Skip to content

[Data Forge] Add service.logs dataset as a data stream#188786

Merged
simianhacker merged 4 commits intoelastic:mainfrom
simianhacker:data-forge/service-logs
Jul 23, 2024
Merged

[Data Forge] Add service.logs dataset as a data stream#188786
simianhacker merged 4 commits intoelastic:mainfrom
simianhacker:data-forge/service-logs

Conversation

@simianhacker
Copy link
Copy Markdown
Member

@simianhacker simianhacker commented Jul 19, 2024
edited
Loading

This PR adds the service.logs dataset to Data Forge . The EEM project needs this dataset to test the default service logs entity definition. This dataset is different because I wanted to create a fully compliant data stream. This change also includes changes to the name of the default ingest pipeline to logs@custom to work with the logs-*-* component templates and ingest pipelines. If a document has data_stream.dataset it will now be routed to logs-${doc.data_stream.dataset}-default. If the document has data_stream.type, data_stream.dataset, and data_stream.namespace it will be index to {type}-{dataset}-{namespace} following the default data stream conventions.

Because I've changed the name of the ingest pipeline, I also had to update the index templates for the other datasets.

Testing

Use the following YAML:

---
elasticsearch:
  installKibanaUser: false

kibana:
  installAssets: false
  host: "http://localhost:5601/kibana"

indexing:
  dataset: "service.logs"
  eventsPerCycle: 100
  interval: 10000

schedule:
  - template: "good"
    start: "now-1h"
    end: false
    eventsPerCycle: 100

Click on "Logs" under "Observability", you should see something like:

image

To check the other data source, change dataset to fake_stack, fake_logs, fake_hosts and check event.ingested is set on the documents; none of these show up in the "Logs Explorer", you'll have to check them out seperately via "Dev Console".

@simianhacker
[Data Forge] Add service.logs dataset as a datastream
bc398f9 
This PR adds the `service.logs` dataset to Data Forge. This dataset is
different because I wanted to create a fully compliant data stream. This
change also includes changes to the name of the default ingest pipeline
to `logs@custom` to work with the `logs-*-*` component templates and ingest pipelines. If
a document has `data_stream.dataset` it will now be routed to
`logs-${doc.data_stream.dataset}-default`. If the document has
`data_stream.type`, `data_stream.dataset`, and `data_stream.namespace`
it will be index to `{type}-{dataset}-{namespace}` following the default
data stream conventions.

Because I've changed the name of the ingest pipeline, I also had to
update the index templates for the other datasets.
@obltmachine
Copy link
Copy Markdown

obltmachine commented Jul 19, 2024

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@simianhacker simianhacker marked this pull request as ready for review July 22, 2024 15:40
@simianhacker simianhacker requested a review from a team as a code owner July 22, 2024 15:40
@simianhacker simianhacker added release_note:skip Skip the PR/issue when compiling release notes v8.16.0 labels Jul 22, 2024
@simianhacker
Copy link
Copy Markdown
Member Author

simianhacker commented Jul 22, 2024

@elasticmachine merge upstream

@simianhacker simianhacker enabled auto-merge (squash) July 22, 2024 20:47
@simianhacker simianhacker merged commit cc92c47 into elastic:main Jul 23, 2024
@kibana-ci
Copy link
Copy Markdown

kibana-ci commented Jul 23, 2024

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/data-forge 51 52 +1
Unknown metric groups

API count

id before after diff
@kbn/data-forge 51 52 +1

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@kibanamachine kibanamachine added the backport:skip This PR does not require backporting label Jul 23, 2024
TinLe added a commit to TinLe/kibana that referenced this pull request Jul 30, 2024
@TinLe
Merge branch 'master' into dependabot/npm_and_yarn/express-4.19.2
df656a6 
* master: (3487 commits)
  `BedrockChat` & `GeminiChat` (elastic#186809)
  [ResponseOps] log error when ES Query rules find docs out of time range (elastic#186332)
  skip flaky suite (elastic#188997)
  [Security solution][Alert Details] Enable preview feature flag and cypress tests (elastic#188580)
  [EuiProviders] Warn Developer if EuiProvider is missing (elastic#184608)
  [Security Solution ] Fixes Timeline infinite loading bug (elastic#188943)
  Improve SearchSource SearchRequest type (elastic#186862)
  Deprecate Search Sessions config (elastic#188037)
  [Synthetics] Add missing monitorType and tag info in cards !! (elastic#188824)
  [Console Monaco] Resolve uncaught error from tokenizer (elastic#188746)
  [Data Forge] Add `service.logs` dataset as a  data stream (elastic#188786)
  [Console] Fix failing bulk requests (elastic#188552)
  Update dependency terser to ^5.31.2 (main) (elastic#188528)
  [APM][ECO] Telemetry (elastic#188627)
  [Fleet] Fix uninstall package validation accross space (elastic#188749)
  Update warning on `xpack.fleet.enableExperimental` (elastic#188917)
  [DOCS][Cases] Automate more screenshots for cases (elastic#188697)
  [Fleet] Fix get one agent when feature flag disabled (elastic#188953)
  chore(investigate): Add investigate-app plugin from poc (elastic#188122)
  [Monaco Editor] Add Search functionality (elastic#188337)
  ...
TinLe added a commit to TinLe/kibana that referenced this pull request Jul 30, 2024
@TinLe
Merge branch 'master' into dependabot/npm_and_yarn/pdfjs-dist-4.2.67
8bec40b 
* master: (2400 commits)
  `BedrockChat` & `GeminiChat` (elastic#186809)
  [ResponseOps] log error when ES Query rules find docs out of time range (elastic#186332)
  skip flaky suite (elastic#188997)
  [Security solution][Alert Details] Enable preview feature flag and cypress tests (elastic#188580)
  [EuiProviders] Warn Developer if EuiProvider is missing (elastic#184608)
  [Security Solution ] Fixes Timeline infinite loading bug (elastic#188943)
  Improve SearchSource SearchRequest type (elastic#186862)
  Deprecate Search Sessions config (elastic#188037)
  [Synthetics] Add missing monitorType and tag info in cards !! (elastic#188824)
  [Console Monaco] Resolve uncaught error from tokenizer (elastic#188746)
  [Data Forge] Add `service.logs` dataset as a  data stream (elastic#188786)
  [Console] Fix failing bulk requests (elastic#188552)
  Update dependency terser to ^5.31.2 (main) (elastic#188528)
  [APM][ECO] Telemetry (elastic#188627)
  [Fleet] Fix uninstall package validation accross space (elastic#188749)
  Update warning on `xpack.fleet.enableExperimental` (elastic#188917)
  [DOCS][Cases] Automate more screenshots for cases (elastic#188697)
  [Fleet] Fix get one agent when feature flag disabled (elastic#188953)
  chore(investigate): Add investigate-app plugin from poc (elastic#188122)
  [Monaco Editor] Add Search functionality (elastic#188337)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kdelemme kdelemme kdelemme approved these changes

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes v8.16.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@simianhacker @obltmachine @kibana-ci @kdelemme @kibanamachine @elasticmachine