|
4 | 4 |
|
5 | 5 | ### Query trace data with Discover Traces |
6 | 6 |
|
7 | | -Built on the Discover interface and new in 3.3, Discover Traces provides a central interface for querying and exploring traces across large distributed systems. Traces includes a click-to-filter interface, allowing construction of complex PPL queries without having to write them. When a trace requires deeper investigation, a new trace details page reveals individual trace journeys, displaying complete metadata, attributes, and execution context for that specific operation. To activate this functionality, please refer to the step-by-step guide here. |
| 7 | +Built on the Discover interface and new in 3.3, Discover Traces provides a centralized interface for querying and exploring traces across large distributed systems. It includes a click-to-filter interface, allowing construction of complex PPL queries without having to write them manually. When a trace requires deeper investigation, a new trace details page reveals individual trace journeys, displaying complete metadata, attributes, and execution context for that specific operation. To activate this functionality, please refer to the step-by-step guide below. |
| 8 | + |
| 9 | + |
8 | 10 |
|
9 | 11 | ### Explore interactive node-based visualizations with React Flow |
10 | 12 |
|
11 | | -3.3 adds the React Flow library to OpenSearch Dashboards core as an experimental feature, providing a standardized framework for interactive node-based visualizations. This integration eliminates version conflicts that occurred when individual plugins bundled copies of the library, providing a consistent user experience. The library is currently being used with the Discover: Traces feature to render service maps that visualize trace spans and service dependencies. Unlike traditional charting libraries, React Flow specializes in workflow and network diagrams, offering drag-and-drop interactions, custom node components, and efficient rendering of thousands of nodes while maintaining accessibility compliance. To activate this functionality, please refer to the step-by-step guide here. |
| 13 | +3.3 adds the React Flow library to OpenSearch Dashboards core as an experimental feature, providing a standardized framework for interactive node-based visualizations. This integration eliminates version conflicts that occurred when individual plugins bundled copies of the library, providing a consistent user experience. The library is currently being used with the Discover: Traces feature to render service maps that visualize trace spans and service dependencies. Unlike traditional charting libraries, React Flow specializes in workflow and network diagrams, offering drag-and-drop interactions, custom node components, and efficient rendering of thousands of nodes while maintaining accessibility compliance. |
| 14 | + |
| 15 | + |
| 16 | + |
| 17 | +### Trace to Log correlation |
| 18 | + |
| 19 | +When both trace and log index patterns are configured with proper correlation objects, OpenSearch Dashboards 3.3 enables seamless navigation between traces and their associated logs. This powerful feature allows developers and operators to quickly jump from a trace span to related log entries, providing complete context for debugging and troubleshooting distributed systems. The correlation is established through common identifiers like trace IDs and span IDs, creating a unified observability experience that bridges the gap between structured traces and detailed log messages. |
| 20 | + |
| 21 | + |
| 22 | + |
| 23 | +## For OpenSearch Dashboards 3.3 Docker and Binary Releases |
| 24 | + |
| 25 | +Update your `config/opensearch_dashboards.yml` file with the following configuration block enabled: |
| 26 | + |
| 27 | +```yaml |
| 28 | +# =========================================== |
| 29 | +# The new OpenSearch Dashboards Experience |
| 30 | +# Enable the following four flags together for the new OpenSearch Dashboards discover features |
| 31 | +# =========================================== |
| 32 | + |
