From 4c9a5bdad3ba6e13b6707c80e9d988b4345b7c0e Mon Sep 17 00:00:00 2001 From: Aleksandr Razumov Date: Wed, 29 Nov 2023 20:30:37 +0300 Subject: [PATCH] docs(logs): describe extracted labels --- docs/logs.md | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/docs/logs.md b/docs/logs.md index 046b1934..d70191b5 100644 --- a/docs/logs.md +++ b/docs/logs.md @@ -97,7 +97,7 @@ Log message: "body": "hello world", "trace_id": "cacb16ac5ace52ebe8749114234a8e58", "span_id": "36a431d0481b2744", - "severity": "Info", + "severity": "INFO", "http.duration": 1105000000, "http.duration.seconds": 1.1054, "http.method": "GET", @@ -129,4 +129,26 @@ Log line search: only in body field. Special case for traceID and spanID with additional search in traceID and spanID fields. Labels extraction: handle first `| json |` explicitly, offloading to underlying log storage -where reverse mapping should be executed. \ No newline at end of file +where reverse mapping should be executed. + +Extracted labels after `json`: +``` +body: "hello world" +trace_id="cacb16ac5ace52ebe8749114234a8e58" +span_id="36a431d0481b2744" +severity="INFO" +http_duration=1105000000 +http_duration_seconds=1.1054 +http_method="GET" +http_server=true +http_status_code=200 +http_user_agent=test-agent +``` + +So we can have a query like this: + +``` +{service_name="testService"} ~= `hello world` | json | http_duration > 30s or http_status_code >= 500 +``` + +Which can be translated to efficient ClickHouse query. \ No newline at end of file