Add Azure Event Hub and Log Analytics Operators

[jsirianni]

Description of Changes

This PR replaces #280. and #285.

• Added helper package operator/builtin/input/azure
• Added Azure Event Hub Input Operator operator/builtin/input/azure/eventhub
• Added Azure Log Analytics Input Operator operator/builtin/input/azure/loganalytics

Both operators rely heavily upon methods provided by the azure packages EventHub type, for connecting to Event Hub and streaming events.

Azure Event Hub Input Operator

This operator acts as a thin wrapper around azure.EventHub. It relies solely on azure.ParseEvent for event parsing. It makes no assumptions on the structure of the data, or which fields to expect. record.data will contain the event's message.

{
  "timestamp": "2021-04-27T18:34:15.524Z",
  "severity": 0,
  "record": {
    "data": "hello, world!",
    "id": "195766f2-662f-4dda-95fc-9d3a26450fbb",
    "system_properties": {
      "x-opt-enqueued-time": "2021-04-27T18:34:15.524Z",
      "x-opt-offset": 12917788488,
      "x-opt-sequence-number": 13997
    }
  }
}

Azure Log Analytics Input Operator

Azure Log Analytics can forward logs to Azure Event Hub. The event's data field contains batch log entries as serialized json. The raw message looks like this when coming though the Azure Event Hub Input Operator:

