diff --git a/docs/en/observability/explore-logs.asciidoc b/docs/en/observability/explore-logs.asciidoc index f7b8f53e2e..338d321987 100644 --- a/docs/en/observability/explore-logs.asciidoc +++ b/docs/en/observability/explore-logs.asciidoc @@ -17,7 +17,7 @@ image::images/log-explorer.png[Screen capture of the Logs Explorer] == Find your logs By default, Logs Explorer shows all of your logs. -If you need to focus on logs from a specific integrations, select the integration from the logs menu: +If you need to focus on logs from a specific integration, select the integration from the logs menu: [role="screenshot"] image::images/log-menu.png[Screen capture of log menu] diff --git a/docs/en/observability/images/universal-profiling-overlay.png b/docs/en/observability/images/universal-profiling-overlay.png new file mode 100644 index 0000000000..aca2f81daf Binary files /dev/null and b/docs/en/observability/images/universal-profiling-overlay.png differ diff --git a/docs/en/observability/monitor-infra/host-details-partial.asciidoc b/docs/en/observability/monitor-infra/host-details-partial.asciidoc index 963e0e8204..fcce796c1c 100644 --- a/docs/en/observability/monitor-infra/host-details-partial.asciidoc +++ b/docs/en/observability/monitor-infra/host-details-partial.asciidoc @@ -52,18 +52,41 @@ along with the total number of processes in these various states: The processes listed in the *Top processes* table are based on an aggregation of the top CPU and the top memory consuming processes. The number of top processes is controlled by `process.include_top_n.by_cpu` and `process.include_top_n.by_memory`. -|=== +|=== | *Command* | Full command line that started the process, including the absolute path to the executable, and all the arguments (`system.process.cmdline`). | *PID* | Process id (`process.pid`). | *User* | User name (`user.name`). | *CPU* | The percentage of CPU time spent by the process since the last event (`system.process.cpu.total.pct`). -| *Time* | The time the process started (`system.process.cpu.start_time`). -| *Memory* | The percentage of memory (`system.process.memory.rss.pct`) the process occupied in main memory (RAM). +| *Time* | The time the process started (`system.process.cpu.start_time`). +| *Memory* | The percentage of memory (`system.process.memory.rss.pct`) the process occupied in main memory (RAM). | *State* | The current state of the process and the total number of processes (`system.process.state`). Expected values are: `running`, `sleeping`, `dead`, `stopped`, `idle`, `zombie`, and `unknown`. -|=== +|=== +==== + +[%collapsible] +.*Universal Profiling* +==== + +[role="screenshot"] +image::images/universal-profiling-overlay.png[Host Universal Profiling] + +The *Universal Profiling* tab shows CPU usage down to the application code level. +From here, you can find the sources of resource usage, and identify code that can be optimized to reduce infrastructure costs. +The Universal Profiling tab has the following views. + +|=== + +| *Flamegraph* | A visual representation of the functions that consume the most resources. Each rectangle represents a function. The rectangle width represents the time spent in the function. The number of stacked rectangles represents the stack depth, or the number of functions called to reach the current function. + +| *Top 10 Functions* | A list of the most expensive lines of code on your host. See the most frequently sampled functions, broken down by CPU time, annualized CO2, and annualized cost estimates. + +|=== + +For more on Universal Profiling, refer to the <> docs. + ==== [%collapsible] @@ -73,18 +96,18 @@ The number of top processes is controlled by `process.include_top_n.by_cpu` and [role="screenshot"] image::images/logs-overlay.png[Host logs] -The *Logs* tab displays logs relating to the host that you have selected. By default, the logs tab displays the following columns. +The *Logs* tab displays logs relating to the host that you have selected. By default, the logs tab displays the following columns. -|=== +|=== -| *Timestamp* | The timestamp of the log entry from the `timestamp` field. +| *Timestamp* | The timestamp of the log entry from the `timestamp` field. | *Message* | The message extracted from the document. The content of this field depends on the type of log message. If no special log message type is detected, the {ecs-ref}/ecs-base.html[Elastic Common Schema (ECS)] base field, `message`, is used. -|=== +|=== You can customize the logs view by adding a column for an arbitrary field you would like to filter by. For more information, refer to <>. @@ -99,7 +122,7 @@ To view the logs in the {logs-app} for a detailed analysis, click *Open in Logs* image::images/anomalies-overlay.png[Anomalies] The *Anomalies* table displays a list of each single metric {anomaly-detect} job for the specific host. By default, anomaly -jobs are sorted by time, showing the most recent jobs first. +jobs are sorted by time, showing the most recent jobs first. Along with the name of each anomaly job, detected anomalies with a severity score equal to 50, or higher, are listed. These scores represent a severity of "warning" or higher in the selected time period. The *summary* value represents the increase between @@ -107,7 +130,7 @@ the actual value and the expected ("typical") value of the host metric in the an To drill down and analyze the metric anomaly, select *Actions -> Open in Anomaly Explorer* to view the {ml-docs}/ml-gs-results.html[Anomaly Explorer in {ml-app}]. You can also select *Actions -> Show in Inventory* to view the host -Inventory page, filtered by the specific metric. +Inventory page, filtered by the specific metric. ==== [%collapsible]