Page MenuHomePhabricator
Create Task
Maniphest T383448

Function Evaluator log data loss due to ECS nonconforming fields
Closed, ResolvedPublic
Actions

Description

Uncovered while working on T382105: Increase in Logstash warning logs

function-evaluator-javascript-evaluator
{
  "@timestamp": "2025-01-10T21:42:16.231Z",
  "ecs.version": "8.10.0",
  "log.level": "info",
  "message": "Incoming evaluator request",
  "request": {                                          <-- Must be nested inside a "http" hash or dot-delimited e.g. "http.request"  https://doc.wikimedia.org/ecs/#ecs-http
    "headers": {
      "user-agent": "kube-probe/1.23",
      "x-request-id": "258db3fa-d55c-4d72-a76d-8f93f944f9e2"
    },
    "method": "GET",
    "params": {
      "0": "/_info"
    },
    "query": {},
    "remoteAddress": "10.64.0.105",
    "remotePort": 44150,
    "url": "/_info"
  },
  "requestId": "258db3fa-d55c-4d72-a76d-8f93f944f9e2",   <-- Only need one of these and should be part of http hash e.g. "http.request.id" https://doc.wikimedia.org/ecs/#field-http-request-id
  "request_id": "258db3fa-d55c-4d72-a76d-8f93f944f9e2",
  "service": "function-evaluator"                        <-- Service must be a hash, e.g. "service.name"  https://doc.wikimedia.org/ecs/#field-service-name
}
function-evaluator-python-evaluator
{
  "@timestamp": "2025-01-10T21:31:29.435Z",
  "ecs.version": "8.10.0",
  "log.level": "info",
  "message": "Incoming evaluator request",
  "request": {
    "headers": {                                          <-- Must be nested inside a "http" hash or dot-delimited e.g. "http.request" https://doc.wikimedia.org/ecs/#ecs-http
      "user-agent": "kube-probe/1.23",
      "x-request-id": "b3059da9-be9a-47c5-be35-eda150f0227f"
    },
    "method": "GET",
    "params": {
      "0": "/_info"
    },
    "query": {},
    "remoteAddress": "10.64.32.110",
    "remotePort": 55134,
    "url": "/_info"
  },
  "requestId": "b3059da9-be9a-47c5-be35-eda150f0227f",   <-- Only need one of these and should be part of http hash e.g. "http.request.id" https://doc.wikimedia.org/ecs/#field-http-request-id
  "request_id": "b3059da9-be9a-47c5-be35-eda150f0227f",
  "service": "function-evaluator"                        <-- Service must be a hash, e.g. "service.name"  https://doc.wikimedia.org/ecs/#field-service-name
}

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
wikifunctions: Upgrade evaluators from 2025-02-19-135838 to 2025-02-20-142923operations/deployment-chartsmaster+2 -2
wikifunctions: Upgrade orchestrator from 2025-02-19-134350 to 2025-02-20-140756operations/deployment-chartsmaster+1 -1
wikifunctions: Upgrade evaluators from 2025-01-22-212306 to 2025-01-29-140344operations/deployment-chartsmaster+2 -2
wikifunctions: Upgrade orchestrator from 2025-01-22-203140 to 2025-01-28-144249operations/deployment-chartsmaster+1 -1
wikifunctions: Upgrade orchestrator from version: 2025-01-22-203140 to 2025-01-28-144249operations/deployment-chartsmaster+1 -1
wikifunctions: Upgrade evaluators from 2025-01-08-143723 to 2025-01-22-212306operations/deployment-chartsmaster+2 -2
Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
Fix requestId logging for logs with no request objectrepos/data-engineering/service-utils!9tchinfix-request-idmain
build: Upgrade service-utils from 1.2.1 to 1.2.2repos/abstract-wiki/wikifunctions/function-orchestrator!276jforresterservice-utils-1.2.2main
build: Upgrade service-utils from 1.2.1 to 1.2.2repos/abstract-wiki/wikifunctions/function-evaluator!305jforresterservice-utils-1.2.2main
Upgrade service-utils from v1.0.1 to v1.2.1repos/abstract-wiki/wikifunctions/function-evaluator!299jforresterservice-utils-1.2.0main
Customize query in GitLab

Revisions and Commits

rMSFE mediawiki-services-function-evaluator
rMSFE7cdd6db08810 upgrade service-utils for request-id fix

Related Objects

Event Timeline

colewhite created this task.Jan 10 2025, 10:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 10 2025, 10:11 PM
colewhite added a project: function-evaluator.Jan 10 2025, 10:12 PM
colewhite updated the task description. (Show Details)
Maintenance_bot added a project: Abstract Wikipedia team.Jan 10 2025, 10:30 PM
Jdforrester-WMF triaged this task as High priority.Jan 15 2025, 5:37 PM
Jdforrester-WMF subscribed.

This might be a bug in service-utils, which is I think what's controlling the log structure. To investigate.

Jdforrester-WMF moved this task from To Triage to 25Q3 (Jan–Mar) on the Abstract Wikipedia team board.Jan 15 2025, 5:37 PM
Jdforrester-WMF edited projects, added Abstract Wikipedia team (25Q3 (Jan–Mar)); removed Abstract Wikipedia team.
Jdforrester-WMF moved this task from Incoming to Essential work on the Abstract Wikipedia team (25Q3 (Jan–Mar)) board.Jan 15 2025, 5:53 PM
Jdforrester-WMF added a subscriber: ecarg.

CC @ecarg especially.

ecarg added a comment.Jan 16 2025, 4:56 AM

Thank you, looking into this

ecarg changed the task status from Open to In Progress.Jan 17 2025, 3:28 AM
ecarg added a comment.EditedJan 17 2025, 3:47 AM

notes:

  • one of the last occurrences of a 'normal' log and then goes silent once the clock turns 11/30
  • yesterday, above was true; but revisiting the same date range today (1/17), the shift is now from 11/19-11/20, just as in the orchestrator (why is this?!?!) log event
  • interesting that this can also be seen in the orchestrator but a couple days prior from 11/19-20 ticket for that issue
  • when the evaluator events were coming through, we see different 'host's firing the same log: mw1421, parse2020, kubestage1004, wikikube-worker2032 (attachment in next comment block)
  • whereas, when that stops/thing aren't 'working' we only see the generic stuff from kubestage2002
ecarg added a comment.Jan 17 2025, 8:15 PM

Screenshot 2025-01-17 at 12.12.17 PM.png (786×2 px, 345 KB)

ecarg added a comment.Jan 17 2025, 9:02 PM
This comment was removed by ecarg.
ecarg added a comment.EditedJan 17 2025, 9:39 PM

Hi @colewhite would you be able to provide a link or snapshot from LogStash of these particular events or similar? I'm having difficulty trying to find these specific events even when filtering with the given request-id and timestamps; the thing is, when I'm looking at kubernetes.namespace_name: wikifunctions I can't find that request-id at all, it's only when I have all filters off do I find a bunch of events (with that request-id) but have yet to find these occurrences. I'm trying to rule out some things but it would be super helpful bc log structure varies depending on where the event is coming from and its host! Thanks a lot!

colewhite added a comment.EditedJan 17 2025, 10:10 PM
In T383448#10472714, @ecarg wrote:

Hi @colewhite would you be able to provide a link or snapshot from LogStash of these particular events or similar? I'm having difficulty trying to find these specific events even when filtering with the given request-id and timestamps; the thing is, when I'm looking at kubernetes.namespace_name: wikifunctions I can't find that request-id at all, it's only when I have all filters off do I find a bunch of events (with that request-id) but have yet to find these occurrences. I'm trying to rule out some things but it would be super helpful bc log structure varies depending on where the event is coming from and its host! Thanks a lot!

These particular events are going to be near impossible to find because the useful attributes, (request id, etc) are dropped due to the problem described by this bug report.

Here is a page showing recent events in the affected log stream: https://logstash.wikimedia.org/goto/918c58bc408d126bbf640ef5af989aa9

CodeReviewBot added a project: Patch-For-Review.Jan 22 2025, 4:43 AM

tchin opened https://gitlab.wikimedia.org/repos/data-engineering/service-utils/-/merge_requests/6

Add Winston formatter to conform to ECS structure

tchin subscribed.Jan 22 2025, 4:52 AM
CodeReviewBot added a comment.Jan 22 2025, 2:24 PM

tchin merged https://gitlab.wikimedia.org/repos/data-engineering/service-utils/-/merge_requests/6

Add Winston formatter to conform to ECS structure

Maintenance_bot removed a project: Patch-For-Review.Jan 22 2025, 2:31 PM
CodeReviewBot added a comment.Jan 22 2025, 2:40 PM

jforrester updated https://gitlab.wikimedia.org/repos/abstract-wiki/wikifunctions/function-evaluator/-/merge_requests/299

Upgrade service-utils from v1.0.1 to v1.2.1

CodeReviewBot added a comment.Jan 22 2025, 8:58 PM

ecarg merged https://gitlab.wikimedia.org/repos/abstract-wiki/wikifunctions/function-evaluator/-/merge_requests/299

Upgrade service-utils from v1.0.1 to v1.2.1

gerritbot added a comment.Jan 22 2025, 9:54 PM

Change #1113572 had a related patch set uploaded (by Jforrester; author: Jforrester):

[operations/deployment-charts@master] wikifunctions: Upgrade evaluators from 2025-01-08-143723 to 2025-01-22-212306

https://gerrit.wikimedia.org/r/1113572

gerritbot added a project: Patch-For-Review.Jan 22 2025, 9:54 PM
gerritbot added a comment.Jan 22 2025, 10:19 PM

Change #1113572 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Upgrade evaluators from 2025-01-08-143723 to 2025-01-22-212306

https://gerrit.wikimedia.org/r/1113572

Jdforrester-WMF moved this task from Essential work to Needs Sign-off on the Abstract Wikipedia team (25Q3 (Jan–Mar)) board.Jan 22 2025, 10:30 PM

Did this deploy solve it?

colewhite added a comment.Jan 23 2025, 2:05 AM
In T383448#10486818, @Jdforrester-WMF wrote:

Did this deploy solve it?

It looks like it solved most of it!

There are some misplaced http.request fields making it through:

  • http.request.params.0 looks like url.path
  • http.request.remoteAddress looks like source.ip
  • http.request.remotePort looks like source.port
  • http.request.url looks like url.full
Ahoelzl assigned this task to tchin.Jan 24 2025, 6:29 PM
Ahoelzl added a project: Data-Engineering (Q3 2025 January 1st - March 31th).
Ahoelzl moved this task from Next Up to In progress on the Data-Engineering (Q3 2025 January 1st - March 31th) board.
CodeReviewBot added a comment.Jan 24 2025, 7:08 PM

tchin opened https://gitlab.wikimedia.org/repos/data-engineering/service-utils/-/merge_requests/8

Adapt more ecs fields from legacy service-template-node req logging

CodeReviewBot added a comment.Jan 27 2025, 10:16 AM

tchin merged https://gitlab.wikimedia.org/repos/data-engineering/service-utils/-/merge_requests/8

Adapt more ecs fields from legacy service-template-node req logging

CodeReviewBot added a comment.Jan 27 2025, 2:29 PM

jforrester opened https://gitlab.wikimedia.org/repos/abstract-wiki/wikifunctions/function-evaluator/-/merge_requests/305

build: Upgrade service-utils from 1.2.1 to 1.2.2

CodeReviewBot added a comment.Jan 27 2025, 2:29 PM

jforrester opened https://gitlab.wikimedia.org/repos/abstract-wiki/wikifunctions/function-orchestrator/-/merge_requests/276

build: Upgrade service-utils from 1.2.1 to 1.2.2

CodeReviewBot added a comment.Jan 27 2025, 7:35 PM

ecarg merged https://gitlab.wikimedia.org/repos/abstract-wiki/wikifunctions/function-orchestrator/-/merge_requests/276

build: Upgrade service-utils from 1.2.1 to 1.2.2

CodeReviewBot added a comment.Jan 27 2025, 10:05 PM

ecarg merged https://gitlab.wikimedia.org/repos/abstract-wiki/wikifunctions/function-evaluator/-/merge_requests/305

build: Upgrade service-utils from 1.2.1 to 1.2.2

gerritbot added a comment.Jan 29 2025, 2:28 PM

Change #1115028 had a related patch set uploaded (by Jforrester; author: Jforrester):

