Skip to content

Best Practices for Data Correlation

Preface

The Opentelemetry protocol, defined by CNCF (Cloud Native Computing Foundation), is the latest observability specification. This specification defines the three pillars of observability: Metrics, Trace, and Log (metrics, traces, and logs). The correlation analysis among these three has become a key competitive area for various vendors.

image.png

Guance, as a leading observability product in China, how does it break through technical barriers and overcome challenges?

Data Correlation

Metrics

Usually represented by a "value", which can be a number, string, float, boolean, etc.

Metric Correlation

Prerequisites

  • The view must include a by condition (click any view to check).

  • The associated target must have this condition (tag).

M::`cpu`:(LAST(`usage_total`)) BY `host`

Logs

Click on the view and View Related Logs to navigate to the log module.

image.png

Containers

View Related Containers to quickly query all containers on the host (Node).

image.png

Processes

View Related Processes to quickly query all processes on the host (requires enabling Processes Collection).

image.png

Traces

View Related Traces to quickly query all traces on the host.

image.png

Logs

Records generated during system/application operation, used for troubleshooting and data statistical analysis.

Log Correlation

Prerequisites

  • Typically use hostname as the correlation condition (customizable).

  • The associated target must have this condition (tag).

Metrics

Click on any log record and select Metrics View to see the host's system runtime status (dashed line represents the log record time).

image.png

Containers

Click on any log record, select the host, and View Related Containers to navigate to the container module.

image.png

Processes

View Related Processes to quickly query all processes on the host (requires enabling Processes Collection).

image.png

Traces

(Host correlation) View Related Traces to navigate to the trace module and quickly query all traces on the host.

image.png

Security

View Related Security Checks to navigate to the security check module and quickly query security vulnerabilities on the host (requires deploying Scheck).

image.png

Traces

With the expansion of internet architecture and the widespread use of distributed systems, application calls have become extremely complex. Trace tracking can effectively and quickly locate issues.

Trace Correlation

Prerequisites

  • Typically use hostname/trace_id as the correlation condition (customizable).

  • The associated target must have this condition (tag).

Metrics

Click on any trace record and select Host - Metrics View to see the host's system runtime status (dashed line represents the trace record time).

578DAA74-7521-499a-8630-88478B9FFD0A.png

Logs

Click on any trace record and select Log - traceid to view the log records generated by the trace (requires configuring log output with trace_id).

image.png

Customization

In addition to the default data correlation features, Guance supports more flexible user-defined view correlations.

Custom Correlation

Management - Built-in Views - User Views - Create View, supporting five fields corresponding to different data:

  • service (trace service)

  • app_id (application)

  • source (log source)

  • project (project)

  • label (label)

image.png

Feedback

Is this page helpful? ×