Zipkin by default does special indexing to deal with limitations around names with dots and to reduce storage costs. Normal elasticsearch queries for tags won't work because of this. However, you can always add a second indexing template with the tags you feel you need to work with other tools like kibana. This shows you how to do that.
Before asking any questions please run exactly as mentioned here. These instructions are Elasticsearch v7 specific. If you do something different like use Elasticsearch 6, or do things out of order, it might not work. In other words, use our docker-compose stuff so to eliminate variance and understand how things work before changing variables.
$ git clone https://github.com/openzipkin/zipkin
$ cd zipkin/docker/examples/
Edit docker-compose-elasticsearch.yml
and uncomment out ports. This allows you to access ES directly
- # ports:
- # - 9200:9200
+ ports:
+ - 9200:9200
Startup zipkin with elasticsearch using docker-compose up
$ docker-compose -f docker-compose-elasticsearch.yml -f docker-compose-example.yml up
Hit a url so that it implicitly loads the zipkin index templates
$ curl -s localhost:9411/api/v2/traces
Add a second index template, taking care to do it exactly like ours (do not include_type_name=true
). This below adds standard indexing for the tag named http.status_code
.
$ curl -X PUT -v -s localhost:9200/_template/zipkin:span_http.status_code_template -H'Content-Type: application/json' -d'{
"index_patterns": [
"zipkin:span-*"
],
"order": 0,
"mappings": {
"span": {
"properties": {
"tags.http.status_code": {
"norms": false,
"type": "keyword"
}
}
}
}
}'
Hit the brave-example app in a way that results in a non-success code. Most instrumentation do not record the http.status_code
on success, so that's why you need to hit something that produces an error. The following endpoint doesn't exist on the example frontend, so it will make a 404.
$ curl -s localhost:8081/bobby
Now you can validate Elasticsearch normal indexing applies to that field.
$ curl -s 'localhost:9200/zipkin:span-*/_search?q=tags.http.status_code:404'
An option that I was able to make work if you need to map tags in your index is below. However, there are a couple caveats:
If the tag has any dots in it (like in the template in the gist), spans containing tags that are made up of parts of the tag leading up to but not including the last part will fail to save.
Example: If instead of
tag_name
below, you hadfoo.bar
, you could not send a tagfoo
, or if in the template below you hadalpha.beta.gamma
, you could not send tagsalpha
oralpha.beta
.Similarly, you would not be able to send a span with a tag which is preceded by the tag name in the template followed by a dot and additional text.
Example: Given
tag_name
below, you could not sendtag_name.foo
ortag_name.foo.bar
, etc.Additionally, you should be able to set whatever typical properties on the mapping that you would otherwise, e.g. "norms" or a different "type" like long or boolean, but I have not tried any of these.