Search history API #4452
Description
Which OpenObserve functionalities are relevant/related to the feature request?
No response
Description
We report search usage to _meta org and we have all the history data. but we have no an API can provide search history then the user can easy find what they run.
Proposed solution
The data structure in the stream usage under the _meta org like this:
{
"_timestamp": 1725420695864611,
"cached_ratio": 91,
"day": 4,
"event": "Search",
"event_time_hour": "2024090403",
"hour": 3,
"max_ts": 1725420695605000,
"min_ts": 1725334295605000,
"month": 9,
"num_records": 26,
"org_id": "otlp-production",
"request_body": "SELECT context_page_path as \"x_axis_1\", count(distinct(properties_anonymousid)) as \"y_axis_1\" FROM \"segment\" WHERE context_page_path LIKE '%/blog/%' AND context_page_path NOT LIKE '%/blog/tag/%' GROUP BY x_axis_1 ORDER BY y_axis_1 DESC",
"response_time": 0.162778505,
"search_type": "Dashboards",
"size": 904,
"stream_name": "segment",
"stream_type": "logs",
"took_wait_in_queue": 19,
"trace_id": "28c3824d0c494637bda5349cf91e1217",
"unit": "MB",
"user_email": "[email protected]",
"year": 2024
}Then we can create an API /api/{org}/_search_history to get the search history from this stream, we can filter the data by:
- org_id
- stream_type
- stream_name
- user_id
- start_time (min_ts)
- end_time (max_ts)
- trace_id
And the new API response should similar to the search API, but the fields should be:
- org_id
- stream_type
- stream_name
- user_id
- start_time
- end_time
- sql (request_body)
- scan_size
- scan_records
- took (response_time)
- cached_ratio
- trace_id