-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generic event support #47
Comments
What are some of the use cases you have in mind? Seems like deployment tracking would be one? Can events have links to a span/transaction/trace? |
Certainly deployment tracking - version promotion/rollback, autoscaling events, failovers, CI status - but really any type of annotation or notable event. I'm not proposing integration with APM UI here, yet. These would be immediately useful on custom TSVBs . Optional links to our other events (trace.id, etc) certainly makes sense. |
I would really like to avoid the term log here. People associate that with, well, logging and that's not the use case we have in mind for this.
What about calling it annotations? The problem with advocating it for low volume logs is that people with high volume log use-cases will eventually also want to use that. I can't remember who it was but someone proposed to have a global concept of annotations, spanning different Kibana applications. To me, it seems like your proposal goes in a similar direction.
For the intake API, why not just leverage the |
Interesting, I wonder if it makes more sense to avoid a specific apm implementation or try to drive that from here then. I'll try to track down more information.
I explained it poorly. The intention is to make it possible to optionally include/exclude process/service/etc info from metadata in the annotation document persisted to elasticsearch, not to specifically add those into the intake for annotations. Currently, spans include only a subset of that information because it can be tracked down in the linked transaction. Metrics include a full set of metadata just like transactions - when we get to user defined metrics we'll probably run into the idea I'm trying to explore here - allowing events (annotations in this case) to live outside of a process or even a service. We considered this briefly in elastic/apm-server#1901 (comment) but as @simitt pointed out there, there are other complications it introduces with merging vs overwriting. To make it concrete, consider this intake:
should that persist a document with all metadata - process, service, system? Should the payload be able to prevent inclusion in the document with something like:
or maybe
|
Even though this is as far as I understand only for the intake AKA internal format it would be still beneficial if it would not conflict with ECS, especially referring to |
@ruflin To be clear, the intake defines agent->apm-server communication, which we intend to keep reasonably compact. The elasticsearch documents generated will continue to adhere to ECS. |
@graphaelli Yes, I'm aware of that. My point was not necessarly to follow ECS but still not conflict with it. I would hope that if long term also internal communication is in ECS where possible. If it's more of a burden at the moment, please ignore it. |
If we allow this format to link to a trace/transaction similar to errors, we could use this to support what OpenTracing calls logs |
@watson's comment turned into some good offline discussions which I'll recap here. There are two types of annotations that seem useful:
and useful in aggregations over, for example, percentiles over This proposal initially targeted 2 directly - that is creating a first class object, alongside transaction/span/error/metric, to capture an event for display on visualizations covering an entire service and per-trace views. Now it's unclear whether it should be expanded to cover 1 and whether this could satisfy opentracing logs. I'm working through options for this effort and whether they can be combined into a single annotation type. |
Just thinking out loud. |
Please any update on this ?? |
I think there's a lot of overlap with the proposal for a logs endpoint in the APM Server. Logs can be more than just a simple message: they can also have the form of a structured event. For .NET we already have a library to construct ECS compatible events with a typesafe API: https://github.com/elastic/ecs-dotnet. See also #252 (comment) |
Agreed on the overlap. Closing this one as logs intake is covered in #252, deployment annotations are already shown, and an annotations API has been added to kibana, covering all of the use cases here. |
Describe the solution you'd like
A simple intake for arbitrary events including a
message
to be used for annotations and low volume logs. eg document:Describe alternatives you've considered
error.exception.log
but it's very difficult to split these into their own index, plus semantics are all wrong.Additional detail
Just starting a discussion here.
include_process
?log
in favor of message? Log is already in ecs.The text was updated successfully, but these errors were encountered: