Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSearch #2580

Merged
merged 20 commits into from
Dec 10, 2024
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
aad5786
opensearch query info
JasonTheMain Jun 25, 2024
fc8ad79
updating date, waiting on production?
JasonTheMain Jul 31, 2024
89ff412
adding reporting
JasonTheMain Aug 1, 2024
4c7bf13
Update date on opensearch
pburkholder Dec 10, 2024
a2691ce
Add redir from old Kibana KB article
pburkholder Dec 10, 2024
acbc56a
Update retention, links to docs, name of logging system
pburkholder Dec 10, 2024
edda695
Fix Redir
pburkholder Dec 10, 2024
1ea11da
Fix malformed head
pburkholder Dec 10, 2024
91ffb1d
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
538297b
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
0e23213
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
5499e24
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
a2e5742
StyleGuide changes, link to field mapping to `main`
pburkholder Dec 10, 2024
2bc5722
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
6faa8ce
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
6c04007
Delete line that confused more than clarified
pburkholder Dec 10, 2024
33238ff
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
e055703
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
348d62c
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
a72690f
Update _kbarticles/2024-12-10-using-opensearch-dashboards.md
pburkholder Dec 10, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added _assets/images/content/dashboard-line.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added _assets/images/content/dashboard-router.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7 changes: 5 additions & 2 deletions _docs/deployment/logs.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ If you receive `Error dialing trafficcontroller server`:

To view and search your logs on the web, including historic log data, visit [https://logs.fr.cloud.gov/](https://logs.fr.cloud.gov/).

Logs are currently retained for 180 days, and you will only see data for applications deployed within the [orgs](http://docs.cloudfoundry.org/concepts/roles.html#orgs) and [spaces](http://docs.cloudfoundry.org/concepts/roles.html#spaces) where you have access.
Logs are currently retained for 365 days for live search (three years offline), and you will only see data for applications deployed within the [orgs](http://docs.cloudfoundry.org/concepts/roles.html#orgs) and [spaces](http://docs.cloudfoundry.org/concepts/roles.html#spaces) where you have access.

After logging in, you'll see the App Overview dashboard.

Expand All @@ -64,7 +64,10 @@ You can also view several dashboards that present different visualizations of yo

!["Select dashboards"]({{site.baseurl}}/assets/images/content/select-dashboard.png)

These visualizations are provided via Kibana, which has a [user guide](https://www.elastic.co/guide/en/kibana/current/index.html) that explains more about how to use it and customize your views.
These visualizations are provided via OpenSearch Dashboards. You can learn more about
OpenSearch in our [Cloud.gov Knowledge Base](https://search.usa.gov/search/docs?affiliate=cloud.gov&dc=9299&query=OpenSearch)
and in the [OpenSearch Dashboards documentation](https://opensearch.org/docs/latest/).


### Structured logging

Expand Down
50 changes: 0 additions & 50 deletions _kbarticles/2022-12-08-common-kibana-searches-on-clouddotgov.md

This file was deleted.

71 changes: 71 additions & 0 deletions _kbarticles/2024-12-10-using-opensearch-dashboards.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
---
layout: post
title: "Understanding Opensearch Dashboards, logging and how to visualize your application logs"
date: December 10, 2024
excerpt: This article briefly explains what opensearch dashboards does, what types of logs are available in Dashboards, creating dashboards, and how to create log visualizations in Dashboards.
redirect_from:
- /knowledge-base/2022-12-08-common-kibana-searches-on-clouddotgov/

---

## What does Dashboard do?
pburkholder marked this conversation as resolved.
Show resolved Hide resolved

Dashboard is a user interface that lets you search and visualize your application logs. Dashboard has a [user guide](https://opensearch.org/docs/latest/dashboards/) that explains more about how to use it and to create custom visualizations.
pburkholder marked this conversation as resolved.
Show resolved Hide resolved

## What are some types of logs?

Cloud Foundry assigns a type to each log message depending on its origin. Application logs are assigned the APP log type. HTTP requests being routed to an app will produce the RTR log type. The various types of logs are listed in the documentation [here](https://docs.cloudfoundry.org/devguide/deploy-apps/streaming-logs.html#format).
pburkholder marked this conversation as resolved.
Show resolved Hide resolved
pburkholder marked this conversation as resolved.
Show resolved Hide resolved