| 33 | +# Set the value of this setting to true to enable multiple data source feature. |
| 34 | +# data_source.enabled: false |
| 35 | + |
| 36 | +# Set the value to true to enable workspace feature |
| 37 | +# Please note, workspace will not work with multi-tenancy. To enable workspace feature, you need to disable multi-tenancy first with `opensearch_security.multitenancy.enabled: false` |
| 38 | +# workspace.enabled: false |
| 39 | + |
| 40 | +# explore.enabled: false |
| 41 | + |
| 42 | +# @experimental Set the value to true to enable discover traces |
| 43 | +# explore.discoverTraces.enabled: true |
| 44 | +``` |
12 | 45 |
|
13 | 46 | ## Setup |
14 | 47 |
|
15 | | -You should follow the steps from the [Explore setup guide](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/src/plugins/explore/README.md) to create the datasource and workspace first. |
| 48 | +You should follow the steps from the [Explore setup guide](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/src/plugins/explore/README.md) to create the data source and workspace first. |
| 49 | + |
| 50 | +### Create a Trace Index Pattern |
| 51 | + |
| 52 | +After creating your data source and workspace, you need to create a trace index pattern to enable trace data visualization. |
| 53 | + |
| 54 | +1. **Get your data source ID** by going to the data source page and clicking on the data source you wish to create the index pattern for. |
| 55 | + |
| 56 | +  |
| 57 | + |
| 58 | +2. **Copy the data source ID** from the URL after clicking the data source. |
| 59 | + |
| 60 | +  |
| 61 | + |
| 62 | +3. **Run the following command** in your terminal to create an index pattern and associate it as a trace signal: |
| 63 | + |
| 64 | + ```bash |
| 65 | + # Replace <username> with your OpenSearch username (e.g., admin) |
| 66 | + # Replace <password> with your OpenSearch password |
| 67 | + # Replace <port> with your OpenSearch Dashboards port (default: 5601) |
| 68 | + # Replace <workspace_id> with your workspace ID (found in workspace URL or API) |
| 69 | + # Replace <index_pattern_id> with desired ID for the index pattern |
| 70 | + # Replace <index_pattern_title> with the index pattern to match (supports wildcards) |
| 71 | + # <index_pattern_title> OTel standard of <otel-v1-apm-span*> |
| 72 | + # Replace <time_field> with the timestamp field name in your indices |
| 73 | + # <time_field> OTel standard of <endTime> |
| 74 | + # Replace <data_source_id> with your data source ID (found in Data sources page) |
| 75 | + |
| 76 | + curl -u '<username>:<password>' -X POST \ |
| 77 | + 'http://localhost:<port>/w/<workspace_id>/api/saved_objects/index-pattern/<index_pattern_id>' \ |
| 78 | + -H 'osd-xsrf: true' \ |
| 79 | + -H 'Content-Type: application/json' \ |
| 80 | + -d '{ |
| 81 | + "attributes": { |
| 82 | + "title": "<index_pattern_title>", |
| 83 | + "timeFieldName": "<time_field>", |
| 84 | + "signalType": "traces" |
| 85 | + }, |
| 86 | + "references": [ |
| 87 | + { |
| 88 | + "type": "data-source", |
| 89 | + "name": "dataSource", |
| 90 | + "id": "<data_source_id>" |
| 91 | + } |
| 92 | + ] |
| 93 | + }' |
| 94 | + |
| 95 | + # Example |
| 96 | + curl -u 'admin:Welcomeuser@123' -X POST \ |
| 97 | + 'http://localhost:5601/w/UL8Q0B/api/saved_objects/index-pattern/otel-traces' \ |
| 98 | + -H 'osd-xsrf: true' \ |
| 99 | + -H 'Content-Type: application/json' \ |
| 100 | + -d '{ |
| 101 | + "attributes": { |
| 102 | + "title": "otel-v1-apm-span*", |
| 103 | + "timeFieldName": "endTime", |
| 104 | + "signalType": "traces" |
| 105 | + }, |
| 106 | + "references": [ |
| 107 | + { "type": "data-source", "name": "dataSource", "id": "7d5eb970-9d5b-11f0-a487-c138f227c1e6" } |
| 108 | + ] |
| 109 | + }' |
| 110 | + # Output |
| 111 | + {"type":"index-pattern","id":"otel-traces","attributes":{"title":"otel-v1-apm-span*","timeFieldName":"endTime","signalType":"traces"},"references":[{"type":"data-source","name":"dataSource","id":"7d5eb970-9d5b-11f0-a487-c138f227c1e6"}],"migrationVersion":{"index-pattern":"7.6.0"},"updated_at":"2025-09-29T21:18:19.911Z","version":"WzExMywxXQ==","workspaces":["UL8Q0B"],"namespaces":["default"]}% |
