[Logs Data Telemetry] Add logs-dsns logs-*-* pattern to obs telemetry patterns
#192874
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
|
/ci |
… telemetry log patterns.
awahab07
force-pushed
the
observability-dev-3950-add-logs-dsns-pattern
branch
from
9a65357 to
24c89e9
Compare
awahab07
added
Team:obs-ux-logs
awahab07
added
the
release_note:skip
afharo
approved these changes
Sep 18, 2024
botelastic
bot
added
the
ci:project-deploy-observability
|
@elasticmachine merge upstream |
awahab07
added
backport:skip
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 25, 2024
…ry patterns (elastic#192874) ## Summary Adds the `logs-*-*` logs pattern in observability telemetry patterns to separate out logs with indices named per the Data Stream Naming Scheme ([ref](https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme)) vs. the generic logs indices not conforming to DSNS naming. For a typical scenario (test data), the addition of `logs-*-*` affects the collection as (notice the addition of "dsns-logs" object): <table> <thead> <tr> <th>Before</th> <th>After</th> </tr> </thead> <tbody> <tr> <td> ```yml [ { "pattern_name": "heartbeat", "shipper": "heartbeat", "doc_count": 9530, "structure_level": { "5": 9530 }, "index_count": 1, "failure_store_doc_count": 9530, "failure_store_index_count": 1, "namespace_count": 0, "field_count": 1508, "field_existence": { "container.id": 9530, "log.level": 9530, "container.name": 9530, "host.name": 9530, "host.hostname": 9530, "kubernetes.pod.name": 9530, "kubernetes.pod.uid": 9530, "cloud.provider": 9530, "agent.type": 9530, "event.dataset": 9530, "event.category": 9530, "event.module": 9530, "service.name": 9530, "service.type": 9530, "service.version": 9530, "message": 9530, "event.original": 9530, "error.message": 9530, "@timestamp": 9530, "data_stream.dataset": 9530, "data_stream.namespace": 9530, "data_stream.type": 9530 }, "size_in_bytes": 13090458, "managed_by": [], "package_name": [], "beat": [ "heartbeat" ] }, { "pattern_name": "nginx", "doc_count": 10080, "structure_level": { "6": 10080 }, "index_count": 1, "failure_store_doc_count": 0, "failure_store_index_count": 0, "namespace_count": 1, "field_count": 1562, "field_existence": { "container.id": 10080, "log.level": 10080, "host.name": 10080, "kubernetes.pod.uid": 10080, "cloud.provider": 10080, "event.dataset": 10080, "service.name": 10080, "message": 10080, "@timestamp": 10080, "data_stream.dataset": 10080, "data_stream.namespace": 10080, "data_stream.type": 10080 }, "size_in_bytes": 12098071, "managed_by": [], "package_name": [], "beat": [] }, { "pattern_name": "apache", "doc_count": 1643, "structure_level": { "6": 1643 }, "index_count": 2, "failure_store_doc_count": 0, "failure_store_index_count": 0, "namespace_count": 2, "field_count": 1562, "field_existence": { "container.id": 1643, "log.level": 1643, "host.name": 1643, "kubernetes.pod.uid": 1643, "cloud.provider": 1643, "event.dataset": 1643, "service.name": 1643, "message": 1643, "@timestamp": 1643, "data_stream.dataset": 1643, "data_stream.namespace": 1643, "data_stream.type": 1643 }, "size_in_bytes": 5593675, "managed_by": [], "package_name": [], "beat": [] }, { "pattern_name": "generic-logs", "doc_count": 123979, "structure_level": { "2": 112925, "3": 11054 }, "index_count": 18, "failure_store_doc_count": 2, "failure_store_index_count": 1, "namespace_count": 3, "field_count": 1582, "field_existence": { "container.id": 11054, "log.level": 123979, "host.name": 123979, "kubernetes.pod.uid": 11046, "cloud.provider": 11046, "event.dataset": 11046, "service.name": 123971, "message": 11054, "@timestamp": 123979, "data_stream.dataset": 123979, "data_stream.namespace": 123979, "data_stream.type": 123979 }, "size_in_bytes": 60270084, "managed_by": [], "package_name": [], "beat": [] } ] ``` </td> <td> ```yml [ { "pattern_name": "heartbeat", "shipper": "heartbeat", "doc_count": 