Edge Delta Data Item Examples
Examples of data items handled by nodes and transported by links.
4 minute read
This page shows examples of data items in Edge Delta. For accurate interpretation and pipeline design you should examine your actual data using Live Capture.
Example Log
The following example is a log ingested from a Kubernetes source.
{
"_type": "log",
"timestamp": 1749035297221,
"body": "172.26.119.161 - - [04/Jun/2025:11:08:15 +0000] \"POST /admin/users HTTP/1.1\" 403 1043 \"https://example.com/simple\" \"lambda.amazonaws.com\"",
"resource": {
"container.id": "2296c093fbecee88cbc00a00c01ab4a1a1361c6ae0fb2f27e0077014d66fad29",
"container.image.name": "docker.io/userexample/imageexample:latest",
"ed.conf.id": "12345678987654321",
"ed.domain": "k8s",
"ed.filepath": "/var/log/pods/loggenlogs_loggen-d94d75-ggkcr_bd79183f-caa1-42dd-9cbf-8d2e7bd9b01e/loggen/0.log",
"ed.org.id": "98765432123456789",
"ed.source.name": "loggen",
"ed.source.type": "kubernetes_input",
"ed.tag": "slacker",
"host.ip": "172.19.0.3",
"host.name": "slacker-control-plane",
"k8s.container.name": "loggen",
"k8s.deployment.name": "loggen",
"k8s.namespace.name": "loggenlogs",
"k8s.node.name": "slacker-control-plane",
"k8s.pod.name": "loggen-d94d75-ggkcr",
"k8s.pod.uid": "bd79183f-caa1-42dd-9cbf-8d2e7bd9b01e",
"k8s.replicaset.name": "loggen-d94d75",
"service.name": "loggen"
},
"attributes": {}
}
Example Metric Item
The following example illustrates a metric item.
{
"_type": "metric",
"timestamp": 1749035340000,
"resource": {
"container.id": "2296c093fbecee88cbc00a00c01ab4a1a1361c6ae0fb2f27e0077014d66fad29",
"container.image.name": "docker.io/userexample/imageexample:latest",
"ed.conf.id": "12345678987654321",
"ed.domain": "k8s",
"ed.filepath": "/var/log/pods/loggenlogs_loggen-d94d75-ggkcr_bd79183f-caa1-42dd-9cbf-8d2e7bd9b01e/loggen/0.log",
"ed.org.id": "98765432123456789",
"ed.source.name": "loggen",
"ed.source.type": "kubernetes_input",
"ed.tag": "slacker",
"host.ip": "172.19.0.3",
"host.name": "slacker-control-plane",
"k8s.container.name": "loggen",
"k8s.deployment.name": "loggen",
"k8s.namespace.name": "loggenlogs",
"k8s.node.name": "slacker-control-plane",
"k8s.pod.name": "loggen-d94d75-ggkcr",
"k8s.pod.uid": "bd79183f-caa1-42dd-9cbf-8d2e7bd9b01e",
"k8s.replicaset.name": "loggen-d94d75",
"service.name": "loggen"
},
"attributes": {},
"gauge": {
"value": 8
},
"kind": "gauge",
"name": "error-logs-per-minute",
"start_timestamp": 1749035280000,
"unit": "1",
"_stat_type": "value"
}
Example Monitor Event Item
The following example is an event item created by a monitor:
{
"timestamp": 1749076918758,
"event_domain": "Monitor Alerts",
"event_type": "metric_threshold",
"severity_text": "ALERT",
"body": "Legacy Integration for ed.tag:slacker,service.name:loggen",
"resource": {
"ed.monitor.id": "2y2B1q3XZrvz0rOZuLLxVaneU4T",
"event.name": "Legacy Integration",
"service.name": "loggen"
},
"attributes": {
"ed.monitor.evaluated.from": "2025-06-04T22:33:00.000Z",
"ed.monitor.evaluated.to": "2025-06-04T22:38:00.000Z",
"ed.monitor.evaluated.value": "58.40",
"ed.monitor.group.id": "MhdBMl8aEW+QxHRoRtBZVWDLNTiD0sIyojWPRoOtV+o=",
"ed.monitor.group.name": "ed.tag:slacker,service.name:loggen",
"ed.monitor.notification.message": "**error-logs-per-minute** for **ed.tag:slacker,service.name:loggen** **>** **55** **avg** within the last **5m0s** evaluated from **2025-06-04T22:33:00.000Z** to **2025-06-04T22:38:00.000Z**.\n The monitor was last triggered at **2025-06-04T22:41:58.758Z**",
"ed.monitor.observation.url": "https://app.edgedelta.com/metrics/explorer?query=sum:error-logs-per-minute{ed.tag:\"slacker\" AND service.name:\"loggen\"}&from=2025-06-04T22:18:00.000Z&to=2025-06-04T22:38:00.000Z",
"ed.monitor.priority": "NOT DEFINED",
"ed.monitor.query": "sum:error-logs-per-minute{*} by {service.name,ed.tag}.rollup(60)",
"ed.monitor.screenshot.url": "https://p.edgedelta.com/1234/plots/2025-06-04/9876.png",
"ed.monitor.type": "metric_threshold",
"event.id": "2y3xCiyH6LLBI3c8MUziduzneim"
}
}
Example Kubernetes Event Item
The following example is an event item created by Kubernetes:
{
"timestamp": 1749079970000,
"event_domain": "K8s",
"event_type": "StorageReady",
"severity_text": "Warning",
"body": "IODelays: Process (kworker/u8:1-xfs-cil/nvme0n1p1) (PID 1757759) incurred 10.5 seconds of I/O delay",
"resource": {
"container.id": "",
"container.image.name": "",
"ed.cluster.name": "",
"ed.conf.id": "75d97fcf-7e65-4f90-b9c9-7a8f63f82c9c",
"ed.domain": "k8s",
"ed.filepath": "",
"ed.source.name": "k8s_event_input",
"ed.source.type": "k8s_event_input",
"ed.tag": "k8s-onboarding-demo",
"event.name": "[Warning] IODelays: Process (kworker/u8:1-xfs-cil/nvme0n1p1) (PID 1757759) incurred 10.5 seconds of I/O delay",
"host.ip": "10.0.1.112",
"host.name": "ip-10-0-1-112.us-west-2.compute.internal",
"k8s.container.name": "",
"k8s.namespace.name": "",
"k8s.node.name": "ip-10-0-1-204.us-west-2.compute.internal",
"k8s.pod.name": "",
"k8s.pod.uid": "",
"service.name": ""
},
"attributes": {
"event.count": "10",
"event.firstTimestamp": "2025-06-04T22:02:50Z",
"event.lastTimestamp": "2025-06-04T23:32:50Z",
"event.metadata.creationTimestamp": "2025-06-04T22:02:50Z",
"event.metadata.namespace": "default",
"event.metadata.resourceVersion": "273914991",
"event.metadata.uid": "4d22d5bc-0ea1-4029-9b5b-8fdc76cd8db2",
"event.reason": "StorageReady",
"event.source.component": "eks-node-monitoring-agent",
"event.type": "Warning",
"item.type": "event"
}
}
Example Trace
{
"_type": "trace"
"attributes": {
"component": "proxy"
"ed.event.subtype": "HTTP"
"ed.event.type": "HTTP"
"ed.span.resource": "router frontend egress"
"ed.status_code": "200"
"http.protocol": "HTTP/1.1"
"http.status_code": "200"
"otel.scope.name": ""
"otel.scope.version": ""
"peer.address": "10.96.72.33:8080"
"response_flags": "-"
"upstream_address": "10.96.72.33:8080"
"upstream_cluster": "frontend"
"upstream_cluster.name": "frontend"
}
"end_time_unix_nano": 1727694533408816000
"events":
null
"links":
null
"parent.span.id": "ffd797d422da853a"
"resource": {
"ed.conf.id": "123456789"
"ed.org.id": "987654321"
"ed.tag": "OTEL"
"host.ip": "172.18.0.4"
"host.name": "otel-cluster-worker"
"k8s.deployment.name": "my-otel-demo-frontendproxy"
"k8s.namespace.name": "otel"
"k8s.node.name": "otel-cluster-worker"
"k8s.pod.ip": "10.244.1.12"
"k8s.pod.name": "my-otel-demo-frontendproxy-6c4d5f5d4d-lbbtk"
"k8s.pod.start_time": "2024-09-28T02:28:04Z"
"k8s.pod.uid": "afac6ac0-9458-493a-a2d5-d8be273d4cfc"
"server.port": 4326
"service.instance.id": "afac6ac0-9458-493a-a2d5-d8be273d4cfc"
"service.name": "frontendproxy"
"service.namespace": "opentelemetry-demo"
"service.version": "1.11.1"
"src_type": "otlp"
}
"span.duration": 181499000
"span.id": "22b53dad5e808ec6"
"span.kind": "SPAN_KIND_CLIENT"
"span.name": "router frontend egress"
"start_time_unix_nano": 1727694533227317000
"status.code": "STATUS_CODE_OK"
"status.message": ""
"timestamp": 1727694533227
"trace.id": "4c27c6e851cf08878b87907f9edd600e"
"trace.state": ""
}
Example Cluster Pattern and Sample
The following example illustrates the Cluster Pattern and Sample data item created by a log to pattern node.
{
"_type": "cluster_pattern_and_sample",
"timestamp": 1748612970000,
"resource": {
"container.id": "1dee568dc5ebdb935175319cef3c752ef9bf40c988156a62c489392c9fe5b825",
"container.image.name": "docker.io/userexample/imageexample:latest",
"ed.conf.id": "123456789",
"ed.domain": "k8s",
"ed.filepath": "/var/log/pods/app_manager-2swkh_7a3b232e-9987-464a-9581-f4a614d6f00f/manager/0.log",
"ed.org.id": "987654321",
"ed.source.name": "kubernetes_logs",
"ed.source.type": "kubernetes_input",
"ed.tag": "k8s-onboarding-demo",
"host.ip": "<REDACTED>",
"host.name": "<REDACTED>.us-west-2.compute.internal",
"k8s.container.name": "manager",
"k8s.daemonset.name": "manager",
"k8s.namespace.name": "some-name",
"k8s.node.name": "<REDACTED>.us-west-2.compute.internal",
"k8s.pod.name": "manager-2swkh",
"k8s.pod.uid": "7a3b232e-9987-464a-9581-f4a614d6f00f",
"service.name": "manager"
},
"attributes": {},
"start_timestamp": 1748612940000,
"_pattern": "* GET * HTTP* http * Mozilla* compatible MSIE * Windows NT * Trident* !dt dt trace_id=unknown dt span_id=unknown dt trace_sampled=unknown",
"_pattern_count": 1,
"_sample": "10.0.1.163 - [30/May/2025:13:30:27 +0000] \"GET /assets/index-BbcRVwjv.js HTTP/1.0\" 200 1718860 \"http://frontendreverseproxy-app/\" \"Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.01; Trident/4.0)\" [!dt dt.trace_id=unknown,dt.span_id=unknown,dt.trace_sampled=unknown]",
"_sentiment_score": 0
}
Example Signal
The following example is a signal item generated by a threshold node and sent to a trigger type destination such as Slack:
{
"_type": "signal",
"timestamp": 1749030386195,
"resource": {
"container.id": "2296c093fbecee88cbc00a00c01ab4a1a1361c6ae0fb2f27e0077014d66fad29",
"container.image.name": "docker.io/exampleuser/exampleimage:latest",
"ed.conf.id": "<redacted>",
"ed.domain": "k8s",
"ed.filepath": "/var/log/pods/loggenlogs_loggen-d94d75-ggkcr_bd79183f-caa1-42dd-9cbf-8d2e7bd9b01e/loggen/0.log",
"ed.org.id": "<redacted>",
"ed.source.name": "loggen",
"ed.source.type": "kubernetes_input",
"ed.tag": "slacker",
"host.ip": "172.19.0.3",
"host.name": "slacker-control-plane",
"k8s.container.name": "loggen",
"k8s.deployment.name": "loggen",
"k8s.namespace.name": "loggenlogs",
"k8s.node.name": "slacker-control-plane",
"k8s.pod.name": "loggen-d94d75-ggkcr",
"k8s.pod.uid": "bd79183f-caa1-42dd-9cbf-8d2e7bd9b01e",
"k8s.replicaset.name": "loggen-d94d75",
"service.name": "loggen"
},
"attributes": {},
"signal": {
"description": "error-logs-per-minute hit threshold -threshold-checker of filter: item.name == \"error-logs-per-minute\" and condition: value > 5 with value 55.00",
"name": "error-logs-per-minute",
"signal_id": "111022",
"threshold_condition": "value > 5",
"threshold_filter": "item.name == \"error-logs-per-minute\"",
"title": "Threshold -threshold-checker triggered",
"value": 55
}
}
Example Health Item
{
"_health": {
"component": "mask_filter"
"name": "my-mask-processor"
"properties": {
"last_error": "<nil>"
"mask_test-mask-processor.error.count.one_minute": 0
"mask_test-mask-processor.hit.count.one_hour": 0
"mask_test-mask-processor.last_ten_min_err_count.count.ten_minutes": 0
}
"running":
true
"status": "ok"
"type": "agentComponentHealth"
}
"_type": "health"
"resource": {
"ed.conf.id": "12345678987654321"
"ed.org.id": "98765432123456789"
"ed.tag": "my-cluster"
"host.ip": ""
"host.name": "mycluster-worker"
}
"timestamp": 1723431526000
}
Custom Data Item
A custom data item refers to a data item with a schema that does not align with a common structure. These data items may be useful for bespoke applications or configurations, but they may cause validation errors.