| 112 | + ``` |
| 113 | + |
| 114 | +4. **Navigate to the Index patterns page** and click on the created index pattern after the command is successfully run. |
| 115 | + |
| 116 | +  |
| 117 | + |
| 118 | +5. **Refresh the field list** by clicking "Refresh field list" on the index pattern page. |
| 119 | + |
| 120 | +  |
| 121 | + |
| 122 | +### (Optional) Create a Logs Index Pattern |
| 123 | + |
| 124 | +If you have logs data that you want to associate with traces, you can create a logs index pattern. |
| 125 | + |
| 126 | +1. **Run the following command** in your terminal to create an index pattern and associate it as a log signal: |
| 127 | + |
| 128 | + ```bash |
| 129 | + # Replace <username> with your OpenSearch username (e.g., admin) |
| 130 | + # Replace <password> with your OpenSearch password |
| 131 | + # Replace <port> with your OpenSearch Dashboards port (default: 5601) |
| 132 | + # Replace <workspace_id> with your workspace ID (found in workspace URL or API) |
| 133 | + # Replace <index_pattern_id> with desired ID for the index pattern |
| 134 | + # Replace <index_pattern_title> with the index pattern to match (supports wildcards) |
| 135 | + # <index_pattern_title> OTel standard of <logs-otel-v1*> |
| 136 | + # Replace <time_field> with the timestamp field name in your indices |
| 137 | + # <time_field> OTel standard of <time> |
| 138 | + # Replace <data_source_id> with your data source ID (found in Data sources page) |
| 139 | + |
| 140 | + curl -u '<username>:<password>' -X POST \ |
| 141 | + 'http://localhost:<port>/w/<workspace_id>/api/saved_objects/index-pattern/<index_pattern_id>' \ |
| 142 | + -H 'osd-xsrf: true' \ |
| 143 | + -H 'Content-Type: application/json' \ |
| 144 | + -d '{ |
| 145 | + "attributes": { |
| 146 | + "title": "<index_pattern_title>", |
| 147 | + "timeFieldName": "<time_field>", |
| 148 | + "signalType": "logs" |
| 149 | + }, |
| 150 | + "references": [ |
| 151 | + { |
| 152 | + "type": "data-source", |
| 153 | + "name": "dataSource", |
| 154 | + "id": "<data_source_id>" |
| 155 | + } |
| 156 | + ] |
| 157 | + }' |
| 158 | + |
| 159 | + # Example |
| 160 | + curl -u 'admin:Welcomeuser@123' -X POST \ |
| 161 | + 'http://localhost:5601/w/UL8Q0B/api/saved_objects/index-pattern/otel-logs' \ |
| 162 | + -H 'osd-xsrf: true' \ |
| 163 | + -H 'Content-Type: application/json' \ |
| 164 | + -d '{ |
| 165 | + "attributes": { |
| 166 | + "title": "logs-otel-v1*", |
| 167 | + "timeFieldName": "time", |
| 168 | + "signalType": "logs" |
| 169 | + }, |
| 170 | + "references": [ |
| 171 | + { |
| 172 | + "type": "data-source", |
| 173 | + "name": "dataSource", |
| 174 | + "id": "7d5eb970-9d5b-11f0-a487-c138f227c1e6" |
| 175 | + } |
| 176 | + ] |
| 177 | + }' |
| 178 | + |
| 179 | + # Output |
| 180 | + {"type":"index-pattern","id":"otel-logs","attributes":{"title":"logs-otel-v1*","timeFieldName":"@timestamp","signalType":"logs"},"references":[{"type":"data-source","name":"dataSource","id":"7d5eb970-9d5b-11f0-a487-c138f227c1e6"}],"migrationVersion":{"index-pattern":"7.6.0"},"updated_at":"2025-09-29T21:59:50.038Z","version":"WzExNywxXQ==","workspaces":["UL8Q0B"],"namespaces":["default"]}% |
| 181 | + ``` |
| 182 | + |
| 183 | +2. **Follow the earlier steps** to "Refresh field list" for the logs index pattern. |
| 184 | + |
| 185 | +### (Optional) Correlating Logs to Traces |
| 186 | + |
| 187 | +To enable correlation between your logs and traces data, you can create a correlation object that links them together. |
| 188 | + |
| 189 | +1. **Run the following command** to create a traces-logs correlation: |
| 190 | + |
| 191 | + ```bash |
| 192 | + # Replace <username> with your OpenSearch username |
| 193 | + # Replace <password> with your OpenSearch password |
| 194 | + # Replace <port> with your OpenSearch Dashboards port (default: 5601) |
| 195 | + # Replace <workspace_id> with your workspace ID |
| 196 | + # Replace <correlation_id> with desired ID for the correlation |