9530, "structure_level": { "5": 9530 }, "index_count": 1, "failure_store_doc_count": 9530, "failure_store_index_count": 1, "namespace_count": 0, "field_count": 1508, "field_existence": { "container.id": 9530, "log.level": 9530, "container.name": 9530, "host.name": 9530, "host.hostname": 9530, "kubernetes.pod.name": 9530, "kubernetes.pod.uid": 9530, "cloud.provider": 9530, "agent.type": 9530, "event.dataset": 9530, "event.category": 9530, "event.module": 9530, "service.name": 9530, "service.type": 9530, "service.version": 9530, "message": 9530, "event.original": 9530, "error.message": 9530, "@timestamp": 9530, "data_stream.dataset": 9530, "data_stream.namespace": 9530, "data_stream.type": 9530 }, "size_in_bytes": 13090458, "managed_by": [], "package_name": [], "beat": [ "heartbeat" ] }, { "pattern_name": "nginx", "doc_count": 10080, "structure_level": { "6": 10080 }, "index_count": 1, "failure_store_doc_count": 0, "failure_store_index_count": 0, "namespace_count": 1, "field_count": 1562, "field_existence": { "container.id": 10080, "log.level": 10080, "host.name": 10080, "kubernetes.pod.uid": 10080, "cloud.provider": 10080, "event.dataset": 10080, "service.name": 10080, "message": 10080, "@timestamp": 10080, "data_stream.dataset": 10080, "data_stream.namespace": 10080, "data_stream.type": 10080 }, "size_in_bytes": 12098071, "managed_by": [], "package_name": [], "beat": [] }, { "pattern_name": "apache", "doc_count": 1643, "structure_level": { "6": 1643 }, "index_count": 2, "failure_store_doc_count": 0, "failure_store_index_count": 0, "namespace_count": 2, "field_count": 1562, "field_existence": { "container.id": 1643, "log.level": 1643, "host.name": 1643, "kubernetes.pod.uid": 1643, "cloud.provider": 1643, "event.dataset": 1643, "service.name": 1643, "message": 1643, "@timestamp": 1643, "data_stream.dataset": 1643, "data_stream.namespace": 1643, "data_stream.type": 1643 }, "size_in_bytes": 5593675, "managed_by": [], "package_name": [], "beat": [] }, { "pattern_name": "dsns-logs", "doc_count": 123971, "structure_level": { "2": 112925, "6": 11046 }, "index_count": 17, "failure_store_doc_count": 0, "failure_store_index_count": 0, "namespace_count": 2, "field_count": 1581, "field_existence": { "container.id": 11046, "log.level": 123971, "host.name": 123971, "kubernetes.pod.uid": 11046, "cloud.provider": 11046, "event.dataset": 11046, "service.name": 123971, "message": 11046, "@timestamp": 123971, "data_stream.dataset": 123971, "data_stream.namespace": 123971, "data_stream.type": 123971 }, "size_in_bytes": 60245641, "managed_by": [], "package_name": [], "beat": [] }, { "pattern_name": "generic-logs", "doc_count": 8, "structure_level": { "3": 8 }, "index_count": 1, "failure_store_doc_count": 2, "failure_store_index_count": 1, "namespace_count": 3, "field_count": 1582, "field_existence": { "container.id": 8, "log.level": 8, "host.name": 8, "message": 8, "@timestamp": 8, "data_stream.dataset": 8, "data_stream.namespace": 8, "data_stream.type": 8 }, "size_in_bytes": 24826, "managed_by": [], "package_name": [], "beat": [] } ] ``` </td> </tr> </tbody> </table> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 8d7dad2)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Sep 25, 2024
…n to obs telemetry patterns (#192874) (#193969) # Backport This will backport the following commits from `main` to `8.x`: - [[Logs Data Telemetry] Add logs-dsns `logs-*-*` pattern to obs telemetry patterns (#192874)](#192874) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Abdul Wahab Zahid","email":"awahab07@yahoo.com"},"sourceCommit":{"committedDate":"2024-09-25T10:57:48Z","message":"[Logs Data Telemetry] Add logs-dsns `logs-*-*` pattern to obs telemetry patterns (#192874)\n\n## Summary\r\n\r\nAdds the `logs-*-*` logs pattern in observability telemetry patterns to\r\nseparate out logs with indices named per the Data Stream Naming Scheme\r\n([ref](https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme))\r\nvs. the generic logs indices not conforming to DSNS naming.\r\n\r\nFor a typical scenario (test data), the addition of `logs-*-*` affects\r\nthe collection as (notice the addition of \"dsns-logs\" object):\r\n<table>\r\n <thead>\r\n <tr>\r\n <th>Before</th>\r\n <th>After</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>\r\n\r\n```yml\r\n[\r\n {\r\n \"pattern_name\": \"heartbeat\",\r\n \"shipper\": \"heartbeat\",\r\n \"doc_count\": 9530,\r\n \"structure_level\": {\r\n \"5\": 9530\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 9530,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 0,\r\n \"field_count\": 1508,\r\n \"field_existence\": {\r\n \"container.id\": 9530,\r\n \"log.level\": 9530,\r\n \"container.name\": 9530,\r\n \"host.name\": 9530,\r\n \"host.hostname\": 9530,\r\n \"kubernetes.pod.name\": 9530,\r\n \"kubernetes.pod.uid\": 9530,\r\n \"cloud.provider\": 9530,\r\n \"agent.type\": 9530,\r\n \"event.dataset\": 9530,\r\n \"event.category\": 9530,\r\n \"event.module\": 9530,\r\n \"service.name\": 9530,\r\n \"service.type\": 9530,\r\n \"service.version\": 9530,\r\n \"message\": 9530,\r\n \"event.original\": 9530,\r\n \"error.message\": 9530,\r\n \"@timestamp\": 9530,\r\n \"data_stream.dataset\": 9530,\r\n \"data_stream.namespace\": 9530,\r\n \"data_stream.type\": 9530\r\n },\r\n \"size_in_bytes\": 13090458,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": [\r\n \"heartbeat\"\r\n ]\r\n },\r\n {\r\n \"pattern_name\": \"nginx\",\r\n \"doc_count\": 10080,\r\n \"structure_level\": {\r\n \"6\": 10080\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 1,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 10080,\r\n \"log.level\": 10080,\r\n \"host.name\": 10080,\r\n \"kubernetes.pod.uid\": 10080,\r\n \"cloud.provider\": 10080,\r\n \"event.dataset\": 10080,\r\n \"service.name\": 10080,\r\n \"message\": 10080,\r\n \"@timestamp\": 10080,\r\n \"data_stream.dataset\": 10080,\r\n \"data_stream.namespace\": 10080,\r\n \"data_stream.type\": 10080\r\n },\r\n \"size_in_bytes\": 12098071,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"apache\",\r\n \"doc_count\": 1643,\r\n \"structure_level\": {\r\n \"6\": 1643\r\n },\r\n \"index_count\": 2,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 1643,\r\n \"log.level\": 1643,\r\n \"host.name\": 1643,\r\n \"kubernetes.pod.uid\": 1643,\r\n \"cloud.provider\": 1643,\r\n \"event.dataset\": 1643,\r\n \"service.name\": 1643,\r\n \"message\": 1643,\r\n \"@timestamp\": 1643,\r\n \"data_stream.dataset\": 1643,\r\n \"data_stream.namespace\": 1643,\r\n \"data_stream.type\": 1643\r\n },\r\n \"size_in_bytes\": 5593675,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"generic-logs\",\r\n \"doc_count\": 123979,\r\n \"structure_level\": {\r\n \"2\": 112925,\r\n \"3\": 11054\r\n },\r\n \"index_count\": 18,\r\n \"failure_store_doc_count\": 2,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 3,\r\n \"field_count\": 1582,\r\n \"field_existence\": {\r\n \"container.id\": 11054,\r\n \"log.level\": 123979,\r\n \"host.name\": 123979,\r\n \"kubernetes.pod.uid\": 11046,\r\n \"cloud.provider\": 11046,\r\n \"event.dataset\": 11046,\r\n \"service.name\": 123971,\r\n \"message\": 11054,\r\n \"@timestamp\": 123979,\r\n \"data_stream.dataset\": 123979,\r\n \"data_stream.namespace\": 123979,\r\n \"data_stream.type\": 123979\r\n },\r\n \"size_in_bytes\": 60270084,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n }\r\n]\r\n```\r\n\r\n</td>\r\n <td>\r\n\r\n```yml\r\n[\r\n {\r\n \"pattern_name\": \"heartbeat\",\r\n \"shipper\": \"heartbeat\",\r\n \"doc_count\": 9530,\r\n \"structure_level\": {\r\n \"5\": 9530\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 9530,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 0,\r\n \"field_count\": 1508,\r\n \"field_existence\": {\r\n \"container.id\": 9530,\r\n \"log.level\": 9530,\r\n \"container.name\": 9530,\r\n \"host.name\": 9530,\r\n \"host.hostname\": 9530,\r\n \"kubernetes.pod.name\": 9530,\r\n \"kubernetes.pod.uid\": 9530,\r\n \"cloud.provider\": 9530,\r\n \"agent.type\": 9530,\r\n \"event.dataset\": 9530,\r\n \"event.category\": 9530,\r\n \"event.module\": 9530,\r\n \"service.name\": 9530,\r\n \"service.type\": 9530,\r\n \"service.version\": 9530,\r\n \"message\": 9530,\r\n \"event.original\": 9530,\r\n \"error.message\": 9530,\r\n \"@timestamp\": 9530,\r\n \"data_stream.dataset\": 9530,\r\n \"data_stream.namespace\": 9530,\r\n \"data_stream.type\": 9530\r\n },\r\n \"size_in_bytes\": 13090458,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": [\r\n \"heartbeat\"\r\n ]\r\n },\r\n {\r\n \"pattern_name\": \"nginx\",\r\n \"doc_count\": 10080,\r\n \"structure_level\": {\r\n \"6\": 10080\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 1,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 10080,\r\n \"log.level\": 10080,\r\n \"host.name\": 10080,\r\n \"kubernetes.pod.uid\": 10080,\r\n \"cloud.provider\": 10080,\r\n \"event.dataset\": 10080,\r\n \"service.name\": 10080,\r\n \"message\": 10080,\r\n \"@timestamp\": 10080,\r\n \"data_stream.dataset\": 10080,\r\n \"data_stream.namespace\": 10080,\r\n \"data_stream.type\": 10080\r\n },\r\n \"size_in_bytes\": 12098071,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"apache\",\r\n \"doc_count\": 1643,\r\n \"structure_level\": {\r\n \"6\": 1643\r\n },\r\n \"index_count\": 2,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 1643,\r\n \"log.level\": 1643,\r\n \"host.name\": 1643,\r\n \"kubernetes.pod.uid\": 1643,\r\n \"cloud.provider\": 1643,\r\n \"event.dataset\": 1643,\r\n \"service.name\": 1643,\r\n \"message\": 1643,\r\n \"@timestamp\": 1643,\r\n \"data_stream.dataset\": 1643,\r\n \"data_stream.namespace\": 1643,\r\n \"data_stream.type\": 1643\r\n },\r\n \"size_in_bytes\": 5593675,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"dsns-logs\",\r\n \"doc_count\": 123971,\r\n \"structure_level\": {\r\n \"2\": 112925,\r\n \"6\": 11046\r\n },\r\n \"index_count\": 17,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1581,\r\n \"field_existence\": {\r\n \"container.id\": 11046,\r\n \"log.level\": 123971,\r\n \"host.name\": 123971,\r\n \"kubernetes.pod.uid\": 11046,\r\n \"cloud.provider\": 11046,\r\n \"event.dataset\": 11046,\r\n \"service.name\": 123971,\r\n \"message\": 11046,\r\n \"@timestamp\": 123971,\r\n \"data_stream.dataset\": 123971,\r\n \"data_stream.namespace\": 123971,\r\n \"data_stream.type\": 123971\r\n },\r\n \"size_in_bytes\": 60245641,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"generic-logs\",\r\n \"doc_count\": 8,\r\n \"structure_level\": {\r\n \"3\": 8\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 2,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 3,\r\n \"field_count\": 1582,\r\n \"field_existence\": {\r\n \"container.id\": 8,\r\n \"log.level\": 8,\r\n \"host.name\": 8,\r\n \"message\": 8,\r\n \"@timestamp\": 8,\r\n \"data_stream.dataset\": 8,\r\n \"data_stream.namespace\": 8,\r\n \"data_stream.type\": 8\r\n },\r\n \"size_in_bytes\": 24826,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n }\r\n]\r\n```\r\n\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"8d7dad266d8515509e5c7aa5029680f76e7cc348","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability"],"title":"[Logs Data Telemetry] Add logs-dsns `logs-*-*` pattern to obs telemetry patterns","number":192874,"url":"https://github.com/elastic/kibana/pull/192874","mergeCommit":{"message":"[Logs Data Telemetry] Add logs-dsns `logs-*-*` pattern to obs telemetry patterns (#192874)\n\n## Summary\r\n\r\nAdds the `logs-*-*` logs pattern in observability telemetry patterns to\r\nseparate out logs with indices named per the Data Stream Naming Scheme\r\n([ref](https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme))\r\nvs. the generic logs indices not conforming to DSNS naming.