{
  "timestamp": "2021-04-26T18:09:02.531Z",
  "severity": 0,
  "record": {
    "data": "{\"records\": [{ \"Computer\": \"aks-agentpool-39365618-vmss000001\", \"ContainerID\": \"93f4537223ae81d1c39e12e684de25c65207549d1003d153356055a6137f82b0\", \"LogEntry\": \"[SpanData(name='Recv.grpc.health.v1.Health.Check', context=SpanContext(trace_id=5422791cd0f04c79823f21da4ed6a225, span_id=None, trace_options=TraceOptions(enabled=True), tracestate=None), span_id='f0225892b66f4bec', parent_span_id=None, attributes={'component': 'grpc'}, start_time='2021-04-26T18:08:46.110348Z', end_time='2021-04-26T18:08:46.110427Z', child_span_count=0, stack_trace=None, time_events=[<opencensus.trace.time_event.TimeEvent object at 0x7f5d9fe46550>, <opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc53e50>], links=[], status=None, same_process_as_parent_span=None, span_kind=1)]\", \"LogEntrySource\": \"stdout\", \"MG\": \"00000000-0000-0000-0000-000000000002\", \"SourceSystem\": \"Containers\", \"TenantId\": \"ae0db88b-40bb-40b7-b056-57980214436c\", \"TimeGenerated\": \"2021-04-26T18:08:46.1100000Z\", \"TimeOfCommand\": \"2021-04-26T18:08:59.0000000Z\", \"Type\": \"ContainerLog\", \"_Internal_WorkspaceResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourcegroups/bindplane-integration/providers/microsoft.operationalinsights/workspaces/bp-integration1\", \"_ResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourceGroups/devops/providers/Microsoft.ContainerService/managedClusters/log-analytics\"},{ \"Computer\": \"aks-agentpool-39365618-vmss000001\", \"ContainerID\": \"93f4537223ae81d1c39e12e684de25c65207549d1003d153356055a6137f82b0\", \"LogEntry\": \"[SpanData(name='Recv.grpc.health.v1.Health.Check', context=SpanContext(trace_id=85ffc46e7e2a4425ae911aecdca81908, span_id=None, trace_options=TraceOptions(enabled=True), tracestate=None), span_id='24c11702523f4ed6', parent_span_id=None, attributes={'component': 'grpc'}, start_time='2021-04-26T18:08:46.358194Z', end_time='2021-04-26T18:08:46.358268Z', child_span_count=0, stack_trace=None, time_events=[<opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc47c50>, <opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc50790>], links=[], status=None, same_process_as_parent_span=None, span_kind=1)]\", \"LogEntrySource\": \"stdout\", \"MG\": \"00000000-0000-0000-0000-000000000002\", \"SourceSystem\": \"Containers\", \"TenantId\": \"ae0db88b-40bb-40b7-b056-57980214436c\", \"TimeGenerated\": \"2021-04-26T18:08:46.3580000Z\", \"TimeOfCommand\": \"2021-04-26T18:08:59.0000000Z\", \"Type\": \"ContainerLog\", \"_Internal_WorkspaceResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourcegroups/bindplane-integration/providers/microsoft.operationalinsights/workspaces/bp-integration1\", \"_ResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourceGroups/devops/providers/Microsoft.ContainerService/managedClusters/log-analytics\"},{ \"Computer\": \"aks-agentpool-39365618-vmss000001\", \"ContainerID\": \"93f4537223ae81d1c39e12e684de25c65207549d1003d153356055a6137f82b0\", \"LogEntry\": \"[SpanData(name='Recv.grpc.health.v1.Health.Check', context=SpanContext(trace_id=d90501de1d574a39b7c61bd5c82a22fb, span_id=None, trace_options=TraceOptions(enabled=True), tracestate=None), span_id='2bba12b0bf9d4dc0', parent_span_id=None, attributes={'component': 'grpc'}, start_time='2021-04-26T18:08:51.128478Z', end_time='2021-04-26T18:08:51.128578Z', child_span_count=0, stack_trace=None, time_events=[<opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc50050>, <opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc503d0>], links=[], status=None, same_process_as_parent_span=None, span_kind=1)]\", \"LogEntrySource\": \"stdout\", \"MG\": \"00000000-0000-0000-0000-000000000002\", \"SourceSystem\": \"Containers\", \"TenantId\": \"ae0db88b-40bb-40b7-b056-57980214436c\", \"TimeGenerated\": \"2021-04-26T18:08:51.1280000Z\", \"TimeOfCommand\": \"2021-04-26T18:08:59.0000000Z\", \"Type\": \"ContainerLog\", \"_Internal_WorkspaceResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourcegroups/bindplane-integration/providers/microsoft.operationalinsights/workspaces/bp-integration1\", \"_ResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourceGroups/devops/providers/Microsoft.ContainerService/managedClusters/log-analytics\"},{ \"Computer\": \"aks-agentpool-39365618-vmss000001\", \"ContainerID\": \"93f4537223ae81d1c39e12e684de25c65207549d1003d153356055a6137f82b0\", \"LogEntry\": \"[SpanData(name='Recv.grpc.health.v1.Health.Check', context=SpanContext(trace_id=d0d1bb4aa26241e389fb8932d522595b, span_id=None, trace_options=TraceOptions(enabled=True), tracestate=None), span_id='e51b79b362574ab2', parent_span_id=None, attributes={'component': 'grpc'}, start_time='2021-04-26T18:08:51.360458Z', end_time='2021-04-26T18:08:51.360542Z', child_span_count=0, stack_trace=None, time_events=[<opencensus.trace.time_event.TimeEvent object at 0x7f5d9fe46690>, <opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc49dd0>], links=[], status=None, same_process_as_parent_span=None, span_kind=1)]\", \"LogEntrySource\": \"stdout\", \"MG\": \"00000000-0000-0000-0000-000000000002\", \"SourceSystem\": \"Containers\", \"TenantId\": \"ae0db88b-40bb-40b7-b056-57980214436c\", \"TimeGenerated\": \"2021-04-26T18:08:51.3600000Z\", \"TimeOfCommand\": \"2021-04-26T18:08:59.0000000Z\", \"Type\": \"ContainerLog\", \"_Internal_WorkspaceResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourcegroups/bindplane-integration/providers/microsoft.operationalinsights/workspaces/bp-integration1\", \"_ResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourceGroups/devops/providers/Microsoft.ContainerService/managedClusters/log-analytics\"},{ \"Computer\": \"aks-agentpool-39365618-vmss000001\", \"ContainerID\": \"93f4537223ae81d1c39e12e684de25c65207549d1003d153356055a6137f82b0\", \"LogEntry\": \"[SpanData(name='Recv.grpc.health.v1.Health.Check', context=SpanContext(trace_id=83d055d4436a4ddd976574008e77d009, span_id=None, trace_options=TraceOptions(enabled=True), tracestate=None), span_id='0657173a31394c89', parent_span_id=None, attributes={'component': 'grpc'}, start_time='2021-04-26T18:08:56.111434Z', end_time='2021-04-26T18:08:56.111513Z', child_span_count=0, stack_trace=None, time_events=[<opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc535d0>, <opencensus.trace.time_event.TimeEvent object at 0x7f5d9fe43e90>], links=[], status=None, same_process_as_parent_span=None, span_kind=1)]\", \"LogEntrySource\": \"stdout\", \"MG\": \"00000000-0000-0000-0000-000000000002\", \"SourceSystem\": \"Containers\", \"TenantId\": \"ae0db88b-40bb-40b7-b056-57980214436c\", \"TimeGenerated\": \"2021-04-26T18:08:56.1110000Z\", \"TimeOfCommand\": \"2021-04-26T18:08:59.0000000Z\", \"Type\": \"ContainerLog\", \"_Internal_WorkspaceResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourcegroups/bindplane-integration/providers/microsoft.operationalinsights/workspaces/bp-integration1\", \"_ResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourceGroups/devops/providers/Microsoft.ContainerService/managedClusters/log-analytics\"},{ \"Computer\": \"aks-agentpool-39365618-vmss000001\", \"ContainerID\": \"93f4537223ae81d1c39e12e684de25c65207549d1003d153356055a6137f82b0\", \"LogEntry\": \"[SpanData(name='Recv.grpc.health.v1.Health.Check', context=SpanContext(trace_id=03d699a233924d1892e915af9f564e03, span_id=None, trace_options=TraceOptions(enabled=True), tracestate=None), span_id='ca56064504344297', parent_span_id=None, attributes={'component': 'grpc'}, start_time='2021-04-26T18:08:56.358351Z', end_time='2021-04-26T18:08:56.358447Z', child_span_count=0, stack_trace=None, time_events=[<opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc53710>, <opencensus.trace.time_event.TimeEvent object at 0x7f5d9fc4d850>], links=[], status=None, same_process_as_parent_span=None, span_kind=1)]\", \"LogEntrySource\": \"stdout\", \"MG\": \"00000000-0000-0000-0000-000000000002\", \"SourceSystem\": \"Containers\", \"TenantId\": \"ae0db88b-40bb-40b7-b056-57980214436c\", \"TimeGenerated\": \"2021-04-26T18:08:56.3580000Z\", \"TimeOfCommand\": \"2021-04-26T18:08:59.0000000Z\", \"Type\": \"ContainerLog\", \"_Internal_WorkspaceResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourcegroups/bindplane-integration/providers/microsoft.operationalinsights/workspaces/bp-integration1\", \"_ResourceId\": \"/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourceGroups/devops/providers/Microsoft.ContainerService/managedClusters/log-analytics\"}]}",
    "system_properties": {
      "x-opt-enqueued-time": "2021-04-26T18:09:02.531Z",
      "x-opt-offset": 13446160,
      "x-opt-sequence-number": 1443
    }
  }
}

This operator builds on top of azure.EventHub by:

1. Utilizing azure.ParseEvent for initial event parsing
2. Setting the azure_log_analytics_type label from the Log Analytics type record field
3. Promoting the Log Analytics timegenerated record field as the entry's timestamp
4. Expecting the event's data field to contain json with a top level key Records
5. Splitting the event's data field into multiple entries

Parsed entries look like this. Note that all log analytics fields are nested under record.containerlog, where containerlog is the name of the Log Analytics table that the logs originated from:

{
  "timestamp": "2021-04-30T17:24:45.024Z",
  "severity": 0,
  "labels": {
    "azure_log_analytics_table": "containerlog"
  },
  "record": {
    "containerlog": {
      "_internal_workspaceresourceid": "/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourcegroups/bindplane-integration/providers/microsoft.operationalinsights/workspaces/bp-integration1",
      "_resourceid": "/subscriptions/09373b6b-bc8b-4093-925d-eb87334c7d56/resourceGroups/devops/providers/Microsoft.ContainerService/managedClusters/log-analytics",
      "computer": "aks-agentpool-39365618-vmss000001",
      "containerid": "597c8960fc6d7c3420515ef89f7aa6e9d180ceca05e7d98032e8f6ecc6d6a0ab",
      "logentry": "{\"http.req.id\":\"4e452a78-d51a-4a02-85a8-ddca29c572ec\",\"http.req.method\":\"GET\",\"http.req.path\":\"/_healthz\",\"http.resp.bytes\":2,\"http.resp.status\":200,\"http.resp.took_ms\":0,\"message\":\"request complete\",\"session\":\"x-readiness-probe\",\"severity\":\"debug\",\"timestamp\":\"2021-04-30T17:24:45.024421855Z\"}",
      "logentrysource": "stdout",
      "mg": "00000000-0000-0000-0000-000000000002",
      "sourcesystem": "Containers",
      "tenantid": "ae0db88b-40bb-40b7-b056-57980214436c",
      "timegenerated": "2021-04-30T17:24:45.0240000Z",
      "timeofcommand": "2021-04-30T17:24:59.0000000Z"
    },
    "system_properties": {
      "x-opt-enqueued-time": "2021-04-30T17:25:06.579Z",
      "x-opt-offset": 34371131600,
      "x-opt-sequence-number": 29331
    }
  }
}

Each entry derived from the event's batch retains shared records such as system_properties.

