HYDROLIX BLOG

Ponderings, insights and industry updates

Hydrolix Streaming Intake for Fastly CDN Logs

February 17, 2021

Author: Tobin Sears | Sales Engineering, Hydrolix

Tags:

In this post, we’ll show you how to configure Hydrolix to ingest your streaming Fastly CDN logs.

This post is part of a series showing how to use Hydrolix and an open source dashboard to maximize your Fastly CDN observability quickly, cheaply, and in your own VPC. Before following these quick instructions for configuring Hydrolix, check out how to configure Fastly to stream logs into Hydrolix with an HTTPS endpoint. After you have configured both Fastly and Hydrolix, check out how to analyze the transaction logs and build a dashboard to complete your observability needs.

Setup Hydrolix Streaming Intake

Please note that the following configuration assumes that you have already created a project and an associated table. If you haven’t completed those steps yet, you can follow the steps found in the Building Your Data Store section of the Hydrolix documentation website.

Create and Apply a Transform

Once you have a project and table created, the last remaining step to getting Fastly data into the Hydrolix platform is to create a transform. Think of a transform as a schema that helps tell the system what type of data to expect and ultimately how to deal with it. You can read all about the flexible Hydrolix transforms in our detailed developer docs. For this example, though, we created a transform below that you can cut and paste and use once you change the table, name, and description fields to your values. Publish the transform as you normally do with Hydrolix (or see how to publish a transform in our developer docs).

Fastly Transform (click to expand)

{
"table": "<<table_uuid>>",
"name": "<string>",
"description": "<string>",
"type": "json",
"settings": {
"is_default": true,
"compression": "none",
"format_details": {
},
"output_columns": [
{
"name": "cache_status",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "client_ip",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "content_type",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "geo_city",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "geo_continent_code",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "geo_country_code",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "geo_datacenter",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "geo_region",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "h2_stream_id",
"datatype": {
"type": "string"
}
},
{
"name": "host",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "is_cacheable",
"datatype": {
"type": "bool"
}
},
{
"name": "is_h2",
"datatype": {
"type": "bool"
}
},
{
"name": "is_h2_push",
"datatype": {
"type": "bool"
}
},
{
"name": "is_ipv6",
"datatype": {
"type": "bool"
}
},
{
"name": "is_tls",
"datatype": {
"type": "bool"
}
},
{
"name": "origin_host",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "protocol",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "req_body_size",
"datatype": {
"type": "uint32"
}
},
{
"name": "req_header_size",
"datatype": {
"type": "uint32"
}
},
{
"name": "request",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_accept_charset",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_accept_content",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_accept_encoding",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_accept_language",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_cache_control",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_connection",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_dnt",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_forwarded",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_referer",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_user_agent",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_via",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_x_forwarded_for",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "request_x_requested_with",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "resp_body_size",
"datatype": {
"type": "uint32"
}
},
{
"name": "resp_header_size",
"datatype": {
"type": "uint32"
}
},
{
"name": "response_age",
"datatype": {
"type": "uint32"
}
},
{
"name": "response_cache_control",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "response_expires",
"datatype": {
"type": "string"
}
},
{
"name": "response_last_modified",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "response_tsv",
"datatype": {
"type": "string"
}
},
{
"name": "service_id",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "service_version",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "socket_cwnd",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_nexthop",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "socket_ploss",
"datatype": {
"type": "double"
}
},
{
"name": "socket_tcpi_delta_retrans",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_last_data_sent",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_rcv_mss",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_rcv_rtt",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_rcv_space",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_rtt",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_rttvar",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_snd_mss",
"datatype": {
"type": "uint32"
}
},
{
"name": "socket_tcpi_total_retrans",
"datatype": {
"type": "uint32"
}
},
{
"name": "status",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "time_elapsed",
"datatype": {
"type": "uint32"
}
},
{
"name": "time_end",
"datatype": {
"type": "datetime",
"format": "2006-01-02T15:04:05"
}
},
{
"name": "time_start",
"datatype":{
"type": "datetime",
"primary": true,
"format": "2006-01-02T15:04:05"
}
},
{
"name": "tls_client_cipher",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "tls_client_cipher_sha",
"datatype": {
"type": "string"
}
},
{
"name": "tls_client_protocol",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "tls_client_servername",
"datatype": {
"type": "string",
"index": true
}
},
{
"name": "tls_client_tlsexts_sha",
"datatype": {
"type": "string"
}
},
{
"name": "url",
"datatype": {
"type": "string",
"index": true
}
}
]
}
}

Leveraging Views

Hydrolix is now configured to accept the incoming Fastly log data.

Hydrolix supports the notion that a single data set can have many different query formats. The query data structure, or view, associated with a given data set not only allows for a customized representation of the queried data but also for a user’s access to the data to be restricted to a set of columns. Upon transform creation, Hydrolix automatically generates a default view that can be used to immediately query the data set – no additional configuration is required. However, users are encouraged to spend some time becoming familiar with the view concept and subsequent benefits that the feature can provide. You can refer to the developer docs for more information about query views.

Querying and Visualizing Fastly Logs with Hydrolix

Now that both Hydrolix and Fastly are configured to stream Fastly real-time log data into Hydrolix, it’s time to make some queries! Read on to check out how to analyze the transaction logs and build a dashboard to complete your observability needs.

Share Now