Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle ECS-compatible slowlogs emitted by ES 8.0.0+ #17729

Merged
merged 3 commits into from
Apr 17, 2020

Conversation

ycombinator
Copy link
Contributor

@ycombinator ycombinator commented Apr 15, 2020

What does this PR do?

With elastic/elasticsearch#47105 merged, starting with 8.0.0, Elasticsearch will emit ECS-compatible slowlogs (and other types of logs). This PR enhances the elasticsearch/slowlog fileset's ingestion pipeline to handle this new slowlog format, while also remaining backwards-compatible with the previous (7.x) slowlog format.

Why is it important?

So the Filebeat elasticsearch/slowlog fileset can handle current as well as upcoming Elasticsearch slowlog formats.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@ycombinator ycombinator added the in progress Pull request is currently in progress. label Apr 15, 2020
@ycombinator ycombinator requested a review from leehinman April 16, 2020 15:25
@ycombinator ycombinator added Feature:Stack Monitoring Team:Services (Deprecated) Label for the former Integrations-Services team and removed in progress Pull request is currently in progress. labels Apr 16, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/stack-monitoring (Stack monitoring)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations-services (Team:Services)

@ycombinator ycombinator added [zube]: In Review needs_backport PR is waiting to be backported to other branches. v7.8.0 v8.0.0 labels Apr 16, 2020
@ycombinator ycombinator marked this pull request as ready for review April 16, 2020 15:26
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ycombinator ycombinator force-pushed the fb-es-slowlog-800-ecs branch from 7dc8e90 to a87d58e Compare April 16, 2020 22:06
@ycombinator
Copy link
Contributor Author

Travis CI is green and Jenkins CI failures are unrelated. Merging.

@ycombinator ycombinator merged commit 6ee548e into elastic:master Apr 17, 2020
@ycombinator ycombinator deleted the fb-es-slowlog-800-ecs branch April 17, 2020 04:20
@ycombinator ycombinator removed the needs_backport PR is waiting to be backported to other branches. label Apr 17, 2020
ycombinator added a commit that referenced this pull request Apr 24, 2020
* Adding ECS-compatible sample slowlogs

* Handle ECS-compatible slowlogs emitted by ES 8.0.0+

* Adding CHANGELOG entry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Stack Monitoring Team:Services (Deprecated) Label for the former Integrations-Services team v7.8.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants