今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#OMB

找到 5 篇相关文章

开发者

High-Cardinality File Access Analysis with Honeycomb + OTel

TL;DR We built a serverless pipeline that ships FSx for ONTAP audit logs to Honeycomb, where its high-cardinality query engine turns file access data into actionable insights. Two delivery paths verified: [Path A: Direct] FSx for ONTAP → S3 Access Point → EventBridge Scheduler → Lambda → Honeycomb Events Batch API [Path B: OTel Collector] FSx for ONTAP → S3 Access Point → EventBridge Scheduler → Lambda → OTel Collector → OTLP → Honeycomb Why Honeycomb for file access logs? Because file access data is inherently high-cardinality : thousands of users × millions of file paths × dozens of operations × multiple SVMs. Traditional log tools force you to pre-aggregate or sample. Honeycomb lets you query the raw events at full resolution. ┌──────────────────────────────────────────────────────┐ │ Honeycomb Query Engine │ │ │ │ "Show me which users accessed /vol/finance/* │ │ between 2am-4am last Tuesday" │ │ │ │ → BubbleUp: auto-detect anomalous dimensions │ │ → Heatmap: visualize access density over time │ │ → GROUP BY user, path, operation — no pre-indexing │ │ │ │ 20M events/month FREE │ └──────────────────────────────────────────────────────┘ This is Part 10 of the Serverless Observability for FSx for ONTAP series. Why Honeycomb for File Access Logs? Most observability tools index a fixed set of fields. When you have high-cardinality dimensions — like file paths ( /vol/data/project-alpha/2026/Q1/report-final-v3.docx ) or Active Directory usernames — you hit index bloat, slow queries, or forced sampling. Honeycomb's columnar storage handles this natively: Capability Traditional Logs Honeycomb Query by arbitrary field Pre-index or full scan Instant (columnar) GROUP BY high-cardinality field Expensive / limited Native BubbleUp (anomaly detection) Manual investigation Semi-automatic (select time range, BubbleUp identifies differing dimensions) Heatmap visualization Requires pre-aggregation Raw events For FSx for ONTAP audit logs, this means you can ask questions like: "Which

2026-05-31 原文 →