tag value.