\r\n\r\nFor a typical scenario (test data), the addition of `logs-*-*` affects\r\nthe collection as (notice the addition of \"dsns-logs\" object):\r\n<table>\r\n <thead>\r\n <tr>\r\n <th>Before</th>\r\n <th>After</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>\r\n\r\n```yml\r\n[\r\n {\r\n \"pattern_name\": \"heartbeat\",\r\n \"shipper\": \"heartbeat\",\r\n \"doc_count\": 9530,\r\n \"structure_level\": {\r\n \"5\": 9530\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 9530,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 0,\r\n \"field_count\": 1508,\r\n \"field_existence\": {\r\n \"container.id\": 9530,\r\n \"log.level\": 9530,\r\n \"container.name\": 9530,\r\n \"host.name\": 9530,\r\n \"host.hostname\": 9530,\r\n \"kubernetes.pod.name\": 9530,\r\n \"kubernetes.pod.uid\": 9530,\r\n \"cloud.provider\": 9530,\r\n \"agent.type\": 9530,\r\n \"event.dataset\": 9530,\r\n \"event.category\": 9530,\r\n \"event.module\": 9530,\r\n \"service.name\": 9530,\r\n \"service.type\": 9530,\r\n \"service.version\": 9530,\r\n \"message\": 9530,\r\n \"event.original\": 9530,\r\n \"error.message\": 9530,\r\n \"@timestamp\": 9530,\r\n \"data_stream.dataset\": 9530,\r\n \"data_stream.namespace\": 9530,\r\n \"data_stream.type\": 9530\r\n },\r\n \"size_in_bytes\": 13090458,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": [\r\n \"heartbeat\"\r\n ]\r\n },\r\n {\r\n \"pattern_name\": \"nginx\",\r\n \"doc_count\": 10080,\r\n \"structure_level\": {\r\n \"6\": 10080\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 1,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 10080,\r\n \"log.level\": 10080,\r\n \"host.name\": 10080,\r\n \"kubernetes.pod.uid\": 10080,\r\n \"cloud.provider\": 10080,\r\n \"event.dataset\": 10080,\r\n \"service.name\": 10080,\r\n \"message\": 10080,\r\n \"@timestamp\": 10080,\r\n \"data_stream.dataset\": 10080,\r\n \"data_stream.namespace\": 10080,\r\n \"data_stream.type\": 10080\r\n },\r\n \"size_in_bytes\": 12098071,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"apache\",\r\n \"doc_count\": 1643,\r\n \"structure_level\": {\r\n \"6\": 1643\r\n },\r\n \"index_count\": 2,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 1643,\r\n \"log.level\": 1643,\r\n \"host.name\": 1643,\r\n \"kubernetes.pod.uid\": 1643,\r\n \"cloud.provider\": 1643,\r\n \"event.dataset\": 1643,\r\n \"service.name\": 1643,\r\n \"message\": 1643,\r\n \"@timestamp\": 1643,\r\n \"data_stream.dataset\": 1643,\r\n \"data_stream.namespace\": 1643,\r\n \"data_stream.type\": 1643\r\n },\r\n \"size_in_bytes\": 5593675,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"generic-logs\",\r\n \"doc_count\": 123979,\r\n \"structure_level\": {\r\n \"2\": 112925,\r\n \"3\": 11054\r\n },\r\n \"index_count\": 18,\r\n \"failure_store_doc_count\": 2,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 3,\r\n \"field_count\": 1582,\r\n \"field_existence\": {\r\n \"container.id\": 11054,\r\n \"log.level\": 123979,\r\n \"host.name\": 123979,\r\n \"kubernetes.pod.uid\": 11046,\r\n \"cloud.provider\": 11046,\r\n \"event.dataset\": 11046,\r\n \"service.name\": 123971,\r\n \"message\": 11054,\r\n \"@timestamp\": 123979,\r\n \"data_stream.dataset\": 123979,\r\n \"data_stream.namespace\": 123979,\r\n \"data_stream.type\": 123979\r\n },\r\n \"size_in_bytes\": 60270084,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n }\r\n]\r\n```\r\n\r\n</td>\r\n <td>\r\n\r\n```yml\r\n[\r\n {\r\n \"pattern_name\": \"heartbeat\",\r\n \"shipper\": \"heartbeat\",\r\n \"doc_count\": 9530,\r\n \"structure_level\": {\r\n \"5\": 9530\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 9530,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 0,\r\n \"field_count\": 1508,\r\n \"field_existence\": {\r\n \"container.id\": 9530,\r\n \"log.level\": 9530,\r\n \"container.name\": 9530,\r\n \"host.name\": 9530,\r\n \"host.hostname\": 9530,\r\n \"kubernetes.pod.name\": 9530,\r\n \"kubernetes.pod.uid\": 9530,\r\n \"cloud.provider\": 9530,\r\n \"agent.type\": 9530,\r\n \"event.dataset\": 9530,\r\n \"event.category\": 9530,\r\n \"event.module\": 9530,\r\n \"service.name\": 9530,\r\n \"service.type\": 9530,\r\n \"service.version\": 9530,\r\n \"message\": 9530,\r\n \"event.original\": 9530,\r\n \"error.message\": 9530,\r\n \"@timestamp\": 9530,\r\n \"data_stream.dataset\": 9530,\r\n \"data_stream.namespace\": 9530,\r\n \"data_stream.type\": 9530\r\n },\r\n \"size_in_bytes\": 13090458,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": [\r\n \"heartbeat\"\r\n ]\r\n },\r\n {\r\n \"pattern_name\": \"nginx\",\r\n \"doc_count\": 10080,\r\n \"structure_level\": {\r\n \"6\": 10080\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 1,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 10080,\r\n \"log.level\": 10080,\r\n \"host.name\": 10080,\r\n \"kubernetes.pod.uid\": 10080,\r\n \"cloud.provider\": 10080,\r\n \"event.dataset\": 10080,\r\n \"service.name\": 10080,\r\n \"message\": 10080,\r\n \"@timestamp\": 10080,\r\n \"data_stream.dataset\": 10080,\r\n \"data_stream.namespace\": 10080,\r\n \"data_stream.type\": 10080\r\n },\r\n \"size_in_bytes\": 12098071,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"apache\",\r\n \"doc_count\": 1643,\r\n \"structure_level\": {\r\n \"6\": 1643\r\n },\r\n \"index_count\": 2,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 1643,\r\n \"log.level\": 1643,\r\n \"host.name\": 1643,\r\n \"kubernetes.pod.uid\": 1643,\r\n \"cloud.provider\": 1643,\r\n \"event.dataset\": 1643,\r\n \"service.name\": 1643,\r\n \"message\": 1643,\r\n \"@timestamp\": 1643,\r\n \"data_stream.dataset\": 1643,\r\n \"data_stream.namespace\": 1643,\r\n \"data_stream.type\": 1643\r\n },\r\n \"size_in_bytes\": 5593675,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"dsns-logs\",\r\n \"doc_count\": 123971,\r\n \"structure_level\": {\r\n \"2\": 112925,\r\n \"6\": 11046\r\n },\r\n \"index_count\": 17,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1581,\r\n \"field_existence\": {\r\n \"container.id\": 11046,\r\n \"log.level\": 123971,\r\n \"host.name\": 123971,\r\n \"kubernetes.pod.uid\": 11046,\r\n \"cloud.provider\": 11046,\r\n \"event.dataset\": 11046,\r\n \"service.name\": 123971,\r\n \"message\": 11046,\r\n \"@timestamp\": 123971,\r\n \"data_stream.dataset\": 123971,\r\n \"data_stream.namespace\": 123971,\r\n \"data_stream.type\": 123971\r\n },\r\n \"size_in_bytes\": 60245641,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"generic-logs\",\r\n \"doc_count\": 8,\r\n \"structure_level\": {\r\n \"3\": 8\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 2,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 3,\r\n \"field_count\": 1582,\r\n \"field_existence\": {\r\n \"container.id\": 8,\r\n \"log.level\": 8,\r\n \"host.name\": 8,\r\n \"message\": 8,\r\n \"@timestamp\": 8,\r\n \"data_stream.dataset\": 8,\r\n \"data_stream.namespace\": 8,\r\n \"data_stream.type\": 8\r\n },\r\n \"size_in_bytes\": 24826,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n }\r\n]\r\n```\r\n\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"8d7dad266d8515509e5c7aa5029680f76e7cc348"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192874","number":192874,"mergeCommit":{"message":"[Logs Data Telemetry] Add logs-dsns `logs-*-*` pattern to obs telemetry patterns (#192874)\n\n## Summary\r\n\r\nAdds the `logs-*-*` logs pattern in observability telemetry patterns to\r\nseparate out logs with indices named per the Data Stream Naming Scheme\r\n([ref](https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme))\r\nvs. the generic logs indices not conforming to DSNS naming.\r\n\r\nFor a typical scenario (test data), the addition of `logs-*-*` affects\r\nthe collection as (notice the addition of \"dsns-logs\" object):\r\n<table>\r\n <thead>\r\n <tr>\r\n <th>Before</th>\r\n <th>After</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>\r\n\r\n```yml\r\n[\r\n {\r\n \"pattern_name\": \"heartbeat\",\r\n \"shipper\": \"heartbeat\",\r\n \"doc_count\": 9530,\r\n \"structure_level\": {\r\n \"5\": 9530\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 9530,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 0,\r\n \"field_count\": 1508,\r\n \"field_existence\": {\r\n \"container.id\": 9530,\r\n \"log.level\": 9530,\r\n \"container.name\": 9530,\r\n \"host.name\": 9530,\r\n \"host.hostname\": 9530,\r\n \"kubernetes.pod.name\": 9530,\r\n \"kubernetes.pod.uid\": 9530,\r\n \"cloud.provider\": 9530,\r\n \"agent.type\": 9530,\r\n \"event.dataset\": 9530,\r\n \"event.category\": 9530,\r\n \"event.module\": 9530,\r\n \"service.name\": 9530,\r\n \"service.type\": 9530,\r\n \"service.version\": 9530,\r\n \"message\": 9530,\r\n \"event.original\": 9530,\r\n \"error.message\": 9530,\r\n \"@timestamp\": 9530,\r\n \"data_stream.dataset\": 9530,\r\n \"data_stream.namespace\": 9530,\r\n \"data_stream.type\": 9530\r\n },\r\n \"size_in_bytes\": 13090458,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": [\r\n \"heartbeat\"\r\n ]\r\n },\r\n {\r\n \"pattern_name\": \"nginx\",\r\n \"doc_count\": 10080,\r\n \"structure_level\": {\r\n \"6\": 10080\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 1,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 10080,\r\n \"log.level\": 10080,\r\n \"host.name\": 10080,\r\n \"kubernetes.pod.uid\": 10080,\r\n \"cloud.provider\": 10080,\r\n \"event.dataset\": 10080,\r\n \"service.name\": 10080,\r\n \"message\": 10080,\r\n \"@timestamp\": 10080,\r\n \"data_stream.dataset\": 10080,\r\n \"data_stream.namespace\": 10080,\r\n \"data_stream.type\": 10080\r\n },\r\n \"size_in_bytes\": 12098071,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"apache\",\r\n \"doc_count\": 1643,\r\n \"structure_level\": {\r\n \"6\": 1643\r\n },\r\n \"index_count\": 2,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 1643,\r\n \"log.level\": 1643,\r\n \"host.name\": 1643,\r\n \"kubernetes.pod.uid\": 1643,\r\n \"cloud.provider\": 1643,\r\n \"event.dataset\": 1643,\r\n \"service.name\": 1643,\r\n \"message\": 1643,\r\n \"@timestamp\": 1643,\r\n \"data_stream.dataset\": 1643,\r\n \"data_stream.namespace\": 1643,\r\n \"data_stream.type\": 1643\r\n },\r\n \"size_in_bytes\": 5593675,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"generic-logs\",\r\n \"doc_count\": 123979,\r\n \"structure_level\": {\r\n \"2\": 112925,\r\n \"3\": 11054\r\n },\r\n \"index_count\": 18,\r\n \"failure_store_doc_count\": 2,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 3,\r\n \"field_count\": 1582,\r\n \"field_existence\": {\r\n \"container.id\": 11054,\r\n \"log.level\": 123979,\r\n \"host.name\": 123979,\r\n \"kubernetes.pod.uid\": 11046,\r\n \"cloud.provider\": 11046,\r\n \"event.dataset\": 11046,\r\n \"service.name\": 123971,\r\n \"message\": 11054,\r\n \"@timestamp\": 123979,\r\n \"data_stream.dataset\": 123979,\r\n \"data_stream.namespace\": 123979,\r\n \"data_stream.type\": 123979\r\n },\r\n \"size_in_bytes\": 60270084,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n }\r\n]\r\n```\r\n\r\n</td>\r\n <td>\r\n\r\n```yml\r\n[\r\n {\r\n \"pattern_name\": \"heartbeat\",\r\n \"shipper\": \"heartbeat\",\r\n \"doc_count\": 9530,\r\n \"structure_level\": {\r\n \"5\": 9530\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 9530,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 0,\r\n \"field_count\": 1508,\r\n \"field_existence\": {\r\n \"container.id\": 9530,\r\n \"log.level\": 9530,\r\n \"container.name\": 9530,\r\n \"host.name\": 9530,\r\n \"host.hostname\": 9530,\r\n \"kubernetes.pod.name\": 9530,\r\n \"kubernetes.pod.uid\": 9530,\r\n \"cloud.provider\": 9530,\r\n \"agent.type\": 9530,\r\n \"event.dataset\": 9530,\r\n \"event.category\": 9530,\r\n \"event.module\": 9530,\r\n \"service.name\": 9530,\r\n \"service.type\": 9530,\r\n \"service.version\": 9530,\r\n \"message\": 9530,\r\n \"event.original\": 9530,\r\n \"error.message\": 9530,\r\n \"@timestamp\": 9530,\r\n \"data_stream.dataset\": 9530,\r\n \"data_stream.namespace\": 9530,\r\n \"data_stream.type\": 9530\r\n },\r\n \"size_in_bytes\": 13090458,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": [\r\n \"heartbeat\"\r\n ]\r\n },\r\n {\r\n \"pattern_name\": \"nginx\",\r\n \"doc_count\": 10080,\r\n \"structure_level\": {\r\n \"6\": 10080\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 1,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 10080,\r\n \"log.level\": 10080,\r\n \"host.name\": 10080,\r\n \"kubernetes.pod.uid\": 10080,\r\n \"cloud.provider\": 10080,\r\n \"event.dataset\": 10080,\r\n \"service.name\": 10080,\r\n \"message\": 10080,\r\n \"@timestamp\": 10080,\r\n \"data_stream.dataset\": 10080,\r\n \"data_stream.namespace\": 10080,\r\n \"data_stream.type\": 10080\r\n },\r\n \"size_in_bytes\": 12098071,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"apache\",\r\n \"doc_count\": 1643,\r\n \"structure_level\": {\r\n \"6\": 1643\r\n },\r\n \"index_count\": 2,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1562,\r\n \"field_existence\": {\r\n \"container.id\": 1643,\r\n \"log.level\": 1643,\r\n \"host.name\": 1643,\r\n \"kubernetes.pod.uid\": 1643,\r\n \"cloud.provider\": 1643,\r\n \"event.dataset\": 1643,\r\n \"service.name\": 1643,\r\n \"message\": 1643,\r\n \"@timestamp\": 1643,\r\n \"data_stream.dataset\": 1643,\r\n \"data_stream.namespace\": 1643,\r\n \"data_stream.type\": 1643\r\n },\r\n \"size_in_bytes\": 5593675,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"dsns-logs\",\r\n \"doc_count\": 123971,\r\n \"structure_level\": {\r\n \"2\": 112925,\r\n \"6\": 11046\r\n },\r\n \"index_count\": 17,\r\n \"failure_store_doc_count\": 0,\r\n \"failure_store_index_count\": 0,\r\n \"namespace_count\": 2,\r\n \"field_count\": 1581,\r\n \"field_existence\": {\r\n \"container.id\": 11046,\r\n \"log.level\": 123971,\r\n \"host.name\": 123971,\r\n \"kubernetes.pod.uid\": 11046,\r\n \"cloud.provider\": 11046,\r\n \"event.dataset\": 11046,\r\n \"service.name\": 123971,\r\n \"message\": 11046,\r\n \"@timestamp\": 123971,\r\n \"data_stream.dataset\": 123971,\r\n \"data_stream.namespace\": 123971,\r\n \"data_stream.type\": 123971\r\n },\r\n \"size_in_bytes\": 60245641,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n },\r\n {\r\n \"pattern_name\": \"generic-logs\",\r\n \"doc_count\": 8,\r\n \"structure_level\": {\r\n \"3\": 8\r\n },\r\n \"index_count\": 1,\r\n \"failure_store_doc_count\": 2,\r\n \"failure_store_index_count\": 1,\r\n \"namespace_count\": 3,\r\n \"field_count\": 1582,\r\n \"field_existence\": {\r\n \"container.id\": 8,\r\n \"log.level\": 8,\r\n \"host.name\": 8,\r\n \"message\": 8,\r\n \"@timestamp\": 8,\r\n \"data_stream.dataset\": 8,\r\n \"data_stream.namespace\": 8,\r\n \"data_stream.type\": 8\r\n },\r\n \"size_in_bytes\": 24826,\r\n \"managed_by\": [],\r\n \"package_name\": [],\r\n \"beat\": []\r\n }\r\n]\r\n```\r\n\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"8d7dad266d8515509e5c7aa5029680f76e7cc348"}}]}] BACKPORT--> Co-authored-by: Abdul Wahab Zahid <awahab07@yahoo.com>
|
Pinging @elastic/obs-ux-logs-team (Team:obs-ux-logs) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds the
logs-*-*logs pattern in observability telemetry patterns to separate out logs with indices named per the Data Stream Naming Scheme (ref) vs. the generic logs indices not conforming to DSNS naming.For a typical scenario (test data), the addition of
logs-*-*affects the collection as (notice the addition of "dsns-logs" object):