Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Infra UI] Add graphql query to retrieve log entries from a configured source #21306

Merged
merged 5 commits into from
Aug 15, 2018
Merged

[Infra UI] Add graphql query to retrieve log entries from a configured source #21306

merged 5 commits into from
Aug 15, 2018

Conversation

weltenwort
Copy link
Member

@weltenwort weltenwort commented Jul 26, 2018
edited
Loading

New GraphQL field InfraSource.logEntriesAround()

The new logEntriesAround() field of the InfraSource type allows for retrieval of a chunk of consecutive log entries preceding and following a certain position in the event stream.

  extend type InfraSource {
    "A consecutive span of log entries following a point in time"
    logEntriesAfter(
      "The sort key that corresponds to the point in time"
      key: InfraTimeKeyInput!
      "The maximum number of preceding to return"
      countBefore: Int = 0
      "The maximum number of following to return"
      countAfter: Int = 0
      "The query to filter the log entries by"
      filterQuery: String
      "The query to highlight the log entries with"
      highlightQuery: String
    ): InfraLogEntryInterval!
  }

Example

{
  source(id: "default") {
    id
    logEntriesAround(key: {time: 1531836161000, tiebreaker: 949}, countBefore: 3, countAfter: 3) {
      entries {
        gid
        key {
          time
          tiebreaker
        }
        message {
          ... on InfraLogMessageFieldSegment {
            field
            value
          }
          ... on InfraLogMessageConstantSegment {
            constant
          }
        }
      }
    }
  }
}

New GraphQL field InfraSource.logEntriesBetween()

The new logEntriesBetween() field of the InfraSource type allows for retrieval of a chunk of consecutive log entries between two positions in the event stream (exclusively).

  extend type InfraSource {
    "A consecutive span of log entries within an interval"
    logEntriesBetween(
      "The sort key that corresponds to the start of the interval"
      startKey: InfraTimeKeyInput!
      "The sort key that corresponds to the end of the interval"
      endKey: InfraTimeKeyInput!
      "The query to filter the log entries by"
      filterQuery: String
      "The query to highlight the log entries with"
      highlightQuery: String
    ): InfraLogEntryInterval!
  }

Example

{
  source(id: "default") {
    id
    logEntriesBetween(startKey: {time: 1531836159000, tiebreaker: 947}, endKey: {time: 1531836161000, tiebreaker: 953}) {
      entries {
        gid
        key {
          time
          tiebreaker
        }
        message {
          ... on InfraLogMessageFieldSegment {
            field
            value
          }
          ... on InfraLogMessageConstantSegment {
            constant
          }
        }
      }
    }
  }
}

New InfraLogEntriesDomain lib

InfraLogEntriesDomain is a domain lib, that provides methods to retrieve log entries given a source id, time information, filters and highlights. In the Kibana server it is currently backed by the InfraKibanaLogEntriesAdapter, which retrieves events from the Elasticsearch cluster that the Kibana instance belongs to.

Built-in message formatting

The domain lib mentioned above comes with a set of built-in rules to derive a message from a few message document types:

  • system.syslog.message as produced by the filebeat system module
  • system.auth.message as produced by the filebeat system module
  • message as produced by plain filebeat
  • @message as produced by popular logstash configurations

This list of rules will be expanded and made extensible by the user. The rules are currently specified in a small declarative DSL as described in #21204 and compiled at runtime to a composite javascript formatting function.

Testing

For manually testing the new queries the GraphiQL interface at /api/infra/graphql/graphiql can be used.

@weltenwort weltenwort added WIP Work in progress :Ingest UI Feature:Metrics UI Metrics UI feature labels Jul 26, 2018
@weltenwort weltenwort self-assigned this Jul 26, 2018
@elasticmachine
Copy link
Contributor

💔 Build Failed

@elasticmachine
Copy link
Contributor

💔 Build Failed

@elasticmachine
Copy link
Contributor

💔 Build Failed

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@weltenwort weltenwort force-pushed the infra-ui-enhancement-graphql-logentry-api branch from 958cc9d to 2b4981c Compare July 30, 2018 14:25
@weltenwort weltenwort mentioned this pull request Jul 30, 2018
Closed
5 tasks
@weltenwort weltenwort changed the title [Infra UI] [WIP] Add graphql query to retrieve log entries from a configured source [Infra UI] Add graphql query to retrieve log entries from a configured source Jul 30, 2018
@weltenwort weltenwort added review and removed WIP Work in progress labels Jul 30, 2018
@weltenwort weltenwort requested a review from skh July 30, 2018 16:17
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@simianhacker simianhacker mentioned this pull request Jul 30, 2018
Closed
5 tasks
@weltenwort
Copy link
Member Author

@skh while implementing the follow-up that uses the api I came up with a structure for the query type that is better suited for the way it is going to be used. Hope that doesn't throw your review off - the change quite superficial 😇

I combined logEntriesBefore and logEntriesAfter into logEntriesAround, because on the initial load and after jumping, both will be queried in tandem anyway. The old queries can still be emulated by setting countBefore or countAfter to 0 (or leaving them out).

@elasticmachine
Copy link
Contributor

💔 Build Failed

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@weltenwort weltenwort mentioned this pull request Aug 6, 2018
Merged
7 tasks
@weltenwort weltenwort force-pushed the infra-ui-enhancement-graphql-logentry-api branch from 258fae0 to a184527 Compare August 9, 2018 16:59
@weltenwort weltenwort added the loe:large Large Level of Effort label Aug 9, 2018
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@weltenwort weltenwort mentioned this pull request Aug 9, 2018
Merged
skh
skh approved these changes Aug 10, 2018
View reviewed changes
Copy link
Contributor

@skh skh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can confirm the example queries work and the data returned looks good to me, 👍 from me.

@weltenwort
Copy link
Member Author

I'll wait for #21871 to be merged so I can resolve the conflicts in the generated types here.

@weltenwort weltenwort force-pushed the infra-ui-enhancement-graphql-logentry-api branch from a184527 to 514137f Compare August 15, 2018 16:12
@elasticmachine
Copy link
Contributor

💔 Build Failed

@weltenwort
Copy link
Member Author

looks like an unrelated error in the region map tests again

@weltenwort weltenwort merged commit 554603d into elastic:feature-infra-ui Aug 15, 2018
@weltenwort weltenwort mentioned this pull request Aug 16, 2018
Merged
weltenwort added a commit that referenced this pull request Aug 21, 2018
@weltenwort
[Infra UI] Remove unused code after logentry graphql migration (#22079)
d050e88 
This removes unused code left over after the migration of the log entry api to GraphQL in #21306 and #21706.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skh skh skh approved these changes

Assignees

@weltenwort weltenwort

Labels
Feature:Metrics UI Metrics UI feature loe:large Large Level of Effort review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@weltenwort @elasticmachine @skh