open-telemetry / semantic-conventions

Defines standards for generating consistent, accessible telemetry across a variety of domains
Apache License 2.0
244 stars 154 forks source link

Database: should we indicate that query text was sanitized? #1179

Open lmolkova opened 2 months ago

lmolkova commented 2 months ago

From June 5 SIG call: Is there any way to determine whether a query has been sanitized? ? is a common placeholder for query parameters.

An explicit flag that a query was sanitized could work, with the benefit of not require any string parsing to determine if the query was originally parameterized or not.

That's a good point, however I'm not sure if this is important enough to address it at this point. We can always add an additional attribute to store if the query was sanitized or not as an incremental change.

There is the db.query.parameter.<key> to store parameters - so if the query is parametrized, then that attributes is used - however that attribute is opt-in, so admittedly that'll not help in a default setup.

I personally would wait for user feedback on this and if needed, then I'd add the additional flag on-demand if we really see the need for it.

_Originally posted by @gregkalapos in https://github.com/open-telemetry/semantic-conventions/pull/1100#discussion_r1645856560_

trask commented 1 month ago

Moving to post-stability since this can be added as span attribute later, and won't be a metric attribute anyways (at least not be default) since db.query.text isn't a metric attribute either.