| 197 | + # Replace <traces_index_id> with your traces index pattern ID (e.g., otel-traces) |
| 198 | + # Replace <logs_index_id> with your logs index pattern ID (e.g., otel-logs) |
| 199 | + # Replace <span_id_field> with the span ID field name in your logs (e.g., spanId) |
| 200 | + # Replace <trace_id_field> with the trace ID field name in your logs (e.g., traceId) |
| 201 | + # Replace <log_message_field> with the log message field name (e.g., body or message) |
| 202 | + # Replace <timestamp_field> with the timestamp field name in your logs (e.g., @timestamp) |
| 203 | + |
| 204 | + curl -u '<username>:<password>' -X POST \ |
| 205 | + 'http://localhost:<port>/w/<workspace_id>/api/saved_objects/correlations/<correlation_id>' \ |
| 206 | + -H 'osd-xsrf: true' \ |
| 207 | + -H 'Content-Type: application/json' \ |
| 208 | + -d '{ |
| 209 | + "attributes": { |
| 210 | + "correlationType": "Traces-Logs-Correlation", |
| 211 | + "version": "1.0.0", |
| 212 | + "entities": [ |
| 213 | + { |
| 214 | + "tracesDataset": { |
| 215 | + "id": "references[0].id" |
| 216 | + } |
| 217 | + }, |
| 218 | + { |
| 219 | + "logsDataset": { |
| 220 | + "meta": { |
| 221 | + "logSpanIdField": "<span_id_field>", |
| 222 | + "logTraceIdField": "<trace_id_field>", |
| 223 | + "logMessage": "<log_message_field>", |
| 224 | + "timestamp": "<timestamp_field>" |
| 225 | + }, |
| 226 | + "id": "references[1].id" |
| 227 | + } |
| 228 | + } |
| 229 | + ] |
| 230 | + }, |
| 231 | + "references": [ |
| 232 | + { |
| 233 | + "name": "entities[0].index", |
| 234 | + "type": "index-pattern", |
| 235 | + "id": "<traces_index_id>" |
| 236 | + }, |
| 237 | + { |
| 238 | + "name": "entities[1].index", |
| 239 | + "type": "index-pattern", |
| 240 | + "id": "<logs_index_id>" |
| 241 | + } |
| 242 | + ] |
| 243 | + }' |
| 244 | + |
| 245 | + # Example |
| 246 | + curl -u 'admin:Welcomeuser@123' -X POST \ |
| 247 | + 'http://localhost:5601/w/UL8Q0B/api/saved_objects/correlations/traces-logs-correlation' \ |
| 248 | + -H 'osd-xsrf: true' \ |
| 249 | + -H 'Content-Type: application/json' \ |
| 250 | + -d '{ |
| 251 | + "attributes": { |
| 252 | + "correlationType": "Traces-Logs-Correlation", |
| 253 | + "version": "1.0.0", |
| 254 | + "entities": [ |
| 255 | + { |
| 256 | + "tracesDataset": { |
| 257 | + "id": "references[0].id" |
| 258 | + } |
| 259 | + }, |
| 260 | + { |
| 261 | + "logsDataset": { |
| 262 | + "meta": { |
| 263 | + "logSpanIdField": "spanId", |
| 264 | + "logTraceIdField": "traceId", |
| 265 | + "logMessage": "body", |
| 266 | + "timestamp": "@timestamp" |
| 267 | + }, |
| 268 | + "id": "references[1].id" |
| 269 | + } |
| 270 | + } |
| 271 | + ] |
| 272 | + }, |
| 273 | + "references": [ |
| 274 | + { |
| 275 | + "name": "entities[0].index", |
| 276 | + "type": "index-pattern", |
| 277 | + "id": "otel-traces" |
| 278 | + }, |
| 279 | + { |
| 280 | + "name": "entities[1].index", |
| 281 | + "type": "index-pattern", |
| 282 | + "id": "otel-logs" |
| 283 | + } |
| 284 | + ] |
| 285 | + }' |
| 286 | + # Output |
| 287 | + {"type":"correlations","id":"traces-logs-correlation","attributes":{"correlationType":"Traces-Logs-Correlation","version":"1.0.0","entities":[{"tracesDataset":{"id":"references[0].id"}},{"logsDataset":{"meta":{"logSpanIdField":"spanId","logTraceIdField":"traceId","logMessage":"body","timestamp":"@timestamp"},"id":"references[1].id"}}]},"references":[{"name":"entities[0].index","type":"index-pattern","id":"otel-traces"},{"name":"entities[1].index","type":"index-pattern","id":"otel-logs"}],"updated_at":"2025-09-29T22:13:59.700Z","version":"WzE0NCwxXQ==","workspaces":["UL8Q0B"],"namespaces":["default"]}% |
| 288 | + ``` |
| 289 | + |
| 290 | +2. **Verify the correlation object** was created by visiting the "Assets" page where it will be named "Correlation <correlation_id>". |
| 291 | + |
| 292 | +  |
| 293 | + |
| 294 | +## Using Discover Traces |
| 295 | + |
| 296 | +You can now use the Discover Traces experience. Navigate to the Traces page and select your trace index to start exploring your trace data. |
| 297 | + |
| 298 | + |
0 commit comments