Skip to main content
Healthcare

Information Processing in Cisco Observability Platform

Shopping

Course of Huge Quantities of MELT Information

Cisco Observability Platform s designed to ingest and course of huge quantities of MELT (Metrics, Occasions, Logs and Traces) knowledge. It’s constructed on high of open requirements like OpenTelemetry to make sure interoperability.

What units it aside is its provision of extensions, empowering our companions and prospects to tailor each side of its performance to their distinctive wants. Our focus as we speak is unveiling the intricacies of customizations particularly tailor-made for knowledge processing. It’s anticipated that you’ve got an understanding of the platform fundamentals, like Versatile Metadata Mannequin (FMM) and resolution growth. Let’s dive in!

The info processing pipeline has numerous levels that result in knowledge storage. As MELT knowledge strikes by means of the pipeline, it’s processed, reworked, and enriched, and ultimately lands within the knowledge retailer the place it may be queried with Unified Question Language (UQL):

Data observability

Every stage marked with a gear icon permits customization of particular logic. Moreover, the platform permits the creation of solely customized post-processing logic when knowledge can now not be altered.

To streamline customization whereas sustaining flexibility, we’re embracing a brand new method: workflows, faucets, and plugins, using the CNCF Serverless Workflow specification with JSONata because the default expression language. Since Serverless Workflows are designed utilizing open requirements, we’re extensively using CloudEvents and OpenAPI specs. By leveraging these open requirements, we guarantee compatibility and ease of growth.

Information processing levels that permit knowledge mutation are referred to as faucets, and their customizations plugins. Every faucet declares an enter and output JSON schema for its plugins. Plugins are anticipated to provide an output that adheres to the faucet’s output schema. A faucet is accountable for merging outputs from all its plugins and producing a brand new occasion, which is a modified model of an authentic occasion. Faucets can solely be authored by the platform, whereas plugins could be created by any resolution in addition to common customers of the platform.

Workflows are meant for post-processing and thus can solely subscribe to triggers (see beneath). Workflow use instances vary from easy occasion counting to classy machine studying mannequin inferences. Anybody can creator workflows.

This abstraction permits builders to purpose when it comes to a single occasion, with out exposing the complexity of the underlying stream processing, and use acquainted effectively documented requirements, each of which decrease the barrier of entry.

Every knowledge processing stage communicates with different levels through occasions, which permits us to decouple shoppers and producers and seamlessly rearrange the levels ought to the necessity come up.
Every occasion has an related class, which determines whether or not a selected stage can subscribe to or publish that occasion. There are two public classes for data-related occasions:

  • knowledge:remark – a class of occasions with publish-only permissions which could be considered side-effects of processing the unique occasion, for instance, an entity derived from useful resource attributes in OpenTelemetry metric packet. Observations are indicated with upward ‘publish’ arrows within the above diagram. Faucets, workflows and plugins can all produce observations. Observations can solely be subscribed to by particular faucets.
  • knowledge:set off – subscribe-only occasions which might be emitted after all of the mutations have accomplished. Triggers are indicated with a lightning ‘set off’ icon within the above diagram. Solely workflows (post-processing logic) can subscribe to triggers, and solely particular faucets can publish them.

There are 5 remark occasion sorts within the platform:

  • entity.noticed – FMM entity was found whereas processing some knowledge. It may be a brand new entity or an replace to an present entity. Every replace from the identical supply totally replaces the earlier one.
  • affiliation.noticed – FMM affiliation was found whereas processing some knowledge. Relying on the cardinality of the affiliation the replace logic differs
  • extension.noticed – FMM extension attributes had been found whereas processing some knowledge. A goal entity should exist already.
  • measurement.acquired – a measurement occasion which contributes to a selected FMM metric. These measurements might be aggregated right into a metric in Metric aggregation faucet. Aggregation logic depends upon the metric’s content material kind.
  • occasion.acquired – raises a brand new FMM occasion. This occasion can even be processed by the Occasion processing faucet, similar to externally ingested occasions.

There are 3 set off occasion sorts within the platform, one for every knowledge form: metric.enriched, occasion.enriched, hint.encriched. All three occasions are emitted from the ultimate ‘Tag enrichment’ faucet.

Every occasion is registered in a platform’s data retailer, in order that they’re simply discoverable. To checklist all accessible occasions, merely use fsoc to question them, i.e., to get all triggers:

fsoc data get --type=contracts:cloudevent --filter="knowledge.class eq 'knowledge:set off'" --layer-type=TENANT

Word that every one occasion sorts are versioned to permit for evolution and are certified with platform resolution identifier for isolation. For instance, a completely certified id of measurement.acquired occasion is platform:measurement.acquired.v1

Let’s illustrate the above ideas with a simple instance. Think about a workflow designed to rely well being rule violations for Kubernetes workloads and APM companies. The logic of the workflow could be damaged down into a number of steps:

  1. Subscribe to the set off occasion
  2. Validate occasion kind and entity relevance
  3. Publish a measurement occasion counting violations whereas retaining severity

Improvement Instruments

Builders can make the most of numerous instruments to assist in workflow growth, comparable to web-based editors or IDEs.

It’s essential to make sure expressions and logic are legitimate by means of unit assessments and validation in opposition to outlined schemas.

To help in that, you may write unit assessments by using said, see an instance for this workflow.
On-line JSONata editor will also be a useful device in writing your expressions.

A weblog on workflow testing is coming quickly!

Step by Step Information

Create the workflow DSL

Present a novel identifier and a reputation in your workflow:

id: violations-counter
model: '1.0.0'
specVersion: '0.8'
title: Violations Counter

Discover the set off occasion

Let’s question our set off utilizing fsoc:

fsoc data get --type=contracts:cloudevent --object-id=platform:occasion.enriched.v1 --layer-type=TENANT

Output:

kind: occasion.enriched.v1
description: Signifies that an occasion was enriched with topology tags
dataschema: contracts:jsonSchema/platform:occasion.v1
class: knowledge:set off
extensions:
  - contracts:cloudeventExtension/platform:entitytypes
  - contracts:cloudeventExtension/platform:supply

Subscribe to the occasion

To subscribe to this occasion, that you must add an occasion definition and occasion state referencing this definition (word a nature of the reference to the occasion – it should be certified with its data kind):

occasions:
  - title: EventReceived
    kind: contracts:cloudevent/platform:occasion.enriched.v1
    form: consumed
    dataOnly: false
    supply: platform
states:
  - title: event-received
    kind: occasion
    onEvents:
      - eventRefs:
          - EventReceived

Examine the occasion

Because the knowledge in workflows is acquired in JSON format, occasion knowledge is described in JSON schema.

Let’s have a look at the JSON schema of this occasion (referenced in dataschema), so you realize what to anticipate in our workflow:

fsoc data get --type=contracts:jsonSchema --object-id=platform:occasion.v1 --layer-type=TENANT

Consequence:
$schema: http://json-schema.org/draft-07/schema#
title: Occasion
$id: occasion.v1
kind: object
required:
  - entities
  - kind
  - timestamp
properties:
  entities:
    kind: array
    minItems: 1
    objects:
      $ref: '#/definitions/EntityReference'
  kind:
    $ref: '#/definitions/TypeReference'
  timestamp:
    kind: integer
    description: The timestamp in milliseconds
  spanId:
    kind: string
    description: Span id
  traceId:
    kind: string
    description: Hint id
  uncooked:
    kind: string
    description: The uncooked physique of the occasion report
  attributes:
    $ref: '#/definitions/Attributes'
  tags:
    $ref: '#/definitions/Tags'
additionalProperties: false
definitions:
  Tags:
    kind: object
    propertyNames:
      minLength: 1
      maxLength: 256
    additionalProperties:
      kind: string
  Attributes:
    kind: object
    propertyNames:
      minLength: 1
      maxLength: 256
    additionalProperties:
      kind:
        - string
        - quantity
        - boolean
        - object
        - array
  EntityReference:
    kind: object
    required:
      - id
      - kind
    properties:
      id:
        kind: string
      kind:
        $ref: '#/definitions/TypeReference'
      additionalProperties: false
  TypeReference:
    kind: string
    description: A completely certified FMM kind reference
    instance: k8s:pod

It’s simple – a single occasion, with a number of entity references. Since dataOnly=false, the payload of the occasion might be enclosed within the knowledge discipline, and extension attributes can even be accessible to the workflow.
Since we all know the precise FMM occasion kind we’re all for, it’s also possible to question its definition to know the attributes that the workflow might be receiving and their semantics:

fsoc data get --type=fmm:occasion --filter="knowledge.title eq "healthrule.violation" and knowledge.namespace.title eq "alerting"" --layer-type=TENANT

Validate occasion relevance

You’ll want to make sure that the occasion you obtain is of the right FMM occasion kind, and that referenced entities are related. To do that, you may write an expression in JSONata after which use it in an motion situation:

features:
  - title: checkType
    kind: expression
    operation: |-
      knowledge.kind="alerting:healthrule.violation" and (
          'k8s:deployment' in knowledge.entities.kind or
          'k8s:statefulset' in knowledge.entities.kind or
          'k8s:daemonset' in knowledge.entities.kind or
          'k8s:cronjob' in knowledge.entities.kind or
          'k8s:managed_job' in knowledge.entities.kind or
          'apm:service' in knowledge.entities.kind
      )
 states:
  - title: event-received
    kind: occasion
    onEvents:
      - eventRefs:
          - EventReceived
        actions:
          - title: createMeasurement
            situation: ${ fn:checkType }

Create and publish an occasion

Let’s discover the measurement remark occasion that that you must publish:

fsoc data get --type=contracts:cloudevent --object-id=platform:measurement.acquired.v1 --layer-type=TENANT

Output:

kind: measurement.acquired.v1
description: Signifies that measurements had been acquired. Measurements are then aggregated right into a metric.
dataschema: contracts:jsonSchema/platform:measurement.v1
class: knowledge:remark
extensions:
  - contracts:cloudeventExtension/platform:supply

Now let’s have a look at the measurement schema so you understand how to provide a measurement occasion:

fsoc data get --type=contracts:jsonSchema --object-id=platform:measurement.v1 --layer-type=TENANT

Output:

$schema: http://json-schema.org/draft-07/schema#
title: Measurements for a selected metric
$id: measurement.v1
kind: object
required:
  - entity
  - kind
  - measurements
properties:
  entity:
    $ref: '#/definitions/EntityReference'
  kind:
    $ref: '#/definitions/TypeReference'
  attributes:
    $ref: '#/definitions/Attributes'
  measurements:
    kind: array
    minItems: 1
    description: Measurement values with timestamp for use for metric computation
    objects:
      kind: object
      required:
        - timestamp
      oneOf:
        - required:
            - intValue
        - required:
            - doubleValue
      properties:
        timestamp:
          kind: integer
          description: The timestamp in milliseconds
        intValue:
          kind: integer
          description: Lengthy worth for use for metric computation.
        doubleValue:
          kind: quantity
          description: Double Measurement worth for use for metric computation.
      additionalProperties: false
additionalProperties: false
definitions:
  Attributes:
    kind: object
    propertyNames:
      minLength: 1
      maxLength: 256
    additionalProperties:
      kind:
        - string
        - quantity
        - boolean
  EntityReference:
    kind: object
    required:
      - id
      - kind
    properties:
      id:
        kind: string
      kind:
        $ref: '#/definitions/TypeReference'
      additionalProperties: false
  TypeReference:
    kind: string
    description: A completely certified FMM kind title
    instance: k8s:pod

Create a measurement

Let’s create one other expression that takes the enter occasion and generates a measurement as per the above schema, and use it in an motion within the occasion state:

features:
  ...
  - title: createMeasurement
    kind: expression
    operation: |-
      {
          'entity': knowledge.entities[0],
          'kind': 'sampleworkflow:healthrule.violation.rely',
          'attributes': {
              'violation_severity': knowledge.attributes.violation_severity
          },
          'measurements': [
              {
                  'timestamp': data.timestamp,
                  'intValue': 
$exists(data.attributes.'event_details.condition_details.violation_count')? data.attributes.'event_details.condition_details.violation_count': 1
              }
          ]
      }
states:
  - title: event-received
    kind: occasion
    onEvents:
      - eventRefs:
          - EventReceived
        actions:
          - title: createMeasurement
            situation: '${ fn:checkType }'
            functionRef: createMeasurement
            actionDataFilter:
              toStateData: '${ measurement }'

Right here we’re preserving the violation_severity attribute from the unique occasion and associating the measurement with the identical entity.

The state execution will lead to a measurement discipline created by createMeasurement motion, however provided that the occasion was attention-grabbing based mostly on the situation.

Word that since we’re utilizing a brand new FMM metric kind – sampleworkflow:healthrule.violation.rely – we have to register it through the extension on the goal entity sorts. See full resolution linked beneath for particulars.

Publish an occasion

The following step is to verify if the measurement was certainly created, and produce an occasion if it was. To try this, we are going to use a swap state:

states:
  - title: event-received
    kind: occasion
    onEvents:
      - eventRefs:
          - EventReceived
        actions:
          - title: createMeasurement
            situation: ${ fn:checkType }
            functionRef:
              refName: createMeasurement
            actionDataFilter:
              toStateData: ${ measurement }
    transition: check-measurement
  - title: check-measurement
    kind: swap
    dataConditions:
      - situation: ${ measurement != null }
        finish:
          terminate: true
          produceEvents:
            - eventRef: CreateMeasurement
              knowledge: ${ measurement }
    defaultCondition:
      finish: true

That’s it! You possibly can package deal your workflow in an answer, push your resolution, subscribe to it, and examine the metrics by navigating to the metric explorer at https://<your tenant>.observe.appdynamics.com/discover/cco/metric-explorer 

An instance graph sliced by violation_severity

Data observability

In conclusion, the extensibility of the Cisco Observability Platform empowers builders to tailor knowledge processing to their particular necessities effectively. Whether or not it’s customizing processing logic or implementing complicated workflows, the platform gives the required instruments and suppleness.

Able to be taught extra? Go to examples repo to discover additional and begin customizing your knowledge processing workflows as we speak.

Share:


Supply hyperlink

Hector Antonio Guzman German

Dr. Hector A. Guzman

Graduado de Doctor en medicina en la universidad Autónoma de Santo Domingo en el año 2004. Luego emigró a la República Federal de Alemania, dónde se ha formado en medicina interna, cardiologia, Emergenciologia, medicina de buceo y cuidados intensivos.

Recommended For You

A Startup’s Flexibility With ADC Most cancers Medication Attracts €128M for Medical Trials Healthcare

A Startup’s Flexibility With ADC Most cancers Medication Attracts €128M for Medical Trials

Hector Antonio Guzman German
Dr. Hector A. GuzmanMarch 15, 2024
Reflections from the Deputy Director of the HHS Workplace of Lengthy COVID Analysis and Observe Healthcare

Reflections from the Deputy Director of the HHS Workplace of Lengthy COVID Analysis and Observe

Hector Antonio Guzman German
Dr. Hector A. GuzmanMarch 15, 2024
How Lengthy Ought to a Species Keep on Life Assist? Healthcare

How Lengthy Ought to a Species Keep on Life Assist?

Hector Antonio Guzman German
Dr. Hector A. GuzmanMarch 15, 2024

Leave a Reply