Add logs support to events intake API

[lahsivjar]

Motivation/summary

Adds support for log event type to the intake API.

Checklist

• Update CHANGELOG.asciidoc
  - [ ] Update package changelog.yml (only if changes to apmpackage have been made)
  - [ ] Documentation has been updated

How to test these changes

1. Create a request body for the log event type:

   {"metadata": {"user": {"domain": "ldap://abc", "id": "123", "email": "[email protected]", "username": "john"}, "process": {"ppid": 6789, "pid": 1234,"argv": ["node", "server.js"], "title": "node"}, "system": {"platform": "darwin", "hostname": "prod1.example.com", "architecture": "x64", "container": {"id": "container-id"}, "kubernetes": {"namespace": "namespace1", "pod": {"uid": "pod-uid", "name": "pod-name"}, "node": {"name": "node-name"}}}, "labels": {"tag1": "label1"}, "service": {"name": "testsvc", "language": {"version": "8", "name": "ecmascript"}, "agent": {"version": "3.14.0", "name": "elastic-node"}, "environment": "staging", "framework": {"version": "1.2.3", "name": "Express"}, "version": "5.1.3", "runtime": {"version": "8.0.0", "name": "node"}},"cloud":{"account":{"id":"account_id","name":"account_name"},"availability_zone":"cloud_availability_zone","instance":{"id":"instance_id","name":"instance_name"},"machine":{"type":"machine_type"},"project":{"id":"project_id","name":"project_name"},"provider":"cloud_provider","region":"cloud_region","service":{"name":"lambda"}}}}
   {"log": {"message": "test message"}}
   {"log": {"message": "test message 2", "timestamp": 1662616049000000}}
   {"log": {"message": "test log message with faas", "@timestamp": 1662616049000000,"faas":{"coldstart":true,"execution":"6f7f0961f83442118a7af6fe80b88d56","id":"arn:aws:lambda:us-east-2:123456789012:function:custom-runtime"}}}

2. Send a curl request with the above request body:

   curl -i -H "Content-type: application/x-ndjson" -H "Authorization: Bearer {APM_SERVER_SECRET_TOKEN}" --data-binary @<request_body_path> {APM_SERVER_URL}:8200/intake/v2/events

Related issues

Closes #8757

[mergify]

This pull request does not have a backport label. Could you fix it @lahsivjar? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-7.x is the label to automatically backport to the 7.x branch.
• backport-7./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[ghost]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-09-09T09:08:01.330+0000

• Duration: 28 min 18 sec

Test stats 🧪

Test	Results
Failed	0
Passed	141
Skipped	0
Total	141

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate and publish the docker images.

• /test windows : Build & tests on Windows.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[ghost]

📚 Go benchmark report

Diff with the main branch

name                                                                                              old time/op    new time/op    delta
pkg:github.com/elastic/apm-server/internal/agentcfg goos:linux goarch:amd64
FetchAndAdd/FetchFromCache-12                                                                       46.2ns ± 0%    41.2ns ± 0%  -10.84%  (p=0.000 n=5+4)
FetchAndAdd/FetchAndAddToCache-12                                                                    105ns ± 3%      94ns ± 0%  -10.24%  (p=0.016 n=5+4)
pkg:github.com/elastic/apm-server/internal/beater/request goos:linux goarch:amd64
ContextReset/X-Forwarded-For_ipv6-12                                                                 767ns ±19%    1110ns ±15%  +44.72%  (p=0.008 n=5+5)
ContextReset/Forwarded_ipv4-12                                                                      1.15µs ±16%    0.88µs ±26%  -23.98%  (p=0.032 n=5+5)
ContextResetContentEncoding/empty-12                                                                 150ns ± 1%     134ns ± 0%  -10.50%  (p=0.008 n=5+5)
ContextResetContentEncoding/uncompressed-12                                                          169ns ± 1%     152ns ± 1%  -10.08%  (p=0.008 n=5+5)
pkg:github.com/elastic/apm-server/internal/model/modelindexer goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/processor/stream goos:linux goarch:amd64
BackendProcessor/errors.ndjson-12                                                                   63.2µs ±32%    84.5µs ±19%  +33.75%  (p=0.008 n=5+5)
BackendProcessor/minimal.ndjson-12                                                                  20.8µs ±14%    25.0µs ±12%  +20.08%  (p=0.008 n=5+5)
BackendProcessor/optional-timestamps.ndjson-12                                                      17.9µs ±34%    22.6µs ±11%  +26.40%  (p=0.032 n=5+5)
BackendProcessor/ratelimit.ndjson-12                                                                47.4µs ±18%    59.7µs ±18%  +26.09%  (p=0.016 n=5+5)
BackendProcessor/transactions_spans_rum.ndjson-12                                                   16.7µs ±11%    20.5µs ±18%  +22.21%  (p=0.016 n=5+5)
RUMV3Processor/rum_errors.ndjson-12                                                                 7.19µs ±27%    9.05µs ±13%  +25.86%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/invalid-json-event.ndjson-12            3.95µs ± 5%    3.62µs ± 1%   -8.19%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/minimal-service.ndjson-12               3.78µs ± 1%    3.63µs ± 7%   -4.14%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/transactions_spans_rum_2.ndjson-12      5.54µs ± 5%    5.16µs ± 4%   -6.77%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/invalid-event.ndjson-12                 3.77µs ± 1%    3.83µs ± 1%   +1.65%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/otel-bridge.ndjson-12                   3.75µs ± 1%    4.33µs ±19%  +15.35%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/ratelimit.ndjson-12                     6.64µs ± 1%    7.25µs ± 2%   +9.31%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/span-links.ndjson-12                    1.52µs ± 1%    1.61µs ± 1%   +5.75%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/spans.ndjson-12                         10.7µs ± 1%    11.6µs ± 2%   +8.39%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions-huge_traces.ndjson-12      5.43µs ± 2%    5.71µs ± 1%   +5.10%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions.ndjson-12                  11.1µs ± 1%    11.3µs ± 1%   +2.55%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions_spans.ndjson-12            10.9µs ± 0%    11.3µs ± 1%   +3.51%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions_spans_rum.ndjson-12        2.02µs ± 1%    2.06µs ± 2%   +2.27%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions_spans_rum_2.ndjson-12      1.93µs ± 1%    1.99µs ± 1%   +3.05%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/unknown-span-type.ndjson-12             7.25µs ± 1%    7.44µs ± 1%   +2.60%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors.ndjson-12                      7.36µs ± 1%    7.57µs ± 2%   +2.87%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors_2.ndjson-12                    6.89µs ± 2%    7.19µs ±10%   +4.38%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors_rum.ndjson-12                  1.96µs ± 1%    2.03µs ± 2%   +3.63%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors_transaction_id.ndjson-12       5.42µs ± 2%    5.57µs ± 1%   +2.72%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/events.ndjson-12                      13.6µs ± 1%    14.0µs ± 1%   +3.33%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/heavy.ndjson-12                        549µs ± 2%     578µs ± 5%   +5.13%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-event-type.ndjson-12           785ns ± 1%     814ns ± 2%   +3.78%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-event.ndjson-12               3.32µs ± 1%    3.43µs ± 0%   +3.30%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-json-event.ndjson-12          1.08µs ± 2%    1.10µs ± 1%   +2.24%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-json-metadata.ndjson-12       1.90µs ± 1%    1.94µs ± 1%   +2.21%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-metadata-2.ndjson-12           470ns ± 2%     483ns ± 2%   +2.71%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-metadata.ndjson-12             475ns ± 2%     488ns ± 1%   +2.61%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/metadata-null-values.ndjson-12         758ns ± 1%     778ns ± 1%   +2.68%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/metadata.ndjson-12                    1.24µs ± 1%    1.28µs ± 2%   +2.88%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/minimal-service.ndjson-12             1.05µs ± 1%    1.08µs ± 1%   +3.19%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/minimal.ndjson-12                     2.07µs ± 1%    2.13µs ± 1%   +2.88%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/optional-timestamps.ndjson-12         1.55µs ± 2%    1.59µs ± 1%   +2.73%  (p=0.024 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/ratelimit.ndjson-12                   5.92µs ± 1%    6.10µs ± 2%   +3.08%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/span-links.ndjson-12                  1.17µs ± 0%    1.22µs ± 2%   +4.46%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/spans.ndjson-12                       9.41µs ± 1%    9.73µs ± 2%   +3.41%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions-huge_traces.ndjson-12    4.60µs ± 2%    4.74µs ± 1%   +3.07%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions.ndjson-12                9.37µs ± 2%    9.64µs ± 1%   +2.79%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions_spans.ndjson-12          9.27µs ± 2%    9.54µs ± 2%   +2.96%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions_spans_rum.ndjson-12      1.58µs ± 1%    1.63µs ± 2%   +2.87%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions_spans_rum_2.ndjson-12    1.52µs ± 2%    1.58µs ± 1%   +3.88%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/unknown-span-type.ndjson-12           6.14µs ± 2%    6.29µs ± 1%   +2.43%  (p=0.016 n=5+5)
pkg:github.com/elastic/apm-server/internal/publish goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/aggregation/spanmetrics goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/aggregation/txmetrics goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/sampling goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/sampling/eventstorage goos:linux goarch:amd64
WriteTransaction/json_codec-12                                                                      9.20µs ±45%    4.08µs ± 3%  -55.60%  (p=0.008 n=5+5)
WriteTransaction/json_codec_big_tx-12                                                               12.6µs ±19%     5.0µs ± 3%  -60.50%  (p=0.008 n=5+5)
WriteTransaction/nop_codec_big_tx-12                                                                 811ns ±23%     483ns ±54%  -40.49%  (p=0.008 n=5+5)
ReadEvents/json_codec/0_events-12                                                                    345ns ± 7%     307ns ± 6%  -10.95%  (p=0.008 n=5+5)
ReadEvents/json_codec_big_tx/0_events-12                                                             344ns ± 5%     316ns ± 3%   -8.07%  (p=0.008 n=5+5)
ReadEvents/nop_codec/0_events-12                                                                     335ns ± 4%     310ns ± 5%   -7.57%  (p=0.016 n=5+5)
ReadEvents/nop_codec_big_tx/0_events-12                                                              337ns ± 4%     308ns ± 6%   -8.58%  (p=0.016 n=5+5)
ReadEvents/nop_codec_big_tx/1_events-12                                                             2.08µs ± 9%    1.83µs ± 7%  -12.11%  (p=0.032 n=4+5)
IsTraceSampled/sampled-12                                                                           76.3ns ± 3%    67.8ns ± 2%  -11.12%  (p=0.008 n=5+5)
IsTraceSampled/unsampled-12                                                                         78.9ns ± 1%    70.6ns ± 1%  -10.53%  (p=0.008 n=5+5)
IsTraceSampled/unknown-12                                                                            410ns ± 2%     368ns ± 2%  -10.21%  (p=0.008 n=5+5)

name                                                                                              old alloc/op   new alloc/op   delta
pkg:github.com/elastic/apm-server/internal/agentcfg goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/beater/request goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/model/modelindexer goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/processor/stream goos:linux goarch:amd64
BackendProcessor/invalid-event.ndjson-12                                                            7.55kB ± 1%    7.71kB ± 0%   +2.12%  (p=0.016 n=5+4)
BackendProcessor/invalid-json-event.ndjson-12                                                       4.11kB ± 2%    4.21kB ± 1%   +2.45%  (p=0.008 n=5+5)
BackendProcessor/invalid-json-metadata.ndjson-12                                                    5.15kB ± 2%    5.25kB ± 1%   +2.04%  (p=0.032 n=5+5)
BackendProcessor/metadata-null-values.ndjson-12                                                     3.25kB ± 2%    3.34kB ± 2%   +2.86%  (p=0.032 n=5+5)
BackendProcessor/metricsets.ndjson-12                                                               14.7kB ± 1%    14.9kB ± 1%   +1.44%  (p=0.032 n=5+5)
BackendProcessor/optional-timestamps.ndjson-12                                                      5.45kB ± 1%    5.58kB ± 2%   +2.35%  (p=0.032 n=5+5)
RUMV3Processor/rum_events.ndjson-12                                                                 3.04kB ± 1%    3.08kB ± 1%   +1.50%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/invalid-json-event.ndjson-12            4.60kB ± 1%    4.53kB ± 1%   -1.49%  (p=0.040 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/transactions_spans_rum_2.ndjson-12      6.08kB ± 1%    6.01kB ± 0%   -1.15%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel4/spans.ndjson-12                         30.7kB ± 1%    30.5kB ± 1%   -0.95%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel4/transactions.ndjson-12                  27.8kB ± 1%    27.5kB ± 0%   -0.81%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/otel-bridge.ndjson-12                   11.7kB ± 1%    11.4kB ± 1%   -2.17%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/otel-bridge.ndjson-12                 11.4kB ± 1%    11.5kB ± 0%   +0.86%  (p=0.016 n=5+4)
ReadBatch/errors.ndjson-12                                                                          20.6kB ± 0%    20.6kB ± 0%   +0.09%  (p=0.008 n=5+5)
ReadBatch/errors_transaction_id.ndjson-12                                                           18.0kB ± 0%    18.0kB ± 0%   +0.08%  (p=0.024 n=5+5)
ReadBatch/metricsets.ndjson-12                                                                      18.5kB ± 0%    18.7kB ± 0%   +1.04%  (p=0.008 n=5+5)
ReadBatch/otel-bridge.ndjson-12                                                                     10.0kB ± 0%    10.0kB ± 0%   +0.06%  (p=0.032 n=5+5)
ReadBatch/transactions_spans_rum.ndjson-12                                                          4.70kB ± 0%    4.71kB ± 0%   +0.07%  (p=0.016 n=4+5)
ReadBatch/unknown-span-type.ndjson-12                                                               16.8kB ± 0%    16.8kB ± 0%   +0.07%  (p=0.032 n=5+5)
pkg:github.com/elastic/apm-server/internal/publish goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/aggregation/spanmetrics goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/aggregation/txmetrics goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/sampling goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/sampling/eventstorage goos:linux goarch:amd64
ReadEvents/json_codec/199_events-12                                                                 1.02MB ± 0%    1.02MB ± 0%   +0.05%  (p=0.016 n=5+4)
ReadEvents/nop_codec/1000_events-12                                                                 2.18MB ± 0%    2.17MB ± 0%   -0.43%  (p=0.016 n=5+5)
ReadEvents/nop_codec_big_tx/100_events-12                                                            250kB ± 0%     250kB ± 0%   +0.05%  (p=0.032 n=5+5)

name                                                                                              old allocs/op  new allocs/op  delta
pkg:github.com/elastic/apm-server/internal/agentcfg goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/beater/request goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/model/modelindexer goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/processor/stream goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/internal/publish goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/aggregation/spanmetrics goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/aggregation/txmetrics goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/sampling goos:linux goarch:amd64
pkg:github.com/elastic/apm-server/x-pack/apm-server/sampling/eventstorage goos:linux goarch:amd64

name                                                                                              old speed      new speed      delta
pkg:github.com/elastic/apm-server/internal/processor/stream goos:linux goarch:amd64
BackendProcessor/errors.ndjson-12                                                                 93.1MB/s ± 8%  75.7MB/s ±17%  -18.67%  (p=0.016 n=4+5)
BackendProcessor/minimal.ndjson-12                                                                49.8MB/s ±13%  41.4MB/s ±11%  -17.02%  (p=0.008 n=5+5)
BackendProcessor/optional-timestamps.ndjson-12                                                    59.9MB/s ±44%  45.7MB/s ±11%  -23.69%  (p=0.024 n=5+5)
BackendProcessor/ratelimit.ndjson-12                                                              89.9MB/s ±20%  71.3MB/s ±16%  -20.75%  (p=0.016 n=5+5)
BackendProcessor/transactions_spans_rum.ndjson-12                                                 69.3MB/s ±10%  57.1MB/s ±16%  -17.59%  (p=0.016 n=5+5)
RUMV3Processor/rum_errors.ndjson-12                                                                136MB/s ±23%   107MB/s ±14%  -21.34%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/invalid-json-event.ndjson-12           149MB/s ± 5%   162MB/s ± 1%   +8.80%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/minimal-service.ndjson-12              112MB/s ± 1%   117MB/s ± 7%   +4.51%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel2/transactions_spans_rum_2.ndjson-12     202MB/s ± 5%   217MB/s ± 5%   +7.23%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/invalid-event.ndjson-12                203MB/s ± 1%   200MB/s ± 1%   -1.62%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/otel-bridge.ndjson-12                  501MB/s ± 1%   438MB/s ±16%  -12.51%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/ratelimit.ndjson-12                    635MB/s ± 1%   581MB/s ± 2%   -8.51%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/span-links.ndjson-12                   447MB/s ± 1%   423MB/s ± 1%   -5.42%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/spans.ndjson-12                        752MB/s ± 1%   694MB/s ± 2%   -7.73%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions-huge_traces.ndjson-12     583MB/s ± 2%   555MB/s ± 1%   -4.85%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions.ndjson-12                 510MB/s ± 1%   498MB/s ± 1%   -2.49%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions_spans.ndjson-12           533MB/s ± 0%   515MB/s ± 1%   -3.38%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions_spans_rum.ndjson-12       572MB/s ± 1%   560MB/s ± 2%   -2.21%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/transactions_spans_rum_2.ndjson-12     577MB/s ± 1%   560MB/s ± 2%   -2.94%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel8/unknown-span-type.ndjson-12            456MB/s ± 1%   445MB/s ± 1%   -2.54%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors.ndjson-12                     862MB/s ± 1%   838MB/s ± 2%   -2.78%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors_2.ndjson-12                   685MB/s ± 2%   657MB/s ± 9%   -3.97%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors_rum.ndjson-12                 968MB/s ± 1%   934MB/s ± 2%   -3.51%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/errors_transaction_id.ndjson-12      705MB/s ± 2%   686MB/s ± 1%   -2.65%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/events.ndjson-12                     548MB/s ± 1%   530MB/s ± 1%   -3.22%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/heavy.ndjson-12                      726MB/s ± 2%   691MB/s ± 5%   -4.82%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-event-type.ndjson-12         498MB/s ± 1%   480MB/s ± 2%   -3.64%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-event.ndjson-12              230MB/s ± 1%   223MB/s ± 0%   -3.20%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-json-event.ndjson-12         543MB/s ± 2%   531MB/s ± 1%   -2.19%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-json-metadata.ndjson-12      235MB/s ± 1%   230MB/s ± 1%   -2.15%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-metadata-2.ndjson-12         927MB/s ± 2%   902MB/s ± 2%   -2.64%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/invalid-metadata.ndjson-12           939MB/s ± 2%   915MB/s ± 1%   -2.55%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/metadata-null-values.ndjson-12       694MB/s ± 1%   676MB/s ± 1%   -2.61%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/metadata.ndjson-12                  1.00GB/s ± 1%  0.97GB/s ± 2%   -2.79%  (p=0.032 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/minimal-service.ndjson-12            405MB/s ± 1%   393MB/s ± 1%   -3.09%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/minimal.ndjson-12                    499MB/s ± 1%   485MB/s ± 1%   -2.80%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/optional-timestamps.ndjson-12        662MB/s ± 2%   645MB/s ± 1%   -2.67%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/ratelimit.ndjson-12                  712MB/s ± 1%   691MB/s ± 2%   -2.97%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/span-links.ndjson-12                 584MB/s ± 0%   560MB/s ± 2%   -4.26%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/spans.ndjson-12                      853MB/s ± 1%   825MB/s ± 2%   -3.29%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions-huge_traces.ndjson-12   690MB/s ± 2%   669MB/s ± 1%   -2.98%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions.ndjson-12               602MB/s ± 2%   586MB/s ± 1%   -2.72%  (p=0.016 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions_spans.ndjson-12         628MB/s ± 2%   610MB/s ± 2%   -2.87%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions_spans_rum.ndjson-12     729MB/s ± 1%   709MB/s ± 2%   -2.77%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/transactions_spans_rum_2.ndjson-12   736MB/s ± 2%   709MB/s ± 1%   -3.72%  (p=0.008 n=5+5)
BackendProcessorParallel/BenchmarkBackendProcessorParallel200/unknown-span-type.ndjson-12          538MB/s ± 2%   525MB/s ± 1%   -2.38%  (p=0.016 n=5+5)

report generated with https://pkg.go.dev/golang.org/x/perf/cmd/benchstat

[felixbarny]

Note that unlike traces and spans, logs are expected to be already in ECS format, as we'll use our ECS logging libraries to convert log events to JSON. So it shouldn't be span_id but span.id. This also applies to timestamp -> @timestamp, trace_id -> trace.id and others.

I think it will end up being much easier to not even have a dedicated spec for log. Just forward everything agents send to Elasticserach.

[felixbarny]

Having said that, the global metadata ofc needs to be converted to ECS.

What I had in mind is that APM Server would just send a doc like

{
  ... global metadata
  "message": "<whatever the agent has sent>"
}

And then use an ingest node pipeline to do a JSON decoding of the message field that merges the fields into the root of the doc.

Dynamic fields become an issue then. If we want to disallow dynamic fields in the first iteration, we can add dynamic: false to the mappings. However, we could also just add dynamic: runtime. This makes the fields searchable but avoids (some) mapping issues related to dynamic fields and can save space and index time for fields that are not commonly used in searches.
Other mechanisms to avoid issues with dynamic fields are to enable ignore_malformed for the whole data stream and to enable subobjects: true on the root level once elastic/elasticsearch#88934 has been resolved.

[lahsivjar]

I think it will end up being much easier to not even have a dedicated spec for log. Just forward everything agents send to Elasticserach.

If I understand correctly, for this we will need to have the ingest pipeline setup. We also have a requirement to keep the OTEL logs pipeline stable so I am a bit reluctant to introduce a lot of changes to the existing mapping. I am thinking that instead of using message field to put agent data we can use another named field that doesn't collide with any ECS schema field, maybe something like raw. This will allow us to incrementally migrate to the ingest node pipeline in the future. WDYT?

@axw Please correct me if I have misunderstood something here.

UPDATE: Thinking about this again, we can just let the message field be as it is sent to us and pass it on to ES. For some of the other fields, like trace_id and span_id, maybe we can keep the current structure and it can be overridden by the ingest node pipeline if message has the fields duplicated?

[lahsivjar]

maybe something like raw.

Or we can put everything else under labels as suggested by Andrew in the slack conversation.

[axw]

IIANM, for Lambda all we get is a timestamp and a string for function logs. Is that right? If so then I agree with the suggestions above to just send @timestamp and message, along with any fields that come from metadata.

For the first cut, I would suggest we just store message as it is received. Then we can follow up with what Felix suggests, and attempt to decode the message as JSON into the root, and use dynamic: runtime.

[axw]

IIANM, for Lambda all we get is a timestamp and a string for function logs. Is that right? If so then I agree with the suggestions above to just send @timestamp and message, along with any fields that come from metadata.

For the first cut, I would suggest we just store message as it is received. Then we can follow up with what Felix suggests, and attempt to decode the message as JSON into the root, and use dynamic: runtime.

[axw]

Looks great! Should we add a small system test?

[lahsivjar]

Looks great! Should we add a small system test?

This is done.

[axw]

Nice work!

[lahsivjar]

@axw I missed adding faas fields to the logs datastream. I have added it now, please give it a quick look.

[axw]

Good catch! Just one thing about the package version, otherwise LGTM.

[felixbarny]

What do you think about also adding the fields from the ECS logging spec? This way, we could use this as the foundation for https://github.com/elastic/apm-dev/issues/833 and merge elastic/apm-agent-java#2694 as an experimental feature.

Dynamic mappings can come later.

[lahsivjar]

@felixbarny Thanks for the message. I have created #9100 to handle this, feel free to add any more information to it if required. I will try to push the required changes for 8.5.

[marclop]

Verified with 8.5.0 BC1:

$ curl -i -H "Authorization: Bearer 123" -H "Content-type: application/x-ndjson" --data-binary @testdata/intake-v2/logs.ndjson https://5fa0c22c644145439c4c4f9daa176b05.apm.us-west2.gcp.elastic-cloud.com:443/intake/v2/events
HTTP/2 202
date: Tue, 27 Sep 2022 07:21:56 GMT
x-cloud-request-id: AprFqdBaR7akPHcDaGQT-Q
x-content-type-options: nosniff
x-found-handling-cluster: 5fa0c22c644145439c4c4f9daa176b05
x-found-handling-instance: instance-0000000000
content-length: 0

I couldn't verify the log message with faas fields since that change is in the unreleased package which isn't being used for ESS atm. I will retest as soon as that's available

[marclop]

Verified with the latest 8.5.0 BC: