Application Performance Logging No Longer Works As It Did Before v.6.0 #9404
Labels
bug
use for describing something not working as expected
needs more info
Intel needed about the use case
Description
A client has been using the application performance logging to assist in identifying queries that have errors and to help identify when the elasticsearch shards require attention. An issue that has plagued the client now for a few years is when a single entity in the index has an array field that should be a list of values. What randomly occurs is that the array gets a duplicate of itself and the values. When this happens anything that touches that item fails to load in the platform.
It is an easy fix when you know the entity that is failing. The client was previously able to quickly determine this from the application performance logging.
Looking at the code in gitlab it looks like a change introduced in 6.1.0 was to not log this information anymore. The change was made in the opencti-graphql/src/graphql/loggerPlugin.js file. At the end of the 6.0 branch the logging data variable looked like this:
const callMetaData = {
user: origin,
type: operationType + (isCallError ? '_ERROR' : ''),
operation_query: stripIgnoredCharacters(context.request.query),
inner_relation_creation: innerRelationCount,
operation: op || 'Unspecified',
time: elapsed,
variables,
size,
};
as of the 6.1 branch it now looks like this:
const callMetaData = {
user: origin,
type: operationType + (isCallError ? '_ERROR' : ''),
inner_relation_creation: innerRelationCount,
operation: context.request.operationName ?? 'Unspecified',
time: elapsed,
size,
};
The operation_query has been removed from the log entries. The value in that field was the primary place to identify what was being queried so a client could run down the bad entry in elastic.
Environment
OpenCTI V.6.4.4
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
A client should be able to review the logs and identify detail about errors related to specific entities in Elastic.
Actual Output
As described above, the client no longer gets this level of detail and as a result, it is very difficult to identify which entity within Elastic is causing the error.
Additional information
Screenshots (optional)
The text was updated successfully, but these errors were encountered: