-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[elasticsearch/logging] Add slowlogs config option. #58086
Comments
Pinging @elastic/kibana-operations (Team:Operations) |
@epixa I don't think we created an issue after our discussion at EAH. Is there anything you want to add here or that needs correction? |
I have nothing to add |
I think there is some overlap here with #57546 (we haven't started work on that yet). In general, I'd just like to see that we're leveraging the new logging config. Maybe this means adding a new layout type for the elasticsearch logging context that is prepopulated with this more detailed information? @restrry any thoughts? |
log4j allows populating logs with custom data with MDC. We use metadata in the POJO format to provide data to the logger. Then we need to render metadata somehow. I'd expect that we ship preconfigured appender for
Another interesting question: how network layer access application layer data? Such as a username, for example. We will have to extend ElasticsearchService/KibanaRequest API, I suppose. |
I've been wondering how easy it would be to attach elasticsearch query logs to every response automatically and automatically harvest those from kfetch/http service/etc on the front end. |
@spalger that's a good idea! In theory, elasticsearch client can attach a request metadata to a response header, and elasticsearch client in the browser can log response metadata in the console. Later, when we have the client-side logging service #33796 we can reuse the same pattern layout on the client. |
Thanks, the thing I like about this approach is that it puts the data in the hands of the user and doesn't require storing it anywhere, so it could be on for certain types of users or always in OSS. |
That's correct, so it sounds like there's some overlap.
|
Current status Migration to the new elasticsearch client is done and logging all queries under stdout
json
Recap from comments
Remaining for this issue, feel free to edit:
Do we want these logged to a separate file? Should slow log settings hold off until #57546 to avoid any configuration conflicts? |
Pinging @elastic/kibana-core (Team:Core) |
For multiple reasons, it's helpful to log the queries to Elasticsearch performed by Kibana. This is often needed for auditing or inspection of slow queries.
Configuration would include an option to only log queries slower than a specified amount of time, producing something similar to slowlog. Setting this to 0, would essentially log everything.
For audit purposes, it's important to associate the query with a user and an action in Kibana (ex: which visualization, health check, task manager). We will need to come up with a solution to provide the ES proxy with this information so it could be included in the logs.
Identify if a query timeout limit was hit. If so, which timeout was responsible? Is it the
elasticsearch.requestTimeout
, ESsearch_timeout
in request body,In 8.0 we intend on packaging Filebeat with the Kibana package. Doing so could allow us to easily ingest this data to enable a UI view like what was described in #51224.
@kobelb and @joshdover wanted to ping you both here to make sure this isn't already being done/tracked anywhere since I could see it overlapping.
The text was updated successfully, but these errors were encountered: