incorporate feedback

- always honor winlogbeat.overwrite_pipelines - switch to prefix-version-short_id for pipeline ids
elastic · Dec 24, 2021 · 383c80d · 383c80d
1 parent be0b240
commit 383c80d
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 7 deletions.
diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go
@@ -510,6 +510,9 @@ func FixYAMLMaps(elem interface{}) (_ interface{}, err error) {
 
 // FormatPipelineID generates the ID to be used for the pipeline ID in Elasticsearch
 func FormatPipelineID(prefix, module, fileset, path, version string) string {
+	if module == "" && fileset == "" {
+		return fmt.Sprintf("%s-%s-%s", prefix, version, removeExt(filepath.Base(path)))
+	}
 	return fmt.Sprintf("%s-%s-%s-%s-%s", prefix, version, module, fileset, removeExt(filepath.Base(path)))
 }
 

diff --git a/winlogbeat/beater/winlogbeat.go b/winlogbeat/beater/winlogbeat.go
@@ -108,7 +108,7 @@ func (eb *Winlogbeat) init(b *beat.Beat) error {
 		eb.eventLogs = append(eb.eventLogs, logger)
 	}
 	b.OverwritePipelinesCallback = func(esConfig *common.Config) error {
-		overwritePipelines := true
+		overwritePipelines := config.OverwritePipelines
 		esClient, err := eslegclient.NewConnectedClient(esConfig, "Winlogbeat")
 		if err != nil {
 			return err

diff --git a/winlogbeat/module/pipeline.go b/winlogbeat/module/pipeline.go
@@ -139,7 +139,7 @@ func readFile(filename string, info beat.Info) (p pipeline, err error) {
 		return pipeline{}, err
 	}
 	p = pipeline{
-		id:       fileset.FormatPipelineID(info.IndexPrefix, "default", "default", filename, info.Version),
+		id:       fileset.FormatPipelineID(info.IndexPrefix, "", "", filename, info.Version),
 		contents: updatedContent,
 	}
 	return p, nil
@@ -179,8 +179,8 @@ func applyTemplates(prefix string, version string, filename string, original []b
 	vars := map[string]interface{}{
 		"builtin": map[string]interface{}{
 			"prefix":      prefix,
-			"module":      "default",
-			"fileset":     "default",
+			"module":      "",
+			"fileset":     "",
 			"beatVersion": version,
 		},
 	}

diff --git a/x-pack/winlogbeat/_meta/config/output-elasticsearch.yml.tmpl b/x-pack/winlogbeat/_meta/config/output-elasticsearch.yml.tmpl
@@ -12,4 +12,4 @@ output.elasticsearch:
   #password: "changeme"
 
   # Pipeline to route events to security, sysmon, or powershell pipelines.
-  pipeline: "winlogbeat-%{[agent.version]}-default-default-routing"
+  pipeline: "winlogbeat-%{[agent.version]}-routing"
diff --git a/x-pack/winlogbeat/winlogbeat.yml b/x-pack/winlogbeat/winlogbeat.yml
@@ -121,8 +121,8 @@ output.elasticsearch:
   #username: "elastic"
   #password: "changeme"
 
-  # Pipeline to route events to security, sysmon or powershell pipelines
-  pipeline: "winlogbeat-%{[agent.version]}-default-default-routing"
+  # Pipeline to route events to security, sysmon, or powershell pipelines.
+  pipeline: "winlogbeat-%{[agent.version]}-routing"
 
 # ------------------------------ Logstash Output -------------------------------
 #output.logstash: