Open pladamgregory opened 1 day ago
Looks good Adam. Have we compared this with how OTel represents metrics and traces? Can the two complement each other? We have work going on to encode OCSF as protobuf, which then could be transported via OTel protocols. They had interest in more collaboration.
Summary
The current OCSF schema lacks a structured way to represent metrics and traces, which are critical data types in observability and monitoring contexts. This issue proposes:
Proposed Additions
Trace Profile
trace_id
,span_id
, and other metadata relevant to traces.Metrics Info Class (5023) for Discovery (Category 5)
Attributes for Metrics Info Class (5023)
Activity ID: Represents the origin of the event that triggered the metric.
0
: Unknown — The event activity is unknown.1
: Log — The information was obtained from a log.2
: Collect — The information was collected from a process.99
: Other — Seeactivity_name
for data source-specific values.Type ID: Standardized codes for metric types, covering a wide range of observability metrics such as CPU usage, memory usage, disk I/O, error rates, etc. Here is a proposed list:
type_name