Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bringing back host metadata as observer #11379

Closed
andrewvc opened this issue Mar 21, 2019 · 5 comments · Fixed by #11394
Closed

Bringing back host metadata as observer #11379

andrewvc opened this issue Mar 21, 2019 · 5 comments · Fixed by #11394
Assignees
@andrewvc
Labels
ecs Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team

Comments

@andrewvc
Copy link
Contributor

andrewvc commented Mar 21, 2019
edited
Loading

We removed the add_host_metadata processor from heartbeat for 7.0, thinking that it was an abuse of the host.* fields, since users might expect host.* to correspond with the instance being monitored, not the instance doing the monitoring. Indeed this is what the ECS spec says

ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken.

After discussing this with @webmat and it seems that we can simply put this data under observer.*. To do this we'll need to create an add_observer_metadata processor, which could be implemented as a sort of alias to add_host_metadata with the parent field changed.
@andrewvc andrewvc added Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team labels Mar 21, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/uptime

@webmat
Copy link
Contributor

webmat commented Mar 21, 2019

Thanks for opening this, @andrewvc. A few thoughts on this.

ECS currently doesn't allow for nesting of host at observer.host. I'm open to having the discussion to add this. But for compliance with ECS 1.0.0, this processor should at least fill observer.hostname, observer.ip and potentially observer.mac.

This new processor will help solve agent / observer issues we've been having in many situations (Metricbeat monitoring other hosts, Filebeat listening on syslog port, etc). It will then be straightforward for people to apply either add_host_metadata or add_observer_metadata per event source.

cc @ruflin

@webmat webmat added the ecs label Mar 21, 2019
@ruflin
Copy link
Collaborator

ruflin commented Mar 22, 2019

+1 on having this processor. For now I would stick to what @webmat proposed above with observer.* having many shared fields with host.*. This is similar to what we have in agent.* too.

If I remember correctly, @elastic/apm-server already populates observer.*? Perhaps one of them can chime in?

@jalvz
Copy link
Contributor

jalvz commented Mar 22, 2019
edited
Loading

Yes, this is what we have at the moment:

https://github.com/elastic/apm-server/blob/7807b0a8c5dfd9e5e89e4ce8873d1d26443edf48/publish/pub.go#L72

@andrewvc andrewvc mentioned this issue Mar 22, 2019
Merged
@andrewvc andrewvc added review and removed review labels Mar 22, 2019
@andrewvc
Copy link
Contributor Author

andrewvc commented Mar 22, 2019
edited
Loading

PR is up here: #11394

@ruflin ruflin removed their assignment Apr 17, 2019
andrewvc added a commit that referenced this issue Apr 24, 2019
@andrewvc
Add add_observer_metadata processor (#11394)
1d94462 
Resolves #11379 via addition of new add_observer_metadata processor.

In addition to creating the processor this PR extracts out the common operations between add_observer_metadata and add_host_metadata for geo and netinfo fields into a new processors/util package.

Please note that the observer ECS field does not contain the same values that host does. See the ECS Observer Spec for more info.
andrewvc added a commit to andrewvc/beats that referenced this issue Apr 24, 2019
@andrewvc
Add add_observer_metadata processor (elastic#11394)
616a899 
Resolves elastic#11379 via addition of new add_observer_metadata processor.

In addition to creating the processor this PR extracts out the common operations between add_observer_metadata and add_host_metadata for geo and netinfo fields into a new processors/util package.

Please note that the observer ECS field does not contain the same values that host does. See the ECS Observer Spec for more info.

(cherry picked from commit 1d94462)
@andrewvc andrewvc mentioned this issue Apr 24, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewvc andrewvc

Labels
ecs Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add add_observer_metadata processor andrewvc/beats
5 participants
@webmat @andrewvc @ruflin @jalvz @elasticmachine