add logs explorer matview (#20)

* add logs explorer matview

* add logs explorer endpoint

Author: alrocar

tinybird/datasources/logs_range_15m.datasource

@@ -0,0 +1,12 @@
+SCHEMA >
+    `start_ts` DateTime64(3) `json:$.start_ts`,
+    `end_ts` DateTime64(3) `json:$.end_ts`,
+    `environment` LowCardinality(String) `json:$.environment`,
+    `service` LowCardinality(String) `json:$.service`,
+    `level` LowCardinality(String) `json:$.level`,
+    `n_rows` AggregateFunction(count, UInt64) `json:$.n_rows`
+
+ENGINE "AggregatingMergeTree"
+ENGINE_PARTITION_KEY "toYYYYMM(start_ts)"
+ENGINE_SORTING_KEY "start_ts, end_ts, environment, service, level"
+ENGINE_PRIMARY_KEY "start_ts, end_ts, environment"

tinybird/endpoints/log_analysis.pipe

@@ -43,7 +43,7 @@ SQL >
         AND user_agent in {{Array(user_agent)}}
     {% end %}
     {% if defined(message) and message != '' %}
-        AND message like concat('%', {{String(message)}}, '%')
+        AND message ilike concat('%', {{String(message)}}, '%')
     {% end %}
     ORDER BY 
     {% if defined(sort_by) and sort_by != '' %}

tinybird/endpoints/log_explorer.pipe

@@ -0,0 +1,92 @@
+NODE cummulative_rows
+DESCRIPTION >
+    Filter data and calculate the running sum of rows in the result set to determine the time range.
+
+SQL >
+
+    %
+    SELECT end_ts, start_ts, countMerge(n_rows) OVER (ORDER BY start_ts DESC) AS n_rows
+    FROM logs_range_15m
+    WHERE 1=1
+        {% if defined(environment) and environment != [''] %}
+            AND environment in {{ Array(environment) }}
+        {% end %}
+        {% if defined(service) and service != [''] %}
+            AND service in {{ Array(service) }}
+        {% end %}
+        {% if defined(level) and level != [''] %}
+            AND level in {{ Array(level) }}
+        {% end %}
+        AND start_ts >= {{ DateTime(start, '2024-03-08 00:00:00') }} - INTERVAL {{ UInt8(days_param, 30) }} DAY
+        AND end_ts <= {{ DateTime(start, '2024-03-08 00:00:00') }}
+    ORDER BY end_ts DESC
+
+
+
+NODE ts_range
+DESCRIPTION >
+    What is the time period, starting at X, and up to Y, that I need to query in order to get Z amount of rows that I need.
+
+SQL >
+
+    %
+    SELECT max(end_ts) AS max_end_ts, min(start_ts) AS min_start_ts
+    FROM cummulative_rows
+    WHERE
+        n_rows > {{ Int32(page, 0) * Int32(page_size, 100) }}
+        AND n_rows <= {{ (Int32(page, 0) + 1) * Int32(page_size, 100) }}
+
+
+
+NODE logs_result
+DESCRIPTION >
+    Rreturn the logs within the time range.
+    NOTE: this does not guarantee that you get the exact page size. To avoid repeating records, you need to add extra conditions to check the last value on the previous page.
+
+SQL >
+
+    %
+    WITH
+        (SELECT min_start_ts FROM ts_range) AS start_range,
+        (SELECT max_end_ts FROM ts_range) AS end_range
+
+    SELECT 
+        timestamp,
+        request_id,
+        request_method,
+        status_code,
+        service,
+        request_path,
+        level,
+        message
+    FROM logs
+    WHERE 1=1
+        {% if defined(service) and service != [''] %}
+            AND service in {{Array(service)}}
+        {% end %}
+        {% if defined(level) and level != [''] %}
+            AND level in {{Array(level)}}
+        {% end %}
+        {% if defined(environment) and environment != [''] %}
+            AND environment in {{Array(environment)}}
+        {% end %}
+        {% if defined(request_method) and request_method != [''] %}
+            AND request_method in {{Array(request_method)}}
+        {% end %}
+        {% if defined(status_code) and status_code != [''] %}
+            AND status_code in {{Array(status_code)}}
+        {% end %}
+        {% if defined(request_path) and request_path != [''] %}
+            AND request_path in {{Array(request_path)}}
+        {% end %}
+        {% if defined(user_agent) and user_agent != [''] %}
+            AND user_agent in {{Array(user_agent)}}
+        {% end %}
+        {% if defined(message) and message != '' %}
+            AND message ilike concat('%', {{String(message)}}, '%')
+        {% end %}
+        AND timestamp >= start_range
+        AND timestamp <= end_range
+    ORDER BY timestamp DESC
+
+TYPE endpoint

tinybird/endpoints/log_timeseries.pipe

@@ -114,7 +114,7 @@ SQL >
     {% end %}
     {% if date_diff_in_hours(start_date, end_date) <= 24 * 7 %}
         {% if defined(message) and message != '' %}
-            AND message like concat('%', {{String(message)}}, '%')
+            AND message ilike concat('%', {{String(message)}}, '%')
         {% end %}
     {% end %}
     GROUP BY date

tinybird/materializations/logs_range_15m_mv.pipe

@@ -0,0 +1,20 @@
+NODE mv
+SQL >
+
+    SELECT
+        toStartOfFifteenMinutes(timestamp) AS start_ts,
+        start_ts + toIntervalMinute(15) AS end_ts,
+        environment,
+        service,
+        level,
+        countState() AS n_rows
+    FROM logs
+    GROUP BY
+        start_ts,
+        end_ts,
+        environment,
+        service,
+        level
+
+TYPE materialized
+DATASOURCE logs_range_15m

tinybird/tests/log_explorer.yaml

@@ -0,0 +1,30 @@
+
+- name: default_log_explorer
+  description: Test with default parameters for last 1 day
+  parameters: start=2025-02-04%2000:00:00&page=0&page_size=3&days_param=1
+  expected_result: |
+    {"timestamp":"2025-02-03 20:03:14.000","request_id":"req-6296819fe0433ec7","request_method":"POST","status_code":373,"service":"database","request_path":"\/orders\/373","level":"ERROR","message":"Log message 373"}
+    {"timestamp":"2025-02-03 19:34:02.000","request_id":"req-6f65658010123820","request_method":"POST","status_code":525,"service":"api","request_path":"\/orders\/925","level":"ERROR","message":"Log message 925"}
+    {"timestamp":"2025-02-03 19:23:42.000","request_id":"req-ab50f632c7544b42","request_method":"POST","status_code":345,"service":"api","request_path":"\/orders\/945","level":"ERROR","message":"Log message 945"}
+
+- name: filtered_by_service_and_level
+  description: Test filtered by specific service and error level
+  parameters: start=2025-02-04%2000:00:00&service=api&level=ERROR&page=0&page_size=5&days_param=1
+  expected_result: |
+    {"timestamp":"2025-02-03 19:34:02.000","request_id":"req-6f65658010123820","request_method":"POST","status_code":525,"service":"api","request_path":"\/orders\/925","level":"ERROR","message":"Log message 925"}
+    {"timestamp":"2025-02-03 19:23:42.000","request_id":"req-ab50f632c7544b42","request_method":"POST","status_code":345,"service":"api","request_path":"\/orders\/945","level":"ERROR","message":"Log message 945"}
+    {"timestamp":"2025-02-03 19:13:22.000","request_id":"req-41cfd4707d5d9189","request_method":"POST","status_code":565,"service":"api","request_path":"\/orders\/365","level":"ERROR","message":"Log message 365"}
+    {"timestamp":"2025-02-03 11:04:22.000","request_id":"req-1be7850effe31e0a","request_method":"POST","status_code":305,"service":"api","request_path":"\/orders\/105","level":"ERROR","message":"Log message 105"}
+    {"timestamp":"2025-02-03 08:02:42.000","request_id":"req-e80695b4b6b1f89f","request_method":"POST","status_code":405,"service":"api","request_path":"\/orders\/205","level":"ERROR","message":"Log message 205"}
+
+- name: search_by_message
+  description: Test searching for specific message content
+  parameters: start=2025-02-04%2000:00:00&message=945&page=0&page_size=3&days_param=1
+  expected_result: |
+    {"timestamp":"2025-02-03 19:23:42.000","request_id":"req-ab50f632c7544b42","request_method":"POST","status_code":345,"service":"api","request_path":"\/orders\/945","level":"ERROR","message":"Log message 945"}
+
+- name: filtered_by_request_method
+  description: Test filtered by HTTP method and status code
+  parameters: start=2025-02-04%2000:00:00&request_method=POST&status_code=345&page=0&page_size=25&days_param=1
+  expected_result: |
+    {"timestamp":"2025-02-03 19:23:42.000","request_id":"req-ab50f632c7544b42","request_method":"POST","status_code":345,"service":"api","request_path":"\/orders\/945","level":"ERROR","message":"Log message 945"}