feat: report attributes as fields #874
Conversation
pdelewski
force-pushed
the
severity-number-as-field
branch
from
72ca7c7 to
1c9bf0c
Compare
|
This shouldn't happen in the exporter, as exporters shouldn't modify data. I think this should be a feature in the schema processor, if anything, and should probably be configurable. |
|
I agree that this should be in a processor. It also seems to be totally independent from what I'm doing right now in |
Thx. Agree, that it should be configurable |
|
A few nits. Please modify |
pkg/processor/sumologicschemaprocessor/log_fields_conversion_processor.go
Outdated
Show resolved
Hide resolved
pkg/processor/sumologicschemaprocessor/log_fields_conversion_processor.go
Outdated
Show resolved
Hide resolved
pkg/processor/sumologicschemaprocessor/log_fields_conversion_processor.go
Outdated
Show resolved
Hide resolved
github-actions
bot
added
the
documentation
pdelewski
force-pushed
the
severity-number-as-field
branch
4 times, most recently
from
edc8148 to
f5996e8
Compare
pdelewski
force-pushed
the
severity-number-as-field
branch
from
f5996e8 to
d670949
Compare
github-actions
bot
removed
go
documentation
github-actions
bot
added
documentation
pdelewski
force-pushed
the
severity-number-as-field
branch
from
c33469d to
e1ad3dd
Compare
pdelewski
force-pushed
the
severity-number-as-field
branch
from
e1ad3dd to
73ea417
Compare
pdelewski
changed the title
|
|
||
| # Defines whether `severity` attribute should be added to record attributes. | ||
| # default = true | ||
| add_severity_level_attribute: {true, false} |
There was a problem hiding this comment.
I propose the following configuration, or something similar:
add_severity_attribute:
enabled: true
attribute_name: loglevelThere was a problem hiding this comment.
Changed configuration and extended to use other fields as well, eg. severity text span id and trace id. That was asked by our customer support, however I'm still waiting for confirmation if client needs that. Anyway, we can always leave it or remove.
There was a problem hiding this comment.
shouldn't this be updated?
There was a problem hiding this comment.
I agree with @astencel-sumo that the configuration added by this PR should be grouped in one major key, instead of producing 4 new config options
There was a problem hiding this comment.
@sumo-drosiek I don't think @astencel-sumo suggested grouping, but maybe I'm wrong?
There was a problem hiding this comment.
Hi @pdelewski any update on this? The customer is inquiring for updates and I don't see any recent movement. Thank you.
There was a problem hiding this comment.
Hi @bnartiff , I will update PR tomorrow. It still requires aprovals. I was also waiting for confirmation regarding fields that customer expects (as originally there were mentioned only severity, recently I updated that to spanid and traceid
There was a problem hiding this comment.
Thanks for the update, I am going to check w/ the customer to confirm the desired fields. Thank you for adding spanid and traceid as well.
There was a problem hiding this comment.
Per customer, "I think severity, spanID, and traceID are a good start. I don’t have any other suggestions/needs at this point. " @pdelewski
pdelewski
force-pushed
the
severity-number-as-field
branch
from
6dbd3a5 to
5f8a0e1
Compare
|
|
||
| In order to report one of them as field, following configuration is needed: | ||
|
|
||
| ```json |
There was a problem hiding this comment.
| ```json | |
| ```yaml |
|
@astencel-sumo @sumo-drosiek @aboguszewski-sumo Could you look at this PR? |
There was a problem hiding this comment.
I have some problems with understanding how should this work in general. As I understand - there are some OTLP fields in logs that are not shown in Sumo, and to fix that, we transform them into regular attributes. Should every of these fields be translated, or only one, selected in the config? The implementation suggests that all of them are translated, but the config suggests that only one of them.
|
|
||
| ### Severity Attribute | ||
|
|
||
| Some fields that log entries consist are not displayed as fields in Sumo Logic out of the box. |
There was a problem hiding this comment.
| Some fields that log entries consist are not displayed as fields in Sumo Logic out of the box. | |
| Some fields that log entries consist of are not displayed as fields in Sumo Logic out of the box. |
|
|
||
| # Defines whether `severity` attribute should be added to record attributes. | ||
| add_severity_number_attribute: | ||
| enabled: true | ||
| attribute_name: "loglevel" | ||
|
|
There was a problem hiding this comment.
Keep it consistent with other examples above in this file, eg.:
add_severity_number_attribute:
# if enabled, then XYZ
# default = true
enabled: {true, false}
# The name that is something
# default = "loglevel"
attribute_name: "loglevel"
| In order to report one of them as field, following configuration is needed: | ||
|
|
||
| ```yaml | ||
| add_severity_number_attribute: | ||
| enabled: true | ||
| attribute_name: "loglevel" | ||
| ``` |
There was a problem hiding this comment.
Can all of them be enabled or only one at one time? Maybe it's better to squash this into one attribute and disable it by selecting none, empty string or something like that?
There was a problem hiding this comment.
My idea was to be able to enable one by one, however I have not seen requirements regarding this from customer side.
There was a problem hiding this comment.
Ok, I've read the discussion above. In my opinion, the best thing would be to define something like this (the name should probably be different, I'm not sure how to call all these attributes):
add_log_metadata_attributes:
metadata: ["severity_no", "severity_text", "span_id", "trace_id"]There was a problem hiding this comment.
ok, I can update implementation according to your suggestion, @astencel-sumo @sumo-drosiek What's your opinion on that? I would like to avoid yet another round of changes regarding configuration.
There was a problem hiding this comment.
I'm not convinced that squashing all configurations into a single property is any better than the current solution. We can discuss in a meeting.
There was a problem hiding this comment.
I'm not convinced that squashing all configurations into a single property is any better than the current solution. We can discuss in a meeting.
same as we skip attribute_name
| name: "addSeverity", | ||
| addSeverity: true, | ||
| createLogs: func() plog.Logs { | ||
| logs := plog.NewLogs() | ||
| log := logs.ResourceLogs().AppendEmpty().ScopeLogs().AppendEmpty().LogRecords().AppendEmpty() | ||
| log.SetSeverityNumber(plog.SeverityNumberInfo) | ||
| log.SetSeverityText("severity") | ||
| var spanIDBytes [8]byte = [8]byte{1, 1, 1, 1, 1, 1, 1, 1} | ||
| log.SetSpanID(spanIDBytes) | ||
| var traceIDBytes [16]byte = [16]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} | ||
| log.SetTraceID(traceIDBytes) | ||
| return logs | ||
| }, | ||
| test: func(outputLogs plog.Logs) { | ||
| attribute1, found := outputLogs.ResourceLogs().At(0).ScopeLogs().At(0).LogRecords().At(0).Attributes().Get("loglevel") | ||
| assert.True(t, found) | ||
| assert.Equal(t, "INFO", attribute1.Str()) | ||
| attribute2, found := outputLogs.ResourceLogs().At(0).ScopeLogs().At(0).LogRecords().At(0).Attributes().Get("severitytext") | ||
| assert.True(t, found) | ||
| assert.Equal(t, "severity", attribute2.Str()) | ||
| attribute3, found := outputLogs.ResourceLogs().At(0).ScopeLogs().At(0).LogRecords().At(0).Attributes().Get("spanid") | ||
| assert.True(t, found) | ||
| assert.Equal(t, "0101010101010101", attribute3.Str()) | ||
| attribute4, found := outputLogs.ResourceLogs().At(0).ScopeLogs().At(0).LogRecords().At(0).Attributes().Get("traceid") | ||
| assert.True(t, found) | ||
| assert.Equal(t, "01010101010101010101010101010101", attribute4.Str()) | ||
|
|
||
| }, | ||
| }, |
There was a problem hiding this comment.
I'm not sure how this works.
In the config (lines 1356+), you set only SeverityNumberAttributeName to be transformed, but here everything is transformed.
|
|
||
| `add_severity_number_attribute` | ||
| `add_severity_text_attribute` | ||
| `add_space_id_attribute` |
There was a problem hiding this comment.
| `add_space_id_attribute` | |
| `add_span_id_attribute` |
| @@ -1298,3 +1353,15 @@ func newAggregateAttributesConfig(aggregations []aggregationPair) *Config { | |||
| config.AggregateAttributes = aggregations | |||
| return config | |||
| } | |||
|
|
|||
| func newLogFieldsConversionConfig(logFieldsConversion bool) *Config { | |||
There was a problem hiding this comment.
The parameter logFieldsConversion does not seem to be used? Which probably indicates that the test coverage is not good enough 😉
There was a problem hiding this comment.
@sumo-drosiek @astencel-sumo @aboguszewski-sumo I updated PR according to our today discussion as well as fixed some bugs. Current configuration looks as suggested by @sumo-drosiek, however I have not changed main key field_attributes yet. (I'm looking for better alternative and inspiration )
field_attributes:
trace_id:
enabled: true
name: traceid
span_id:
enabled: true
name: spanid
If you have suggestion regarding replacing fieldd_attributes with better name, just let me know
pdelewski
force-pushed
the
severity-number-as-field
branch
from
843581b to
a04f125
Compare
pdelewski
force-pushed
the
severity-number-as-field
branch
from
a04f125 to
6b88312
Compare
| enabled: true | ||
| name: "loglevel" | ||
|
|
||
| - ... |
There was a problem hiding this comment.
this line (79) seems redundant
| field_attributes: | ||
| severity_number: | ||
| enabled: true | ||
| name: "loglevel" |
There was a problem hiding this comment.
Info about defaults is missing
@aboguszewski-sumo I updated current test using suggested name |
There is opened bug https://jira.kumoroku.com/jira/browse/SUMO-207676, which is about reporting severity as a field. This PR does similar thing as LokiExporter, adding severity into set of attributes. It's preliminary solution, showing only possible way, not necessarily final solution and question is how do we want to tackle it.