[Logs UI] HTTP API for log entries #53798
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
afgomez
added
Feature:Logs UI
|
Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui) |
💚 Build SucceededTo update your PR or re-run it, just comment with: |
💔 Build FailedTo update your PR or re-run it, just comment with: |
Zacqary
requested changes
Dec 27, 2019
x-pack/legacy/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts
Outdated
Show resolved
Hide resolved
| return hits.map(hit => { | ||
| const logFields = fields.reduce<{ [fieldName: string]: JsonValue }>( | ||
| (flattenedFields, field) => { | ||
| if (has(field, hit._source)) { |
There was a problem hiding this comment.
Hard to understand at a glance that hit._source is an object.path.like.this. Anything you can do with type definitions to make this more obvious? Or maybe just add a comment
There was a problem hiding this comment.
I hear you, but I don't want to dedicate much time to this function. It will go away in a separate PR.
Right now the API is handled in three files
lib/adapters/kibana_log_entries_adapter, which connects with Elasticsearch.lib/domains/log_entries_domain, which connects the adapter with the route files- The route file.
This function in the adapter takes the ES response and transforms it onto a LogEntryDocument, an intermediate format for the domain that then gets transformed again in the route.
I had a chat with @weltenwort and @Kerry350 a couple of weeks ago about how this code was organised, and the conclusion was to merge the domain and the adapter files into one. Once we do that we don't need an intermediate format anymore and this function will go away.
I will take your comment into account when I join the two files in one. I agree with you that it's not clear straight away what is in _source. I guess there's some documentation somewhere of how filebeat stores the log metadata in ES. We could just add a comment with a link to it.
| ); | ||
|
|
||
| return { | ||
| gid: hit._id, |
There was a problem hiding this comment.
With the above comment in mind, this whole function might be easier to follow if you destructure the hit at the beginning
const { _id: gid, _source: fieldName, sort: [time, tiebreaker] }There was a problem hiding this comment.
See previous comment :)
x-pack/legacy/plugins/infra/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts
Outdated
Show resolved
Hide resolved
💚 Build SucceededTo update your PR or re-run it, just comment with: |
We will move the responsibility to parse the dates to the client. The API will only take timestamps
Allows consumers of the API to get log items around a certain cursor
This makes easier to test the pagination. By default it returns a 200 size page.
Co-Authored-By: Zacqary Adam Xeper <Zacqary@users.noreply.github.com>
afgomez
force-pushed
the
51047-log-entries-http-api
branch
from
911dac2
to
d04f15e
Compare
💔 Build FailedTo update your PR or re-run it, just comment with: |
💚 Build SucceededTo update your PR or re-run it, just comment with: |
💔 Build FailedTo update your PR or re-run it, just comment with: |
💔 Build FailedTo update your PR or re-run it, just comment with: |
Zacqary
approved these changes
Jan 2, 2020
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jan 6, 2020
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798)
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jan 6, 2020
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793)
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jan 6, 2020
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793) [SR] Enable component integration tests (elastic#53893)
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jan 6, 2020
…nsole-dependencies * 'master' of github.com:elastic/kibana: (33 commits) adds strict types to Alerting Client (elastic#53821) [Dashboard] Empty screen redesign (elastic#53681) Migrate config deprecations and `ShieldUser` functionality to the New Platform (elastic#53768) increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793) [SR] Enable component integration tests (elastic#53893) Move index patterns: src/legacy/core_plugins/data 👉 src/plugins/data (elastic#53794) moved Task Manager server code under "server" directory (elastic#53777) Rename `/api/security/oidc` to `/api/security/oidc/callback`. (elastic#53886) ... # Conflicts: # yarn.lock
afgomez
pushed a commit
to afgomez/kibana
that referenced
this pull request
Jan 6, 2020
* Scaffold `log_entries/entries` route * Scaffold a log entry response * Add `after` pagination * Add `before` pagination * Process `query` parameter * Use pre-existing structure for the columns * Change type of date ranges We will move the responsibility to parse the dates to the client. The API will only take timestamps * Add `center` parameter Allows consumers of the API to get log items around a certain cursor * Change default page size * Test the defaults of the API * Add optional `size` parameter This makes easier to test the pagination. By default it returns a 200 size page. * Test the pagination * Test centering around a point * Handle `0` sizes Co-Authored-By: Zacqary Adam Xeper <Zacqary@users.noreply.github.com> * Add highlights endpoint * Refactor `processCursor` * Tweak cursor handling in the routes * Refine `LogEntry` type * Add tests for highlights endpoint * Tweak the types for the LogEntry Co-authored-by: Zacqary Adam Xeper <Zacqary@users.noreply.github.com>
Merged
afgomez
pushed a commit
that referenced
this pull request
Jan 7, 2020
* [Logs UI] HTTP API for log entries (#53798) * Scaffold `log_entries/entries` route * Scaffold a log entry response * Add `after` pagination * Add `before` pagination * Process `query` parameter * Use pre-existing structure for the columns * Change type of date ranges We will move the responsibility to parse the dates to the client. The API will only take timestamps * Add `center` parameter Allows consumers of the API to get log items around a certain cursor * Change default page size * Test the defaults of the API * Add optional `size` parameter This makes easier to test the pagination. By default it returns a 200 size page. * Test the pagination * Test centering around a point * Handle `0` sizes Co-Authored-By: Zacqary Adam Xeper <Zacqary@users.noreply.github.com> * Add highlights endpoint * Refactor `processCursor` * Tweak cursor handling in the routes * Refine `LogEntry` type * Add tests for highlights endpoint * Tweak the types for the LogEntry Co-authored-by: Zacqary Adam Xeper <Zacqary@users.noreply.github.com> * Skip failing test (#54100) ES behaves differently in master and in 7.x, causing the test to fail in the latter. Co-authored-by: Zacqary Adam Xeper <Zacqary@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Part of #51047.
This PR adds (will add) two endpoints:
/log_entries/entriesfor the log entries themselves. They will be used in the log stream view./log_entries/highlightsfor the log entry highlights. They will be used to highlight messages in the log stream view.The API is not used yet, since its interface differs from the GraphQL implementation. The API will be used once we change the UI to allow date ranges.
Examples
Get entries from the top (oldest)
The API has only two mandatory parameters:
startDateandendDate. Both take an epoch in milliseconds.By default the request gives the first page of entries, in ascending order, starting at
startDate.To get the following page: pass the
afterparameter with the value of thebottomCursorGet entries from the bottom (newest)
To get the last entries in the range, the user needs to specify the parameter
beforewith the special value"last".To get the entries before, pass the value of the
topCursorin thebeforeparameter.Get entries around a specific cursor
Sometimes is interesting to get entries with a specific log line in the center. To do so the user must pass a cursor as a
centerparameter. If the user doesn't know the value of thetiebreakerfor a specific line, they must use0. The response will then contain logs around the timestamp.The user then can get the pages before or after using the
topCursorand thebottomCursorof the response.Add a query
All options support a
queryparameter to filter. The value must be the parsed query from the searchbarGet highlights
The
/log_entries/highlightsendpoint takes the same parameters as the/log_entries/entriesendpoint, plus an array of highlight terms. The response is an array with the entries for each highlight term.Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.This was checked for cross-browser compatibility, including a check against IE11Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportDocumentation was added for features that require explanation or tutorials[ ] This was checked for keyboard-only and screenreader accessibility