Product Analytics collector

What does this MR do?

Rack application within Rails to record product analytics events.

The Product Analytics feature itself is built in several steps. You can see the progress here => #225167 (closed)

Related to !27730 (closed).

Why rack application:

  • we want as much performance as we can get. No need for controllers with all hooks etc.
  • we want it in Rails while feature is in experimental stage. Easy to ship. The future is go collector =>
  • its easier to remove later


  • Rack limit: 100 requests per minute per aid. aid stands for application id and means GitLab project id.
  • Ignore all requests without application id and event id.
  • No authentication (and never will be). Write any event if it's valid. Like snowplow collector.
  • Product analytics feature itself is behind a feature flag and disabled by default.
  • Deny requests for projects that don't have feature flag enabled (temporary until feature is enabled by default)
  • Requests will come from snowplow javascript tracker.

Does this MR meet the acceptance criteria?


Availability and Testing


If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Dmytro Zaporozhets (DZ)

Merge request reports