Cloudfoundry logs are often translated into field names in Opensearch/Dashboards using the log type as a prefix. For example, APP logs in Dashboards include fields like `app.name` for the application name.
pburkholder marked this conversation as resolved.
Show resolved Hide resolved

## Querying Logs

Cloudfoundry logs have a few useful fields which will be helpful for querying logs.
Cloudfoundry has 3 fields that can be very helpful to filter down what app logs show up.
@cf.org - The organization, this is applicable to multi-org users
@cf.space - The space in a organization.
@cf.app - The app in a space.
pburkholder marked this conversation as resolved.
Show resolved Hide resolved

For further query
@message - the app specific message attached to the log
@raw - the entire log, useful when looking for cloudfoundry specific values, when looking for app use @message
pburkholder marked this conversation as resolved.
Show resolved Hide resolved

## How to visualize application traffic

Router log data can be used to create a visualization of your application traffic following the steps below.

After you have logged into Dashboard, click "Discover" in the left sidebar menu. Then, add filters(under search bar) and search terms to query for router logs as seen in the screenshot below. Please note that the filters shown here for a specific space and application are just an example. You might want to view logs for all requests to application in a given space, in which case you would not want a filter for `@cf.app`.
pburkholder marked this conversation as resolved.
Show resolved Hide resolved

![Screenshot of Dashboard interface showing a query for router logs for a given CloudFoundry space and application]({{ site.baseurl }}/assets/images/content/dashboard-router.png)

The next step is to visualize your search results based on a specific field. To visualize request logs over time, choose the `@timestamp` field from the left sidebar of "Available fields". Then, click "Visualize".

![Screenshot of Dashboards interface showing the selection of @timestamp as field to use for visualizing request logs]({{ site.baseurl }}/assets/images/content/opensearch-timestamp.png)

By default, visualizing logs based on `@timestamp` will produce a histogram chart. To change the chart type to line, which might be more useful for this type of data, click the "Metrics & axes" link in the chart configuration panel on the right side of the screen. Then, under "Metrics" and "Count", select "Line" from the "Chart type" drop-down. Finally, click the "Update" button at the bottom right of the screen and the chart should update to a line chart.

![Screenshot of Dashboards visualization interface showing a line chart of requests over time with a panel for chart configuration options visible on the right side of the screen. In the chart configuration options, "line" is selected as the chart type]({{ site.baseurl }}/assets/images/content/dashboard-line.png)

## Fields for router requests

Listed below are the explanations of some field names for router (RTR) logs:

- **rtr.app.id**: The application guid
- **rtr.hostname**: The domain/hostname the request was sent to (e.g test.app.cloud.gov)
- **rtr.http_user_agent**: What user agent the request came from (Chrome, Firefox, Curl, etc…)
- **rtr.path**: The specific url path that was requested (e.g. /my/test/page)
- **rtr.status**: Gives the status of the request (200, 404, etc…)
- **rtr.verb**: The type of request (POST, GET, etc...)
- **rtr.x_forwarded_for**: The IP address the request came from
- **rtr.timestamp**: The time of the request in UTC

The full list of fields available for router logs can be found in [our Opensearch field mapping configuration](https://github.com/cloud-gov/opensearch-boshrelease/blob/5100229e391237f4a41df023338a247c55276ee8/jobs/opensearch_templates/templates/component-index-mappings-app.json.erb#L44).

## Generate report of logs.

Opensearch allows for [generating a report](https://opensearch.org/docs/latest/reporting/report-dashboard-index/) from a saved search. This is done by choosing a search and clicking the **Reporting** menu option.

![Screenshot of Dashboards interface showing the selection of ]({{ site.baseurl }}/assets/images/content/opensearch-reporting.png)

> Reports have a non-configurable 10,000 row limit. They have no explicit size limit (for example, MB),
pburkholder marked this conversation as resolved.
Show resolved Hide resolved
> but extremely large documents could cause report generation to fail with an out of memory error from the V8 JavaScript engine
pburkholder marked this conversation as resolved.
Show resolved Hide resolved
Loading