Please check that the PR fulfills these requirements

• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)
• Add a changelog entry (for non-trivial bug fixes / features)
• CI passes

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.4483209	+0.1034143	127.674835	+3.9461212
1	5000	5.1896853	-0.10346365	132.59402	-0.25012207
1	10000	10.483112	+0.17248726	139.67969	+0.8735199
1	50000	48.737736	-2.0216103	170.38295	-3.0921326
1	100000	100.191505	+1.9645767	247.0062	+7.1233826
10	100	2.0517457	+0.12069905	128.26953	-1.953125
10	500	6.4138584	+0.13795376	134.60008	-1.8424072
10	1000	11.6381645	-0.60336876	143.94437	+2.7700653
10	5000	56.15549	+0.27373123	184.36462	+0.5597992
10	10000	107.745926	+0.74962616	218.06708	+3.0707092

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.4827514	+0.1378448	124.360725	+0.6320114
1	5000	4.9656157	-0.32753325	133.0326	+0.18844604
1	10000	10.207089	-0.10353565	139.70447	+0.8983002
1	50000	49.000492	-1.7588539	172.5039	-0.97117615
1	100000	95.08475	-3.1421814	229.36423	-10.518585
10	100	2.034597	+0.103550315	128.48976	-1.7328949
10	500	6.068991	-0.20691347	137.44127	+0.9987793
10	1000	12.344731	+0.10319805	142.22629	+1.0519867
10	5000	54.88325	-0.99850845	182.29836	-1.5064697
10	10000	113.049904	+6.053604	224.50499	+9.508621

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.6379417	+0.24134779	126.65854	+2.5154877
1	5000	5.5173745	-0.37915754	134.48424	-0.6469574
1	10000	10.4659195	+0.03446293	138.34012	-0.48490906
1	50000	51.465885	+2.6783524	171.5652	+2.32341
1	100000	97.27608	-1.8293152	239.12056	-1.9043579
10	100	2.051764	-5.507469e-05	128.73209	+0.24501038
10	500	6.482996	+0.20711279	134.85574	-1.3060303
10	1000	12.431188	-0.3449793	141.05469	-0.35923767
10	5000	55.25962	+0.35824585	180.58769	+1.5308533
10	10000	108.23743	+1.7602768	230.66595	+15.057526

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.4138218	+0.017227888	127.13146	+2.988411
1	5000	5.103533	-0.79299927	133.67915	-1.4520416
1	10000	10.517733	+0.086276054	142.28354	+3.4585114
1	50000	48.239056	-0.5484772	171.6048	+2.3630066
1	100000	98.31567	-0.78972626	239.29877	-1.7261505
10	100	2.000174	-0.05164504	130.90126	+2.4141846
10	500	6.413968	+0.13808489	135.97346	-0.18830872
10	1000	12.189727	-0.5864401	145.72723	+4.3133087
10	5000	55.98306	+1.0816841	180.75404	+1.6972046
10	10000	108.47904	+2.001892	226.2985	+10.690063

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.3965684	-2.5510788e-05	125.611664	+1.4686127
1	5000	5.1553993	-0.74113274	133.32812	-1.8030701
1	10000	10.465468	+0.03401184	139.3455	+0.5204773
1	50000	50.328526	+1.5409927	172.47157	+3.229782
1	100000	98.87998	-0.22541046	239.92915	-1.0957642
10	100	1.9827949	-0.069024205	130.74191	+2.254837
10	500	6.189815	-0.08606815	136.8591	+0.69732666
10	1000	11.845206	-0.93096066	144.18103	+2.767105
10	5000	56.366158	+1.4647827	181.41595	+2.3591156
10	10000	104.76603	-1.7111206	210.08122	-5.5272064

[djaglowski]

This looks great. I suggested a few improvements, but nothing that is functionally important.

Of course we need to fix tests as well.

