Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

populate event.dataset to allow for dedicated partitions in "Log Rate" ML job

See original GitHub issue

The Log Rate component of the Logs UI sets up an ML job to look for anomalies in log rate counts by event.dataset. For logs formatted via ecs-logging-java, that field is not set, so the logs show as “unknown” in the Log Rate UI and are grouped together with all other log sources using ecs-logging-java, which removes the out-of-the-box ability to see if one source has an unusual amount of logs.

Issue Analytics

State:
Created 4 years ago
Comments:13

Top GitHub Comments

1reaction

felixbarnycommented, Feb 12, 2020

Having seen a demo of the log categorization, it seems like ${service.name}.log (for example my-application.log) would be a good default. There should also be a first class citizen configuration for the dataset like this:

    encoder(EcsEncoder) {
        serviceName = "my-service"
        eventDataset = "my-service.logins"
    }

0reactions

mbarrettacommented, Feb 10, 2020

@felixbarny LGTM.

For doc purposes, the groovy config for this (and the encoder) looks like:

    encoder(EcsEncoder) {
        serviceName = "my-service"
        additionalField(EcsEncoder.Pair) {
            key="event.dataset"
            value="my-service"
        }
    }