-
Notifications
You must be signed in to change notification settings - Fork 525
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
processor/otel: index span events as logs #6122
Conversation
a70b1c0
to
2271a7c
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪 |
e4c145d
to
77b0554
Compare
Produce log events for non-exception span events, capturing the span event name as the log message, and all other attributes as labels. We only index logs when data streams are enabled; they are dropped when classic indices are in use.
@bmorelli25 @cyrille-leclerc FYI I've made a few minor edits to the Jaeger and OpenTelemetry docs, removing the caveats related to span events. There were also some outdated caveats listed in the docs related to metrics which I've removed as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Produce log events for non-exception span events, capturing the span event name as the log message, and all other attributes as labels. We only index logs when data streams are enabled; they are dropped when classic indices are in use. (cherry picked from commit 6c9bfad) # Conflicts: # changelogs/head.asciidoc
I love this step forward and I would like to review the naming conventions for the different datastreams. For an application Your code (here) let me think you propose the datastream I had a different idea in mind. My thoughts are:
|
The "custom" you see is just a unit test. The namespace is user-defined when they create their agent policy in Fleet, and is the same for all data streams produced by the APM server corresponding to that policy. The team has discussed in the past the idea of permitting templates in the namespace, e.g. set it to
I don't think it's necessary. The index has the same structure regardless of the application. This is somewhat aspirational: OTel attributes are dynamically mapped as
See also #3873 (comment)
Perhaps we don't need the common prefix. One thing we would need to check is whether the UI has permissions to read all
The reason for having the service name in the application metrics data stream is because in that case only, there are going to be dynamically mapped fields which
|
* processor/otel: index span events as logs (#6122) Produce log events for non-exception span events, capturing the span event name as the log message, and all other attributes as labels. We only index logs when data streams are enabled; they are dropped when classic indices are in use. (cherry picked from commit 6c9bfad) # Conflicts: # changelogs/head.asciidoc * Delete head.asciidoc Co-authored-by: Andrew Wilkins <axw@elastic.co>
Confirmed that logs are indexed with datastreams enabled, and not indexed with datastreams disabled. The logs didn't show up in the "logs" tab, though. |
issue: #6544 |
Confirmed with BC3 |
@axw could we please have a screenshot with a somewhat realistic example of span event composed of a name and a bunch of attributes? cc @amena-siddiqi If you can
|
Span events will appear in the trace logs tab.
AFAIK, the message column is simply taken from the value of the apm-server/processor/otel/traces.go Line 873 in 793f99a
|
Many thanks @axw .
My understanding is that this visualization of the span events that would be different from the visualization of raw log messages may require a different renderer for log messages and for span events. Would that make sense? |
Those fields will be present on the log document, but not all fields will be. Labels will not be.
Message and timestamp 100% belong on the top level, and probably the service name. Attributes will likely get a bit busy. I think they belong in a flyout, which we don't yet have but is tracked in elastic/kibana#111325
I'm having trouble parsing this. Can you restate, please? |
If we want a special visualization in the logs tab, then we will need to evolve the "logs visualization tab" to have dedicated rendering for "span events" and for "raw log messages". As you propose for the moment to rely on the flyout, the question of a dedicated renderer is not needed |
Motivation/summary
Produce log events for non-exception OpenTelemetry span events, capturing the span event name as the log message, and all other attributes as labels. We only index logs when data streams are enabled; they are dropped when classic indices are in use.
Checklist
How to test these changes
logs-apm.app-<namespace>
and show up in the "Logs" panel for a trace sampleRelated issues
Closes #4715
Closes #3338