Page MenuHomePhabricator
Create Task
Maniphest T217162

The api-feature-usage log channel should use log context instead of parsing a string
Closed, ResolvedPublic
Actions

Description

Currently we log a formatted string from ApiBase, and then parse it in logstash's config. I suspect it'd be more straightforward to have ApiBase use the log context to send that data in a structured format to logstash.

  • 1. ??? (Any preliminary changes needed?)
  • 2. Have ApiBase start including log context with the message.
  • 3. ??? (Something in the logstash config?)

Details

SubjectRepoBranchLines +/-
Logstash: Use log context for the api-feature-usage channeloperations/puppetproduction+5 -41
API: Use log context for api-feature-usage logmediawiki/coremaster+21 -6
Customize query in gerrit

Event Timeline

Anomie created this task.Feb 26 2019, 6:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 26 2019, 6:26 PM
Anomie added a subscriber: bd808.Feb 26 2019, 6:27 PM

@bd808: Any idea what goes in the "???" in the checklist? I ask you because you made the mistake of doing the logging a few years ago ;)

bd808 added a comment.Feb 26 2019, 11:36 PM

Maybe something like this?

  1. Have ApiBase start including log context with the message
    1. feature
    2. username (url decoded)
    3. ip
    4. referer
    5. agent
  2. Update the if [channel] == "api-feature-usage" {...} config in filter-mediawiki.conf to use the structured data from the context rather than grok-parsing the human readable message string
fgiunchedi awarded a token.Feb 27 2019, 3:32 PM
Anomie added a comment.Feb 27 2019, 4:42 PM
In T217162#4986758, @bd808 wrote:
  1. Update the if [channel] == "api-feature-usage" {...} config in filter-mediawiki.conf to use the structured data from the context rather than grok-parsing the human readable message string

Is there an example of some other channel already doing that that I can look at?

bd808 added a comment.Feb 27 2019, 7:30 PM
In T217162#4988444, @Anomie wrote:

Is there an example of some other channel already doing that that I can look at?

I'm not seeing an obvious analog channel. I think a diff similar to this might be the right approach:

modules/profile/files/logstash/filter-mediawiki.conf.diff
diff --git i/modules/profile/files/logstash/filter-mediawiki.conf w/modules/profile/files/logstash/filter-mediawiki.conf
index 31b3e703c0..9bdaaa340f 100644
--- i/modules/profile/files/logstash/filter-mediawiki.conf
+++ w/modules/profile/files/logstash/filter-mediawiki.conf
@@ -60,45 +60,9 @@ filter {
     } # end [channel] == "exception-json"

     if [channel] == "api-feature-usage" {
-      grok {
-        match => [
-          "message",
-          "^(?m)%{QS:feature} %{QS:username} %{QS:ip} %{QS:referer} %{QS:agent}$"
-        ]
-        named_captures_only => true
-      }
-
-      if !("_grokparsefailure" in [tags]) {
-        # Unquote ('"foo \"bar\""' to 'foo "bar"')
-        mutate {
-          # Strip outer quotes
-          gsub => [
-              "feature",  '^"|"$', "",
-              "username", '^"|"$', "",
-              "ip",       '^"|"$', "",
-              "referer",  '^"|"$', "",
-              "agent",    '^"|"$', ""
-          ]
-        }
-        mutate {
-          # Strip backslash escape characters
-          gsub => [
-              "feature",  '\\(.)', '\1',
-              "username", '\\(.)', '\1',
-              "ip",       '\\(.)', '\1',
-              "referer",  '\\(.)', '\1',
-              "agent",    '\\(.)', '\1'
-          ]
-        }
-
         mutate {
           replace => [ "message", "%{feature}" ]
         }
-
-        urldecode {
-          field => "username"
-        }
-
         useragent {
           source => "agent"
           prefix => "ua_"

This diff is removing all of the raw message parsing and post parsing string manipulations. It assumes that the incoming structured log event includes the feature, username, ip, referer, and agent fields that were previously being extracted from the human readable message field.

Anomie added a comment.Feb 27 2019, 7:52 PM

I was hoping it would be that simple, that the variables set in the context would just automatically be present without any magic on the logstash end. Thanks!

gerritbot subscribed.Feb 27 2019, 9:04 PM

Change 493322 had a related patch set uploaded (by Anomie; owner: Anomie):
[mediawiki/core@master] API: Use log context for api-feature-usage log

https://gerrit.wikimedia.org/r/493322

gerritbot added a project: Patch-For-Review.Feb 27 2019, 9:04 PM

Change 493323 had a related patch set uploaded (by Anomie; owner: Anomie):
[operations/puppet@production] Logstash: Use log context for the api-feature-usage channel

https://gerrit.wikimedia.org/r/493323

Anomie moved this task from Needs details or plan to Needs Review on the MediaWiki-Action-API board.Feb 27 2019, 9:07 PM
Anomie added a project: Platform Team Workboards (Waiting for Review).
gerritbot added a comment.Feb 27 2019, 10:43 PM

Change 493322 merged by jenkins-bot:
[mediawiki/core@master] API: Use log context for api-feature-usage log

https://gerrit.wikimedia.org/r/493322

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.20; 2019-03-05).Mar 5 2019, 12:01 PM
WDoranWMF subscribed.Jul 5 2019, 4:34 PM

@Anomie Who do we need to sync up with to get review for this? https://gerrit.wikimedia.org/r/493323 has a +1 but who can +2 it?

WDoranWMF moved this task from Waiting for Review to Clinic Duty Team on the Platform Team Workboards board.Jul 5 2019, 4:34 PM
WDoranWMF edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Team Workboards (Waiting for Review).
fgiunchedi moved this task from Backlog to Up next on the Wikimedia-Logstash board.Jul 8 2019, 9:03 AM
fgiunchedi subscribed.
In T217162#5309375, @WDoranWMF wrote:

@Anomie Who do we need to sync up with to get review for this? https://gerrit.wikimedia.org/r/493323 has a +1 but who can +2 it?

That'd be me for example (one of the folks working on Wikimedia-Logstash / observability) and the review completely fell off the radar! I'll bring it up today at the observability meeting.

WDoranWMF added a comment.Jul 8 2019, 1:55 PM

@fgiunchedi Wonderful, thank you so much!

fgiunchedi added a project: observability.Jul 8 2019, 2:04 PM
fgiunchedi moved this task from Inbox to Up next on the observability board.
fgiunchedi added a project: User-fgiunchedi.Jul 9 2019, 8:49 AM
fgiunchedi moved this task from Backlog to Doing on the User-fgiunchedi board.Jul 16 2019, 10:31 AM
gerritbot added a comment.Jul 18 2019, 1:39 PM

Change 493323 had a related patch set uploaded (by Filippo Giunchedi; owner: Anomie):
[operations/puppet@production] Logstash: Use log context for the api-feature-usage channel

https://gerrit.wikimedia.org/r/493323

gerritbot added a comment.Jul 18 2019, 1:40 PM

Change 493323 merged by Filippo Giunchedi:
[operations/puppet@production] Logstash: Use log context for the api-feature-usage channel

https://gerrit.wikimedia.org/r/493323

WDoranWMF edited projects, added Platform Engineering (Needs Cleaning - Code Health (TEC13)); removed Platform Team Workboards (Clinic Duty Team).Jul 18 2019, 5:11 PM
fgiunchedi removed a project: User-fgiunchedi.Jul 19 2019, 9:28 AM
Anomie closed this task as Resolved.Jul 19 2019, 1:31 PM
Anomie claimed this task.
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:38 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL