[Elastic Agent] Add event.dataset to all events (#20076) (#20137)

* Inject add_fields event.dataset along side dataset. * Add event.dataset to all published events. * Add changelog. (cherry picked from commit c4010d9)
elastic · Jul 22, 2020 · b7c8acc · b7c8acc
1 parent 235d0da
commit b7c8acc
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 1 deletion.
diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc
@@ -91,3 +91,4 @@
 - Add --insecure option to enroll command {pull}19900[19900]
 - Will retry to enroll if the server return a 429. {pull}19918[19811]
 - Add --staging option to enroll command {pull}20026[20026]
+- Add `event.dataset` to all events {pull}20076[20076]
diff --git a/x-pack/elastic-agent/pkg/agent/operation/monitoring.go b/x-pack/elastic-agent/pkg/agent/operation/monitoring.go
@@ -198,6 +198,14 @@ func (o *Operator) getMonitoringFilebeatConfig(output interface{}) (map[string]i
 						},
 					},
 				},
+				{
+					"add_fields": map[string]interface{}{
+						"target": "event",
+						"fields": map[string]interface{}{
+							"dataset": "elastic.agent",
+						},
+					},
+				},
 			},
 		},
 	}
@@ -224,6 +232,14 @@ func (o *Operator) getMonitoringFilebeatConfig(output interface{}) (map[string]i
 							},
 						},
 					},
+					{
+						"add_fields": map[string]interface{}{
+							"target": "event",
+							"fields": map[string]interface{}{
+								"dataset": fmt.Sprintf("elastic.agent.%s", name),
+							},
+						},
+					},
 				},
 			})
 		}
@@ -266,6 +282,14 @@ func (o *Operator) getMonitoringMetricbeatConfig(output interface{}) (map[string
 						},
 					},
 				},
+				{
+					"add_fields": map[string]interface{}{
+						"target": "event",
+						"fields": map[string]interface{}{
+							"dataset": fmt.Sprintf("elastic.agent.%s", name),
+						},
+					},
+				},
 			},
 		})
 	}

diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml
@@ -12,6 +12,10 @@ filebeat:
             type: logs
             name: generic
             namespace: default
+      - add_fields:
+          target: "event"
+          fields:
+            dataset: generic
 output:
   elasticsearch:
     hosts:

diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml
@@ -12,6 +12,10 @@ filebeat:
             type: logs
             name: generic
             namespace: default
+      - add_fields:
+          target: "event"
+          fields:
+            dataset: generic
 output:
   elasticsearch:
     enabled: true

diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml
@@ -13,6 +13,10 @@ filebeat:
             type: logs
             name: generic
             namespace: default
+      - add_fields:
+          target: "event"
+          fields:
+            dataset: generic
 output:
   elasticsearch:
     hosts:

diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml
@@ -14,6 +14,10 @@ filebeat:
             type: logs
             name: generic
             namespace: default
+      - add_fields:
+          target: "event"
+          fields:
+            dataset: generic
   - type: log
     paths:
       - /var/log/hello3.log
@@ -28,6 +32,10 @@ filebeat:
             type: testtype
             name: generic
             namespace: default
+      - add_fields:
+          target: "event"
+          fields:
+            dataset: generic
 output:
   elasticsearch:
     hosts:

diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml
@@ -11,6 +11,10 @@ metricbeat:
           type: metrics
           name: docker.status
           namespace: default
+    - add_fields:
+        target: "event"
+        fields:
+          dataset: docker.status
   - module: docker
     metricsets: [info]
     index: metrics-generic-default
@@ -22,6 +26,10 @@ metricbeat:
           type: metrics
           name: generic
           namespace: default
+    - add_fields:
+        target: "event"
+        fields:
+          dataset: generic
   - module: apache
     metricsets: [info]
     index: metrics-generic-testing
@@ -36,6 +44,10 @@ metricbeat:
             type: metrics
             name: generic
             namespace: testing
+      - add_fields:
+          target: "event"
+          fields:
+            dataset: generic
 
 output:
   elasticsearch:

diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/rules.go b/x-pack/elastic-agent/pkg/agent/transpiler/rules.go
@@ -639,9 +639,16 @@ func (r *InjectStreamProcessorRule) Apply(ast *AST) error {
 				&Key{name: "namespace", value: &StrVal{value: namespace}},
 				&Key{name: "name", value: &StrVal{value: dataset}},
 			}}})
-
 			addFieldsMap := &Dict{value: []Node{&Key{"add_fields", processorMap}}}
 			processorsList.value = mergeStrategy(r.OnConflict).InjectItem(processorsList.value, addFieldsMap)
+
+			processorMap = &Dict{value: make([]Node, 0)}
+			processorMap.value = append(processorMap.value, &Key{name: "target", value: &StrVal{value: "event"}})
+			processorMap.value = append(processorMap.value, &Key{name: "fields", value: &Dict{value: []Node{
+				&Key{name: "dataset", value: &StrVal{value: dataset}},
+			}}})
+			addFieldsMap = &Dict{value: []Node{&Key{"add_fields", processorMap}}}
+			processorsList.value = mergeStrategy(r.OnConflict).InjectItem(processorsList.value, addFieldsMap)
 		}
 	}