Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enhancement(new sink): new sink for Google chronicle #13550

Merged
merged 39 commits into from
Jul 22, 2022
Merged

enhancement(new sink): new sink for Google chronicle #13550

merged 39 commits into from
Jul 22, 2022

Conversation

StephenWakely
Copy link
Contributor

@StephenWakely StephenWakely commented Jul 14, 2022
edited
Loading

Ref #11532

This creates a new sink for Google Chronicle unstructured log entries.

Note, the integration test is running against a dummy http server that I am maintaining here and will document a bit better shortly. The RSA keys used for the authentication of this test have been freshly generated and are not used anywhere else!

This has also been tested against a real Chronicle account.

This is also using a fork of the rust-goauth library, which can be reverted once this pull request is merged.

@StephenWakely
Add initial sink
c4ca4e3 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Started on batching and partitioning
d209314 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
It works old style.
9fb3576 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
New style sink working.
c7ad1cd 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Encode data for unstructured.
36aa6cb 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
WIP
62a192e 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Fixed endpoint.
07a798f 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Request should be post
ca2bf1f 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Tidy code
5cc9e98 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Added content-type header
61f62f8 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Added integration test.
2c36d89 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Merge remote-tracking branch 'origin' into stephen/chronicle_sink
6e3469e 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Fixed merge
c0c7f4f 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Fixed encoding.
f635f86 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Use generated auth keys.
f4fc89d 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Remove old chronicle folder
99ad86e 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Remove commented module.
edcda8d 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely StephenWakely requested review from bruceg and jszwedko July 14, 2022 12:25
@netlify
Copy link

netlify bot commented Jul 14, 2022
edited
Loading

Deploy Preview for vector-project canceled.

Name Link
🔨 Latest commit 5e58b30
🔍 Latest deploy log https://app.netlify.com/sites/vector-project/deploys/62daa5cabf86840009b5229c

@github-actions github-actions bot added domain: ci Anything related to Vector's CI environment domain: sinks Anything related to the Vector's sinks labels Jul 14, 2022
@StephenWakely
Tidy module comments.
0372922 
Signed-off-by: Stephen Wakely <[email protected]>
pablosichert
pablosichert reviewed Jul 14, 2022
View reviewed changes
Cargo.toml Outdated Show resolved Hide resolved
src/sinks/gcp/chronicle_unstructured.rs Outdated Show resolved Hide resolved
src/sinks/gcp/chronicle_unstructured.rs Outdated Show resolved Hide resolved
spencergilbert
spencergilbert reviewed Jul 14, 2022
View reviewed changes
src/sinks/gcp/chronicle_unstructured.rs Show resolved Hide resolved
src/sinks/gcp/chronicle_unstructured.rs

impl GenerateConfig for ChronicleUnstructuredConfig {
fn generate_config() -> toml::Value {
toml::from_str(indoc! {r#"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I prefer using Self here to get completion help, but I don't think we've agreed/determined a standard here.

Ex: https://github.com/vectordotdev/vector/blob/master/src/sinks/websocket/config.rs#L32-L40

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm.. I prefer it this way. It means we can verify that a minimal config looks sane.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should get a consensus as a team and commit to doing it one way or another.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd say we defer that to another issue since that would affect more sinks. Personally I don't have any strong opinions about either style. I can see @StephenWakely's argument, it has helped me a couple of times to catch deserialization issues as well

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep - 100% not needing to be handled here!

src/sinks/gcp/chronicle_unstructured.rs

#[async_trait::async_trait]
#[typetag::serde(name = "gcp_chronicle_unstructured")]
impl SinkConfig for ChronicleUnstructuredConfig {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the unstructured vs structured(?) so different that they can't be a single sink with two encoding options?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's unstructured vs UDM.

There's an open question still on the RFC that needs resolving. Please chime in here with your thoughts.

@StephenWakely
Fixed unit tests.
fdbb982 
Signed-off-by: Stephen Wakely <[email protected]>
@github-actions github-actions bot added the domain: external docs Anything related to Vector's external, public documentation label Jul 18, 2022
@StephenWakely
Remove Framing from Encoder config.
9dcaac6 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Address feedback.
d875978 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Cue fmt
f2067d1 
Signed-off-by: Stephen Wakely <[email protected]>
neuronull
neuronull reviewed Jul 19, 2022
View reviewed changes
src/sinks/gcp/chronicle_unstructured.rs Outdated Show resolved Hide resolved
src/sinks/gcp/chronicle_unstructured.rs Show resolved Hide resolved
src/sinks/gcp/chronicle_unstructured.rs Outdated Show resolved Hide resolved
src/sinks/gcp/chronicle_unstructured.rs Outdated Show resolved Hide resolved
@StephenWakely
Feedback from Kyle.
d09ae26 
Signed-off-by: Stephen Wakely <[email protected]>
spencergilbert
spencergilbert approved these changes Jul 20, 2022
View reviewed changes
Copy link
Contributor

@spencergilbert spencergilbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of nit level comments, otherwise happy to unblock users with this.

Cargo.toml Outdated Show resolved Hide resolved
website/cue/reference/components/sinks/gcp_chronicle_unstructured.cue
}
}
log_type: {
description: "Identifies the log entry. This must be one of the supported log types, otherwise Chronicle will reject the entry with an error."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a list of supported log types we can share here or at least link to?

src/sinks/gcp/chronicle_unstructured.rs Outdated Show resolved Hide resolved
@github-actions
Copy link

Soak Test Results

Baseline: ce65a86
Comparison: d09ae26
Total Vector CPUs: 4

Explanation

A soak test is an integrated performance test for vector in a repeatable rig, with varying configuration for vector. What follows is a statistical summary of a brief vector run for each configuration across SHAs given above. The goal of these tests are to determine, quickly, if vector performance is changed and to what degree by a pull request. Where appropriate units are scaled per-core.

The table below, if present, lists those experiments that have experienced a statistically significant change in their throughput performance between baseline and comparision SHAs, with 90.0% confidence OR have been detected as newly erratic. Negative values mean that baseline is faster, positive comparison. Results that do not exhibit more than a ±8.87% change in mean throughput are discarded. An experiment is erratic if its coefficient of variation is greater than 0.3. The abbreviated table will be omitted if no interesting changes are observed.

No interesting changes in throughput with confidence ≥ 90.00% and absolute Δ mean >= ±8.87%:

Fine details of change detection per experiment.
experiment Δ mean Δ mean % confidence baseline mean baseline stdev baseline stderr baseline outlier % baseline CoV comparison mean comparison stdev comparison stderr comparison outlier % comparison CoV erratic declared erratic
datadog_agent_remap_blackhole_acks 2.22MiB 3.45 100.00% 64.18MiB 5.01MiB 104.28KiB 0 0.0780073 66.4MiB 3.06MiB 63.92KiB 0 0.0460302 False False
syslog_regex_logs2metric_ddmetrics 430.59KiB 3.36 100.00% 12.51MiB 743.18KiB 15.14KiB 0 0.0579949 12.93MiB 755.69KiB 15.4KiB 0 0.0570531 False False
socket_to_socket_blackhole 356.28KiB 2.65 100.00% 13.12MiB 202.9KiB 4.14KiB 0 0.0150962 13.47MiB 168.52KiB 3.44KiB 0 0.012214 False False
http_text_to_http_json 936.09KiB 2.44 100.00% 37.51MiB 894.59KiB 18.26KiB 0 0.0232879 38.42MiB 850.56KiB 17.36KiB 0 0.021615 False False
datadog_agent_remap_blackhole 864.49KiB 1.31 100.00% 64.35MiB 4.21MiB 87.78KiB 0 0.0654643 65.2MiB 3.32MiB 69.27KiB 0 0.0509225 False False
syslog_humio_logs 224.27KiB 1.25 100.00% 17.5MiB 151.38KiB 3.09KiB 0 0.00844777 17.72MiB 169.47KiB 3.47KiB 0 0.00934032 False False
http_pipelines_blackhole_acks 14.9KiB 1.23 100.00% 1.18MiB 109.96KiB 2.24KiB 0 0.0910572 1.19MiB 68.28KiB 1.39KiB 0 0.0558526 False False
syslog_splunk_hec_logs 204.64KiB 1.15 100.00% 17.34MiB 719.16KiB 14.65KiB 0 0.0405009 17.54MiB 775.64KiB 15.78KiB 0 0.0431841 False False
syslog_log2metric_splunk_hec_metrics 183.59KiB 0.95 100.00% 18.92MiB 644.04KiB 13.12KiB 0 0.0332433 19.09MiB 728.7KiB 14.85KiB 0 0.0372599 False False
syslog_log2metric_humio_metrics 115.4KiB 0.85 100.00% 13.21MiB 200.27KiB 4.09KiB 0 0.0148074 13.32MiB 544.83KiB 11.09KiB 0 0.0399415 False False
splunk_hec_route_s3 158.09KiB 0.81 98.53% 19.14MiB 2.23MiB 46.45KiB 0 0.116554 19.3MiB 2.16MiB 45.16KiB 0 0.11175 False False
http_pipelines_blackhole 7.46KiB 0.45 99.76% 1.63MiB 22.69KiB 474.96B 0 0.0136071 1.64MiB 118.26KiB 2.41KiB 0 0.0705915 False False
datadog_agent_remap_datadog_logs_acks 127.47KiB 0.2 76.94% 62.59MiB 2.5MiB 52.31KiB 0 0.0399081 62.72MiB 4.45MiB 92.56KiB 0 0.0708824 False False
splunk_hec_to_splunk_hec_logs_noack 20.42KiB 0.08 90.54% 23.82MiB 500.11KiB 10.2KiB 0 0.0205011 23.84MiB 328.64KiB 6.71KiB 0 0.0134606 False False
splunk_hec_to_splunk_hec_logs_acks 17.04KiB 0.07 52.72% 23.75MiB 872.2KiB 17.74KiB 0 0.0358529 23.77MiB 774.34KiB 15.76KiB 0 0.0318076 False False
splunk_hec_indexer_ack_blackhole 18.01KiB 0.07 50.43% 23.74MiB 955.71KiB 19.44KiB 0 0.0393052 23.76MiB 880.88KiB 17.92KiB 0 0.0362008 False False
enterprise_http_to_http -1.88KiB -0.01 20.51% 23.85MiB 248.72KiB 5.08KiB 0 0.0101833 23.84MiB 252.77KiB 5.17KiB 0 0.0103501 False False
file_to_blackhole -28.46KiB -0.03 20.01% 95.33MiB 3.65MiB 75.6KiB 0 0.0382458 95.31MiB 3.99MiB 83.02KiB 0 0.0418659 False False
syslog_loki -6.25KiB -0.04 30.76% 14.45MiB 305.7KiB 6.26KiB 0 0.0206488 14.45MiB 713.88KiB 14.51KiB 0 0.0482405 False False
http_to_http_acks -19.13KiB -0.1 6.21% 18.1MiB 8.44MiB 176.35KiB 0 0.466 18.08MiB 8.19MiB 170.98KiB 0 0.452828 True True
http_to_http_json -24.04KiB -0.1 95.94% 23.85MiB 339.07KiB 6.92KiB 0 0.0138822 23.82MiB 463.27KiB 9.48KiB 0 0.0189855 False False
fluent_elasticsearch -226.24KiB -0.28 100.00% 79.47MiB 52.83KiB 1.07KiB 0 0.000649083 79.25MiB 1.88MiB 38.76KiB 0 0.023772 False False
datadog_agent_remap_datadog_logs -274.18KiB -0.42 99.74% 63.21MiB 300.32KiB 6.15KiB 0 0.00463916 62.94MiB 4.36MiB 90.8KiB 0 0.0692811 False False
http_to_http_noack -139.85KiB -0.57 100.00% 23.84MiB 255.04KiB 5.21KiB 0 0.0104429 23.71MiB 1.27MiB 26.47KiB 0 0.0535846 False False
http_pipelines_no_grok_blackhole -88.6KiB -0.76 100.00% 11.37MiB 69.81KiB 1.43KiB 0 0.00599531 11.28MiB 1.03MiB 21.43KiB 0 0.0911475 False False

neuronull
neuronull reviewed Jul 20, 2022
View reviewed changes
src/sinks/gcp/chronicle_unstructured.rs
}

impl Service<ChronicleRequest> for ChronicleService {
type Response = GcsResponse;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be common knowledge once you get familiar with things but, it took me a bit of digging to realize that component_sent_events_total and component_sent_event_bytes_total (required to be emitted by this type of component) , are emitted as part of EventsSent which is handled by the GcsResponse / DriverResponse Trait function events_sent()

Not sure if it really warrants a comment but, I figured I'd call it out as a newbie.

src/sinks/gcp/chronicle_unstructured.rs Show resolved Hide resolved
src/sinks/gcp/chronicle_unstructured.rs
Comment on lines +218 to +221
(Some(endpoint), None) => endpoint.trim_end_matches('/'),
(None, Some(region)) => region.endpoint(),
(Some(_), Some(_)) => return Err(ChronicleError::BothRegionAndEndpoint),
(None, None) => return Err(ChronicleError::RegionOrEndpoint),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like this logic is configuration based , would it be beneficial to add a unit test case for it ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I understand what you mean?

src/sinks/gcp/chronicle_unstructured.rs
@@ -0,0 +1,526 @@
//! This sink sends data to Google Chronicles unstructured log entries endpoint.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noticing this is the primary inline documentation for the file (in reference to the "REVIEWING.md" guide).
Though I'm glancing at a few other sink implementations and, not seeing a whole lot of in line documentation in those either 🤷

@StephenWakely
Compression is not an option.
f2607d8 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Update goauth.
15c95af 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
Add integration tests for the unhappy paths.
25416e0 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely StephenWakely force-pushed the stephen/chronicle_sink branch from 1896d81 to 25416e0 Compare July 21, 2022 20:17
@StephenWakely
Clippy
ce19b14 
Signed-off-by: Stephen Wakely <[email protected]>
@github-actions
Copy link

Soak Test Results

Baseline: a2cf7d2
Comparison: 25416e0
Total Vector CPUs: 4

Explanation

A soak test is an integrated performance test for vector in a repeatable rig, with varying configuration for vector. What follows is a statistical summary of a brief vector run for each configuration across SHAs given above. The goal of these tests are to determine, quickly, if vector performance is changed and to what degree by a pull request. Where appropriate units are scaled per-core.

The table below, if present, lists those experiments that have experienced a statistically significant change in their throughput performance between baseline and comparision SHAs, with 90.0% confidence OR have been detected as newly erratic. Negative values mean that baseline is faster, positive comparison. Results that do not exhibit more than a ±8.87% change in mean throughput are discarded. An experiment is erratic if its coefficient of variation is greater than 0.3. The abbreviated table will be omitted if no interesting changes are observed.

No interesting changes in throughput with confidence ≥ 90.00% and absolute Δ mean >= ±8.87%:

Fine details of change detection per experiment.
experiment Δ mean Δ mean % confidence baseline mean baseline stdev baseline stderr baseline outlier % baseline CoV comparison mean comparison stdev comparison stderr comparison outlier % comparison CoV erratic declared erratic
syslog_log2metric_humio_metrics 288.18KiB 2.29 100.00% 12.31MiB 513.33KiB 10.48KiB 0 0.0407276 12.59MiB 528.45KiB 10.77KiB 0 0.0409903 False False
datadog_agent_remap_blackhole_acks 672.56KiB 1.1 100.00% 59.74MiB 4.17MiB 86.8KiB 0 0.0697668 60.4MiB 2.3MiB 48.2KiB 0 0.0381021 False False
http_pipelines_blackhole_acks 8.86KiB 0.87 95.76% 1017.29KiB 146.34KiB 2.98KiB 0 0.143818 1.0MiB 156.35KiB 3.19KiB 0 0.152337 False False
splunk_hec_route_s3 139.07KiB 0.72 95.89% 18.79MiB 2.35MiB 49.01KiB 0 0.125259 18.93MiB 2.26MiB 47.22KiB 0 0.119297 False False
http_to_http_acks 107.79KiB 0.58 34.83% 18.19MiB 8.46MiB 176.83KiB 0 0.464872 18.29MiB 7.69MiB 160.43KiB 0 0.420109 True True
socket_to_socket_blackhole 42.74KiB 0.32 99.54% 13.17MiB 544.84KiB 11.12KiB 0 0.0404005 13.21MiB 497.24KiB 10.15KiB 0 0.0367541 False False
datadog_agent_remap_blackhole 142.54KiB 0.23 79.02% 61.73MiB 4.2MiB 87.51KiB 0 0.0680087 61.86MiB 3.48MiB 72.51KiB 0 0.0561925 False False
syslog_humio_logs 17.33KiB 0.1 87.58% 17.6MiB 407.58KiB 8.32KiB 0 0.0226108 17.62MiB 371.29KiB 7.6KiB 0 0.020578 False False
splunk_hec_to_splunk_hec_logs_noack 15.4KiB 0.06 80.78% 23.82MiB 476.98KiB 9.74KiB 0 0.0195505 23.84MiB 327.23KiB 6.68KiB 0 0.013404 False False
splunk_hec_to_splunk_hec_logs_acks 1.82KiB 0.01 6.11% 23.76MiB 830.51KiB 16.89KiB 0 0.0341343 23.76MiB 821.48KiB 16.71KiB 0 0.0337608 False False
enterprise_http_to_http -2.09KiB -0.01 23.03% 23.85MiB 243.3KiB 4.97KiB 0 0.00996132 23.84MiB 250.49KiB 5.12KiB 0 0.0102568 False False
file_to_blackhole -68.24KiB -0.07 53.15% 95.36MiB 2.81MiB 58.28KiB 0 0.0294759 95.3MiB 3.55MiB 73.92KiB 0 0.0372778 False False
http_to_http_json -24.87KiB -0.1 96.26% 23.85MiB 341.49KiB 6.97KiB 0 0.0139827 23.82MiB 474.32KiB 9.7KiB 0 0.0194411 False False
splunk_hec_indexer_ack_blackhole -25.89KiB -0.11 72.44% 23.77MiB 771.94KiB 15.71KiB 0 0.0317048 23.75MiB 875.16KiB 17.8KiB 0 0.0359827 False False
syslog_splunk_hec_logs -35.16KiB -0.2 88.13% 17.14MiB 827.34KiB 16.85KiB 0 0.0471242 17.11MiB 732.94KiB 14.95KiB 0 0.0418313 False False
fluent_elasticsearch -222.01KiB -0.27 100.00% 79.47MiB 53.9KiB 1.09KiB 0 0.00066218 79.26MiB 2.46MiB 50.64KiB 0 0.0310713 False False
http_text_to_http_json -112.06KiB -0.29 99.95% 38.26MiB 1.16MiB 24.22KiB 0 0.0302794 38.15MiB 1.0MiB 20.92KiB 0 0.0262258 False False
http_to_http_noack -103.36KiB -0.42 99.99% 23.83MiB 522.86KiB 10.69KiB 0 0.0214249 23.73MiB 1.18MiB 24.69KiB 0 0.0499095 False False
syslog_log2metric_splunk_hec_metrics -82.66KiB -0.43 98.91% 18.89MiB 1.05MiB 21.93KiB 0 0.0556581 18.81MiB 1.15MiB 23.94KiB 0 0.0610715 False False
http_pipelines_blackhole -7.79KiB -0.5 96.69% 1.52MiB 109.28KiB 2.23KiB 0 0.0701268 1.51MiB 141.83KiB 2.89KiB 0 0.091472 False False
syslog_regex_logs2metric_ddmetrics -77.21KiB -0.57 99.99% 13.18MiB 666.83KiB 13.59KiB 0 0.0494102 13.1MiB 709.2KiB 14.45KiB 0 0.0528522 False False
http_pipelines_no_grok_blackhole -232.98KiB -2.05 100.00% 11.09MiB 196.16KiB 4.0KiB 0 0.0172743 10.86MiB 1.12MiB 23.36KiB 0 0.103305 False False
datadog_agent_remap_datadog_logs_acks -1.92MiB -3.11 100.00% 61.84MiB 2.48MiB 51.95KiB 0 0.0400979 59.92MiB 4.38MiB 91.14KiB 0 0.0730592 False False
datadog_agent_remap_datadog_logs -2.29MiB -3.65 100.00% 62.68MiB 1.98MiB 41.55KiB 0 0.0316381 60.4MiB 4.39MiB 91.42KiB 0 0.0726744 False False
syslog_loki -670.8KiB -4.32 100.00% 15.17MiB 234.68KiB 4.81KiB 0 0.0151076 14.51MiB 721.48KiB 14.67KiB 0 0.0485421 False False

@github-actions
Copy link

Soak Test Results

Baseline: a3a332f
Comparison: ce19b14
Total Vector CPUs: 4

Explanation

A soak test is an integrated performance test for vector in a repeatable rig, with varying configuration for vector. What follows is a statistical summary of a brief vector run for each configuration across SHAs given above. The goal of these tests are to determine, quickly, if vector performance is changed and to what degree by a pull request. Where appropriate units are scaled per-core.

The table below, if present, lists those experiments that have experienced a statistically significant change in their throughput performance between baseline and comparision SHAs, with 90.0% confidence OR have been detected as newly erratic. Negative values mean that baseline is faster, positive comparison. Results that do not exhibit more than a ±8.87% change in mean throughput are discarded. An experiment is erratic if its coefficient of variation is greater than 0.3. The abbreviated table will be omitted if no interesting changes are observed.

No interesting changes in throughput with confidence ≥ 90.00% and absolute Δ mean >= ±8.87%:

Fine details of change detection per experiment.
experiment Δ mean Δ mean % confidence baseline mean baseline stdev baseline stderr baseline outlier % baseline CoV comparison mean comparison stdev comparison stderr comparison outlier % comparison CoV erratic declared erratic
socket_to_socket_blackhole 471.87KiB 3.56 100.00% 12.95MiB 484.3KiB 9.89KiB 0 0.0365065 13.41MiB 283.75KiB 5.79KiB 0 0.0206544 False False
datadog_agent_remap_blackhole_acks 1.23MiB 2.04 100.00% 60.14MiB 6.08MiB 126.6KiB 0 0.101109 61.37MiB 5.03MiB 105.36KiB 0 0.0819838 False False
syslog_log2metric_humio_metrics 91.42KiB 0.67 100.00% 13.26MiB 365.98KiB 7.47KiB 0 0.0269448 13.35MiB 521.46KiB 10.62KiB 0 0.0381348 False False
datadog_agent_remap_blackhole 337.79KiB 0.53 99.40% 62.25MiB 4.54MiB 94.64KiB 0 0.0729746 62.58MiB 3.76MiB 78.42KiB 0 0.060073 False False
splunk_hec_route_s3 98.27KiB 0.5 86.20% 19.18MiB 2.32MiB 48.21KiB 0 0.120753 19.27MiB 2.17MiB 45.43KiB 0 0.112758 False False
syslog_regex_logs2metric_ddmetrics 27.87KiB 0.21 76.12% 12.81MiB 859.44KiB 17.5KiB 0 0.0655301 12.83MiB 781.02KiB 15.92KiB 0 0.0594239 False False
splunk_hec_indexer_ack_blackhole 30.0KiB 0.12 75.91% 23.73MiB 946.79KiB 19.25KiB 0 0.0389492 23.76MiB 827.96KiB 16.85KiB 0 0.0340184 False False
splunk_hec_to_splunk_hec_logs_acks 10.46KiB 0.04 35.84% 23.76MiB 802.29KiB 16.33KiB 0 0.0329645 23.77MiB 758.26KiB 15.44KiB 0 0.031142 False False
splunk_hec_to_splunk_hec_logs_noack 4.92KiB 0.02 36.51% 23.83MiB 384.68KiB 7.85KiB 0 0.0157598 23.84MiB 330.35KiB 6.74KiB 0 0.0135311 False False
syslog_splunk_hec_logs -3.51KiB -0.02 13.08% 16.92MiB 811.9KiB 16.51KiB 0 0.0468531 16.92MiB 662.38KiB 13.51KiB 0 0.0382323 False False
enterprise_http_to_http -3.82KiB -0.02 39.38% 23.85MiB 255.77KiB 5.22KiB 0 0.0104722 23.84MiB 256.79KiB 5.26KiB 0 0.0105153 False False
syslog_log2metric_splunk_hec_metrics -7.28KiB -0.04 21.94% 18.74MiB 830.79KiB 16.93KiB 0 0.0432922 18.73MiB 977.85KiB 19.91KiB 0 0.0509749 False False
http_to_http_json -25.07KiB -0.1 95.55% 23.84MiB 356.0KiB 7.27KiB 0 0.0145781 23.82MiB 496.15KiB 10.14KiB 0 0.0203383 False False
syslog_humio_logs -24.24KiB -0.14 88.32% 17.51MiB 537.49KiB 10.97KiB 0 0.0299651 17.49MiB 531.3KiB 10.88KiB 0 0.0296605 False False
file_to_blackhole -139.13KiB -0.14 74.19% 95.33MiB 3.29MiB 68.21KiB 0 0.034534 95.2MiB 4.93MiB 102.37KiB 0 0.0517661 False False
http_to_http_noack -97.43KiB -0.4 99.99% 23.83MiB 392.34KiB 8.03KiB 0 0.0160714 23.74MiB 1.11MiB 23.04KiB 0 0.0465513 False False
fluent_elasticsearch -400.89KiB -0.49 100.00% 79.47MiB 53.57KiB 1.08KiB 0 0.000658102 79.08MiB 3.94MiB 80.97KiB 0 0.0498515 False False
http_to_http_acks -147.91KiB -0.79 47.08% 18.19MiB 8.11MiB 169.62KiB 0 0.445914 18.04MiB 7.8MiB 162.73KiB 0 0.43214 True True
http_text_to_http_json -529.87KiB -1.32 100.00% 39.11MiB 766.24KiB 15.64KiB 0 0.0191266 38.6MiB 823.89KiB 16.82KiB 0 0.0208412 False False
http_pipelines_blackhole_acks -18.64KiB -1.57 100.00% 1.16MiB 103.18KiB 2.1KiB 0 0.0869933 1.14MiB 86.42KiB 1.76KiB 0 0.0740303 False False
http_pipelines_no_grok_blackhole -187.12KiB -1.65 100.00% 11.1MiB 236.2KiB 4.82KiB 0 0.0207745 10.92MiB 1.08MiB 22.4KiB 0 0.0985134 False False
http_pipelines_blackhole -43.7KiB -2.69 100.00% 1.59MiB 62.77KiB 1.28KiB 0 0.0386606 1.54MiB 102.74KiB 2.1KiB 0 0.0650282 False False
syslog_loki -683.74KiB -4.45 100.00% 15.0MiB 417.36KiB 8.54KiB 0 0.0271649 14.33MiB 714.23KiB 14.52KiB 0 0.0486531 False False
datadog_agent_remap_datadog_logs_acks -3.39MiB -5.27 100.00% 64.34MiB 3.09MiB 64.51KiB 0 0.0479405 60.95MiB 4.73MiB 98.53KiB 0 0.0776441 False False
datadog_agent_remap_datadog_logs -3.64MiB -5.68 100.00% 63.98MiB 633.05KiB 12.96KiB 0 0.00966098 60.34MiB 4.28MiB 89.05KiB 0 0.0708414 False False

@StephenWakely
Add compression:enabled to docs.
f375630 
Signed-off-by: Stephen Wakely <[email protected]>
@StephenWakely
cue fmt
f61889f 
Signed-off-by: Stephen Wakely <[email protected]>
pablosichert
pablosichert approved these changes Jul 22, 2022
View reviewed changes
Copy link
Contributor

@pablosichert pablosichert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, nice work!

One last suggestion that I'd like to go in:

src/sinks/gcp/chronicle_unstructured.rs Outdated Show resolved Hide resolved
@github-actions
Copy link

Soak Test Results

Baseline: f9023e2
Comparison: f61889f
Total Vector CPUs: 4

Explanation

A soak test is an integrated performance test for vector in a repeatable rig, with varying configuration for vector. What follows is a statistical summary of a brief vector run for each configuration across SHAs given above. The goal of these tests are to determine, quickly, if vector performance is changed and to what degree by a pull request. Where appropriate units are scaled per-core.

The table below, if present, lists those experiments that have experienced a statistically significant change in their throughput performance between baseline and comparision SHAs, with 90.0% confidence OR have been detected as newly erratic. Negative values mean that baseline is faster, positive comparison. Results that do not exhibit more than a ±8.87% change in mean throughput are discarded. An experiment is erratic if its coefficient of variation is greater than 0.3. The abbreviated table will be omitted if no interesting changes are observed.

No interesting changes in throughput with confidence ≥ 90.00% and absolute Δ mean >= ±8.87%:

Fine details of change detection per experiment.
experiment Δ mean Δ mean % confidence baseline mean baseline stdev baseline stderr baseline outlier % baseline CoV comparison mean comparison stdev comparison stderr comparison outlier % comparison CoV erratic declared erratic
http_to_http_acks 580.01KiB 3.14 99.11% 18.03MiB 7.69MiB 160.85KiB 0 0.426573 18.59MiB 7.31MiB 152.55KiB 0 0.393073 True True
splunk_hec_route_s3 159.76KiB 0.81 98.71% 19.29MiB 2.24MiB 46.6KiB 0 0.116059 19.44MiB 2.11MiB 44.21KiB 0 0.108673 False False
datadog_agent_remap_blackhole_acks 492.31KiB 0.74 100.00% 65.14MiB 4.07MiB 84.91KiB 0 0.0625387 65.62MiB 3.0MiB 62.74KiB 0 0.04572 False False
syslog_log2metric_humio_metrics 64.99KiB 0.48 100.00% 13.32MiB 383.74KiB 7.83KiB 0 0.0281378 13.38MiB 487.07KiB 9.92KiB 0 0.0355444 False False
datadog_agent_remap_blackhole 144.29KiB 0.22 79.03% 64.1MiB 4.55MiB 94.8KiB 0 0.0710403 64.24MiB 3.12MiB 65.12KiB 0 0.0485809 False False
splunk_hec_to_splunk_hec_logs_noack 11.85KiB 0.05 71.46% 23.83MiB 431.63KiB 8.81KiB 0 0.0176878 23.84MiB 330.0KiB 6.74KiB 0 0.0135167 False False
splunk_hec_to_splunk_hec_logs_acks 5.71KiB 0.02 18.85% 23.75MiB 847.6KiB 17.24KiB 0 0.0348403 23.76MiB 817.38KiB 16.63KiB 0 0.0335901 False False
enterprise_http_to_http -1.53KiB -0.01 16.84% 23.85MiB 248.33KiB 5.07KiB 0 0.0101675 23.85MiB 251.21KiB 5.14KiB 0 0.0102859 False False
splunk_hec_indexer_ack_blackhole -4.88KiB -0.02 14.24% 23.75MiB 943.37KiB 19.19KiB 0 0.0387896 23.74MiB 945.9KiB 19.24KiB 0 0.0389014 False False
syslog_splunk_hec_logs -2.95KiB -0.02 12.43% 17.56MiB 758.0KiB 15.43KiB 0 0.0421351 17.56MiB 531.51KiB 10.85KiB 0 0.0295498 False False
file_to_blackhole -46.19KiB -0.05 30.30% 95.32MiB 3.88MiB 80.47KiB 0 0.0407142 95.28MiB 4.19MiB 87.18KiB 0 0.0439944 False False
syslog_humio_logs -10.35KiB -0.06 97.41% 17.72MiB 149.02KiB 3.04KiB 0 0.00821106 17.71MiB 171.39KiB 3.51KiB 0 0.00944932 False False
http_pipelines_blackhole_acks -689.51B -0.06 19.84% 1.16MiB 106.72KiB 2.17KiB 0 0.089967 1.16MiB 76.93KiB 1.57KiB 0 0.0648923 False False
http_to_http_json -35.39KiB -0.14 99.47% 23.85MiB 336.95KiB 6.88KiB 0 0.0137955 23.81MiB 522.04KiB 10.66KiB 0 0.0214042 False False
syslog_regex_logs2metric_ddmetrics -19.9KiB -0.15 69.54% 13.03MiB 694.72KiB 14.14KiB 0 0.052051 13.01MiB 650.42KiB 13.26KiB 0 0.0488049 False False
fluent_elasticsearch -220.46KiB -0.27 100.00% 79.47MiB 52.91KiB 1.07KiB 0 0.000650048 79.26MiB 1.93MiB 39.82KiB 0 0.0244051 False False
http_to_http_noack -86.64KiB -0.36 99.86% 23.82MiB 610.45KiB 12.48KiB 0 0.0250227 23.73MiB 1.15MiB 23.99KiB 0 0.0484821 False False
socket_to_socket_blackhole -54.19KiB -0.39 100.00% 13.52MiB 176.52KiB 3.6KiB 0 0.0127502 13.46MiB 171.07KiB 3.49KiB 0 0.0124047 False False
syslog_log2metric_splunk_hec_metrics -78.58KiB -0.4 99.99% 19.13MiB 513.92KiB 10.48KiB 0 0.0262266 19.06MiB 868.96KiB 17.69KiB 0 0.044524 False False
http_pipelines_blackhole -15.59KiB -0.93 100.00% 1.63MiB 18.82KiB 393.96B 0 0.0112684 1.62MiB 140.87KiB 2.87KiB 0 0.0851227 False False
http_text_to_http_json -461.92KiB -1.18 100.00% 38.35MiB 1.14MiB 23.76KiB 0 0.0296392 37.9MiB 1.14MiB 23.8KiB 0 0.030033 False False
datadog_agent_remap_datadog_logs_acks -2.29MiB -3.56 100.00% 64.36MiB 3.0MiB 62.64KiB 0 0.0465286 62.08MiB 4.41MiB 91.89KiB 0 0.0710977 False False
datadog_agent_remap_datadog_logs -2.37MiB -3.66 100.00% 64.64MiB 1.09MiB 22.85KiB 0 0.0168609 62.27MiB 4.08MiB 85.03KiB 0 0.0655464 False False
http_pipelines_no_grok_blackhole -653.01KiB -5.78 100.00% 11.03MiB 738.73KiB 15.09KiB 0 0.0653975 10.39MiB 1.41MiB 29.45KiB 0 0.13613 False False
syslog_loki -917.57KiB -6.06 100.00% 14.78MiB 774.85KiB 15.85KiB 0 0.0511815 13.89MiB 1.22MiB 25.41KiB 0 0.0878935 False False

@StephenWakely StephenWakely enabled auto-merge (squash) July 22, 2022 13:59
@StephenWakely StephenWakely merged commit 0bac4c4 into master Jul 22, 2022
@StephenWakely StephenWakely deleted the stephen/chronicle_sink branch July 22, 2022 14:49
@github-actions
Copy link

Soak Test Results

Baseline: f9023e2
Comparison: 5e58b30
Total Vector CPUs: 4

Explanation

A soak test is an integrated performance test for vector in a repeatable rig, with varying configuration for vector. What follows is a statistical summary of a brief vector run for each configuration across SHAs given above. The goal of these tests are to determine, quickly, if vector performance is changed and to what degree by a pull request. Where appropriate units are scaled per-core.

The table below, if present, lists those experiments that have experienced a statistically significant change in their throughput performance between baseline and comparision SHAs, with 90.0% confidence OR have been detected as newly erratic. Negative values mean that baseline is faster, positive comparison. Results that do not exhibit more than a ±8.87% change in mean throughput are discarded. An experiment is erratic if its coefficient of variation is greater than 0.3. The abbreviated table will be omitted if no interesting changes are observed.

No interesting changes in throughput with confidence ≥ 90.00% and absolute Δ mean >= ±8.87%:

Fine details of change detection per experiment.
experiment Δ mean Δ mean % confidence baseline mean baseline stdev baseline stderr baseline outlier % baseline CoV comparison mean comparison stdev comparison stderr comparison outlier % comparison CoV erratic declared erratic
datadog_agent_remap_blackhole_acks 1.51MiB 2.37 100.00% 63.87MiB 4.26MiB 88.71KiB 0 0.0666571 65.38MiB 2.77MiB 58.03KiB 0 0.0423832 False False
http_pipelines_blackhole 27.8KiB 1.72 100.00% 1.58MiB 109.36KiB 2.24KiB 0 0.0677488 1.6MiB 136.78KiB 2.79KiB 0 0.0833005 False False
http_to_http_acks 241.95KiB 1.3 70.76% 18.11MiB 7.58MiB 158.54KiB 0 0.418584 18.35MiB 7.97MiB 166.31KiB 0 0.43415 True True
syslog_log2metric_humio_metrics 156.11KiB 1.16 100.00% 13.16MiB 359.95KiB 7.35KiB 0 0.0267023 13.31MiB 547.92KiB 11.15KiB 0 0.0401807 False False
splunk_hec_route_s3 161.42KiB 0.82 98.76% 19.17MiB 2.25MiB 46.94KiB 0 0.117581 19.33MiB 2.12MiB 44.3KiB 0 0.109558 False False
syslog_regex_logs2metric_ddmetrics 93.21KiB 0.7 100.00% 13.09MiB 667.08KiB 13.59KiB 0 0.0497698 13.18MiB 604.95KiB 12.34KiB 0 0.0448223 False False
datadog_agent_remap_blackhole 419.27KiB 0.66 99.99% 62.09MiB 4.05MiB 84.4KiB 0 0.0652117 62.5MiB 3.26MiB 68.0KiB 0 0.0521466 False False
syslog_humio_logs 88.84KiB 0.5 100.00% 17.52MiB 304.79KiB 6.22KiB 0 0.016988 17.6MiB 335.65KiB 6.87KiB 0 0.0186158 False False
http_pipelines_blackhole_acks 5.45KiB 0.45 97.84% 1.18MiB 105.52KiB 2.15KiB 0 0.0873971 1.18MiB 49.42KiB 1.01KiB 0 0.0407529 False False
socket_to_socket_blackhole 44.59KiB 0.32 100.00% 13.67MiB 133.57KiB 2.73KiB 0 0.00954015 13.71MiB 114.81KiB 2.34KiB 0 0.00817443 False False
syslog_log2metric_splunk_hec_metrics 33.85KiB 0.17 90.76% 19.12MiB 600.83KiB 12.25KiB 0 0.0306771 19.16MiB 782.84KiB 15.94KiB 0 0.039901 False False
syslog_splunk_hec_logs 27.52KiB 0.16 70.72% 17.02MiB 927.53KiB 18.87KiB 0 0.0531927 17.05MiB 888.47KiB 18.1KiB 0 0.0508725 False False
splunk_hec_indexer_ack_blackhole 17.38KiB 0.07 52.28% 23.75MiB 879.8KiB 17.9KiB 0 0.0361644 23.77MiB 817.92KiB 16.65KiB 0 0.033597 False False
splunk_hec_to_splunk_hec_logs_acks 13.46KiB 0.06 43.56% 23.75MiB 837.73KiB 17.04KiB 0 0.0344346 23.77MiB 784.75KiB 15.97KiB 0 0.032239 False False
splunk_hec_to_splunk_hec_logs_noack 9.67KiB 0.04 61.76% 23.83MiB 430.14KiB 8.78KiB 0 0.0176258 23.84MiB 330.25KiB 6.74KiB 0 0.0135272 False False
file_to_blackhole -47.33KiB -0.05 36.66% 95.34MiB 3.31MiB 68.52KiB 0 0.0346596 95.29MiB 3.45MiB 71.79KiB 0 0.0362133 False False
enterprise_http_to_http -12.98KiB -0.05 81.10% 23.85MiB 251.75KiB 5.14KiB 0 0.010307 23.84MiB 412.89KiB 8.44KiB 0 0.0169135 False False
http_to_http_json -38.36KiB -0.16 99.60% 23.84MiB 353.98KiB 7.23KiB 0 0.0144952 23.81MiB 547.46KiB 11.18KiB 0 0.0224533 False False
fluent_elasticsearch -207.65KiB -0.26 100.00% 79.47MiB 54.65KiB 1.11KiB 0 0.000671425 79.27MiB 1.83MiB 37.69KiB 0 0.0230963 False False
http_to_http_noack -67.9KiB -0.28 99.94% 23.84MiB 248.12KiB 5.07KiB 0 0.0101598 23.78MiB 935.96KiB 19.07KiB 0 0.0384314 False False
http_text_to_http_json -487.9KiB -1.22 100.00% 39.12MiB 760.93KiB 15.53KiB 0 0.018992 38.64MiB 800.38KiB 16.34KiB 0 0.0202231 False False
http_pipelines_no_grok_blackhole -158.89KiB -1.39 100.00% 11.17MiB 187.01KiB 3.82KiB 0 0.0163392 11.02MiB 1.08MiB 22.45KiB 0 0.09782 False False
datadog_agent_remap_datadog_logs -1.93MiB -3.02 100.00% 64.05MiB 1.16MiB 24.34KiB 0 0.0181258 62.12MiB 4.07MiB 84.86KiB 0 0.0655697 False False
syslog_loki -598.61KiB -3.86 100.00% 15.13MiB 335.32KiB 6.86KiB 0 0.0216368 14.55MiB 725.2KiB 14.74KiB 0 0.0486753 False False
datadog_agent_remap_datadog_logs_acks -3.93MiB -6.16 100.00% 63.81MiB 2.36MiB 49.48KiB 0 0.037014 59.88MiB 5.3MiB 110.27KiB 0 0.0884523 False False

@jszwedko jszwedko mentioned this pull request Feb 8, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neuronull neuronull neuronull approved these changes

@spencergilbert spencergilbert spencergilbert approved these changes

@pablosichert pablosichert pablosichert approved these changes

@bruceg bruceg Awaiting requested review from bruceg

@jszwedko jszwedko Awaiting requested review from jszwedko

Assignees
No one assigned
Labels
domain: ci Anything related to Vector's CI environment domain: external docs Anything related to Vector's external, public documentation domain: sinks Anything related to the Vector's sinks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@StephenWakely @pablosichert @neuronull @spencergilbert