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.4827281	+0.086134195	126.34792	+2.2048721
1	5000	5.275961	-0.62057114	131.95326	-3.1779327
1	10000	10.413916	-0.017540932	141.94154	+3.116516
1	50000	50.725845	+1.9383125	174.71242	+5.470627
1	100000	98.121254	-0.9841385	233.11813	-7.906784
10	100	2.0345132	-0.017305851	128.98558	+0.49850464
10	500	6.0000277	-0.27585554	135.2209	-0.9408722
10	1000	12.086292	-0.68987465	142.37877	+0.96484375
10	5000	56.276802	+1.3754272	182.97926	+3.9224243
10	10000	110.27935	+3.8022003	213.7865	-1.8219299

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.4827851	+0.08619118	126.889275	+2.7462234
1	5000	5.2587624	-0.6377697	134.63672	-0.49447632
1	10000	10.82783	+0.39637375	139.05684	+0.23181152
1	50000	51.018253	+2.2307205	179.87392	+10.632126
1	100000	96.59399	-2.511406	233.86423	-7.1606903
10	100	1.9138525	-0.13796663	128.6747	+0.18762207
10	500	5.862255	-0.4136281	136.26671	+0.10493469
10	1000	12.103972	-0.6721945	142.57785	+1.1639252
10	5000	59.67514	+4.7737656	184.3661	+5.309265
10	10000	109.38388	+2.9067307	230.36665	+14.7582245

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.5172954	+0.12070143	127.07637	+2.933319
1	5000	5.2586327	-0.6378994	130.86046	-4.2707367
1	10000	10.465528	+0.03407097	140.8478	+2.022766
1	50000	49.07034	+0.2828064	171.40477	+2.1629791
1	100000	97.359314	-1.7460785	234.3882	-6.6367188
10	100	2.2414854	+0.18966627	128.82382	+0.33674622
10	500	6.1897864	-0.08609676	137.8707	+1.7089233
10	1000	11.879481	-0.8966856	143.8245	+2.4105682
10	5000	54.94894	+0.04756546	179.92632	+0.8694763
10	10000	106.941986	+0.46483612	221.31479	+5.70636

[codecov]

Codecov Report

Merging #287 (aac82bb) into master (830bb1f) will decrease coverage by 1.10%.
The diff coverage is 44.59%.

@@            Coverage Diff             @@
##           master     #287      +/-   ##
==========================================
- Coverage   71.72%   70.62%   -1.10%     
==========================================
  Files         104      112       +8     
  Lines        5725     5956     +231     
==========================================
+ Hits         4106     4206     +100     
- Misses       1181     1304     +123     
- Partials      438      446       +8     

Impacted Files	Coverage Δ
operator/builtin/input/azure/event_hub.go	0.00% <0.00%> (ø)
operator/builtin/input/azure/eventhub/parse.go	0.00% <0.00%> (ø)
operator/builtin/input/azure/event_hub_persist.go	13.33% <13.33%> (ø)
operator/builtin/input/azure/loganalytics/parse.go	31.94% <31.94%> (ø)
operator/builtin/input/azure/eventhub/event_hub.go	80.00% <80.00%> (ø)
.../builtin/input/azure/loganalytics/log_analytics.go	80.95% <80.95%> (ø)
operator/builtin/input/azure/event_hub_config.go	91.30% <91.30%> (ø)
operator/builtin/input/azure/event_hub_parse.go	92.31% <92.31%> (ø)
operator/builtin/output/otlp/otlp.go	62.96% <0.00%> (-2.47%)	⬇️
operator/builtin/output/newrelic/newrelic.go	71.03% <0.00%> (-0.93%)	⬇️
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 830bb1f...aac82bb. Read the comment docs.

[djaglowski]

Log Files	Logs / Second	CPU Avg (%)	CPU Avg Δ (%)	Memory Avg (MB)	Memory Avg Δ (MB)
1	1000	1.58625	+0.18965602	122.882675	-1.260376
1	5000	5.2242103	-0.6723218	134.31303	-0.818161
1	10000	10.207129	-0.22432804	139.63551	+0.81048584
1	50000	52.482674	+3.6951408	176.29405	+7.0522614
1	100000	97.87985	-1.2255402	239.38982	-1.6351013
10	100	2.0172675	-0.03455162	127.849945	-0.63713074
10	500	6.1725116	-0.10337162	135.45137	-0.71040344
10	1000	12.379338	-0.39682865	143.91743	+2.5035095
10	5000	56.501022	+1.5996475	183.8094	+4.7525635
10	10000	105.03696	-1.4401932	224.1933	+8.584869

[djaglowski]

LGTM