[operations/deployment-charts@master] wikifunctions: Upgrade orchestrator from 2025-01-22-203140 to 2025-01-28-144249

https://gerrit.wikimedia.org/r/1115028

gerritbot added a comment.Jan 29 2025, 2:28 PM

Change #1115029 had a related patch set uploaded (by Jforrester; author: Jforrester):

[operations/deployment-charts@master] wikifunctions: Upgrade evaluators from 2025-01-22-212306 to 2025-01-29-140344

https://gerrit.wikimedia.org/r/1115029

gerritbot added a comment.Jan 29 2025, 2:33 PM

Change #1115032 had a related patch set uploaded (by Cory Massaro; author: Cory Massaro):

[operations/deployment-charts@master] wikifunctions: Upgrade orchestrator from version: 2025-01-22-203140 to 2025-01-28-144249

https://gerrit.wikimedia.org/r/1115032

gerritbot added a comment.Jan 29 2025, 2:36 PM

Change #1115032 abandoned by Cory Massaro:

[operations/deployment-charts@master] wikifunctions: Upgrade orchestrator from version: 2025-01-22-203140 to 2025-01-28-144249

Reason:

already done

https://gerrit.wikimedia.org/r/1115032

gerritbot added a comment.Jan 29 2025, 3:05 PM

Change #1115028 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Upgrade orchestrator from 2025-01-22-203140 to 2025-01-28-144249

https://gerrit.wikimedia.org/r/1115028

gerritbot added a comment.Jan 29 2025, 3:15 PM

Change #1115029 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Upgrade evaluators from 2025-01-22-212306 to 2025-01-29-140344

https://gerrit.wikimedia.org/r/1115029

ecarg added a comment.Jan 30 2025, 6:12 AM

I can see our logs coming through now, is this issue resolved from SRE end?

cc: @colewhite

colewhite closed this task as Resolved.Jan 31 2025, 12:24 AM

LGTM! Thank you!

ecarg added a comment.Jan 31 2025, 12:28 AM

Thank you! And @tchin for the utils updates!

CodeReviewBot added a comment.Feb 19 2025, 8:58 PM

tchin opened https://gitlab.wikimedia.org/repos/data-engineering/service-utils/-/merge_requests/9

Fix requestId logging for logs with no request object

CodeReviewBot added a comment.Feb 19 2025, 9:11 PM

tchin merged https://gitlab.wikimedia.org/repos/data-engineering/service-utils/-/merge_requests/9

Fix requestId logging for logs with no request object

gerritbot added a comment.Feb 20 2025, 3:05 PM

Change #1121380 had a related patch set uploaded (by Jforrester; author: Jforrester):

[operations/deployment-charts@master] wikifunctions: Upgrade orchestrator from 2025-02-19-134350 to 2025-02-20-140756

https://gerrit.wikimedia.org/r/1121380

gerritbot added a comment.Feb 20 2025, 3:05 PM

Change #1121381 had a related patch set uploaded (by Jforrester; author: Jforrester):

[operations/deployment-charts@master] wikifunctions: Upgrade evaluators from 2025-02-19-135838 to 2025-02-20-142923

https://gerrit.wikimedia.org/r/1121381

Ahoelzl moved this task from In progress to Done on the Data-Engineering (Q3 2025 January 1st - March 31th) board.Feb 20 2025, 6:23 PM
gerritbot added a comment.Feb 20 2025, 7:48 PM

Change #1121380 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Upgrade orchestrator from 2025-02-19-134350 to 2025-02-20-140756

https://gerrit.wikimedia.org/r/1121380

gerritbot added a comment.Feb 20 2025, 7:56 PM

Change #1121381 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Upgrade evaluators from 2025-02-19-135838 to 2025-02-20-142923

https://gerrit.wikimedia.org/r/1121381

tchin mentioned this in T386972: WF service logging seems to be partially missing.Feb 20 2025, 10:59 PM
ecarg mentioned this in rMSFE6a86cc9e5cec: Upgrade service-utils from v1.0.1 to v1.2.1.Oct 3 2025, 9:43 AM
ecarg mentioned this in rMSFE31bc0e7d2d51: build: Upgrade service-utils from 1.2.1 to 1.2.2.
Jdforrester-WMF added a commit: rMSFE7cdd6db08810: upgrade service-utils for request-id fix.Oct 3 2025, 9:43 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits