Skip to main content
Interania

Interana structured logs: Query usage

0votes
7updates
15views

You can use Interana structured logs to analyze Interana query usage and performance (ingest monitoring). This document is a reference for query usage structured logs, and is organized as follows: 

Global attributes: event types

The following table lists the attributes of all event types.

Attribute  Description  Example
event_name Name of the event create_named_expression, dashboard_chart_update, uploaded_by_customer, purifier_finished, activity_start, activity_end
event_type Type of event import, query, etc.
event_class Class in which the event belongs query, typeahead, background, import, interana_request,
sys_util, set_blob, progress_bar, add_counters, cancel_query,
precacher, cardinality_monitor, login,saml_sso, users,
config_action
process Managed process query-api-server, purifier, import-pipeline, etc.
hostname Name of the cluster interana1
__org__ Organization of the event creation Interana
username Username for the user who created the event event_creator@interana.com
severity Severity of the event INFO, WARNING, ERROR, EXCEPTION, FATAL
query_api_id Query ID number  1214833815374918
user_id User ID for the cluster 15
ip_address Cluster IP address 10.10.10.10
__name__ Username prefix example, admin
_t Time of the event in human readable time format Mon Jul 18 21:18:35 2017
__time__ Timestamp of the query in Unix Epoch (POSIX) time (milliseconds) 1468876731793

Named expression: create_named expression

The following table lists the attributes that are used when a named expression is created.

Attribute  Description  Example
filters Set of filters in the named expression   
pnp_id   0, 8, 1642
creator_uid UID for the creator of the event 15
start Start time in Unix epoch time (milliseconds) 1468271920000
end End time in Unix epoch time (milliseconds) 1468876720000
description Description of the named event This cohort calculates......
condition.qualifier For cohorts: translation of the choices 'exactly', 'at most', 'at least' >=, <=, =
condition.num For cohorts: number input of the qualifier measure 1, 500
entity_column Shard key used in the named expression userid
table_name Table where the shard key is located example_events
time_offset Offset time for the named expression 0

Query processing: processing_results

The following table lists the attributes used in query processing.

Attribute  Description  Example 
is_dashboard   false, true
dashboard_requestor   null, precacher, None
dashboard_requestor_id   null, dashboard-example-1, dashboard-newuser-0, dashboard-newsample-2
wait_and_run_time   0.08718085289001465
lifetime_started   723
priority   hipri, lowpri, low, high, 10, 0, 1
slots_needed   16

Run a query: drillstate 

When a query is run click GO or Enter the Explorer.

This event is NOT logged for queries using the Interana external API. You can use the "get_request_log" event with "endpoint" = "api_view" to count those queries.

The following table lists the attributes used when a query is run.

Attribute  Description  Example 
drillstate_agg_arg_types The measure used in the query. The prefix denotes the shard key, and the suffix denotes the aggregator. user_id.Has Authenticated with example_ADMIN
drillstate_hash Unique event identifier de03b1b45755f7unique75501d5537example
view View in Explorer time, table, number, bar, pie, hist
drillstate_group_by Group by's used (set) ["user_id.email"], ["properties.InputType","userId.traits.dg-user-type"]
drillstate_start Time frame start date/time, Unix epoch time 1468448486000
drillstate_end Time frame end date/time, Unix epoch time 1469053286778
drillstate_time_zone_offset Time zone offset, Unix epoch time 288000000
drillstate_do_not_sample Query was not sampled true
drillstate_filter_text Filters used ["(`user_id.email` != \"*null*\")"]
drillstate_filter_type Filter types text, null, None
drillstate_show_all_others Show all others used in queries false, true
token_key Token key used false, vVABPnKsAWxstcExample, BW4c2MYExamplewCExample, e5rMV41mRLAcin1R+Example
dashboard_dashboard_id Dashboard ID None, dashboard-example-1, dashboard-newsample-0

Select a typeahead: timed_request_top_values

The following table lists the attributes used when a typeahead is selected.

Attribute  Description  Example `
column Column selected in the typeahead user_id.email, event_type, feature, browser
event_class Event class used typeahead

Group chart: group_chart_log

The following table lists the attributes used for group charts.

 

Attribute  Description  Example 
is_dashboard    
line_number    
explanation   The full data set was examined, with only 0 matches. Cannot rule out sample bias, delta distribution. All 3 matches localized in one shard out of 6, with only 3 matches. Cannot rule out sample bias.
matches   [0,0,0,0,0,21], [0,0,3,0,0,0], [2744403,2662227]
token_key   false, vVABPnExampleKey9k0000
scale_confidence   0.111111, 0.888888, 0.991223, 1
dashboard_owner   admin, newuser, admin.lam
message_template   null
dashboard_count   None
shard_scale   1.0
dashboard_dashboard_id   null, dashboard-example-1, dashboard-newuser-0, dashboard-newsample-2
dashboard_version   None, 2.19-4f353e1, 2.18-97c9d16, 2.20-bef72dd
external_api   false, true
dashboard_requester   precacher, None
event_class   query
total_events_matched   1, 2, 35, 60953
  • Was this article helpful?