Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set agent.name to hostname by default #18000

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Apr 26, 2020

What does this PR do?

Since ECS does not define agent.hostname it will be removed in a future release.
In order to always have a field available to identify the agent by name we will
set the agent.name to hostname unless the user has provided a custom name.

Why is it important?

This puts the hostname into events by default. This will be important for cases where events may not contain the forwarding machine's hostname. For example when forwarding syslog data we may not have the host or observer namespaces populated.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

Relates #16377

Logs

Event output when name is unset.

  "agent": {
    "name": "mac.example.com",
    "type": "filebeat",
    "version": "8.0.0",
    "hostname": "mac.example.com",
    "ephemeral_id": "a690e034-28ac-413b-8bad-b618b57a2d79",
    "id": "fb930b06-9125-40b5-902c-bf0b0f077592"
  },

Event when name: my_custom_name is set:

  "agent": {
    "type": "filebeat",
    "version": "8.0.0",
    "hostname": "mac.example.com",
    "ephemeral_id": "c421fd5a-613b-4c40-aaa3-128c7e84a47c",
    "id": "b7e68e5b-cc5b-43b3-9e6b-0e74d2abde4d",
    "name": "my_custom_name"
  }

@andrewkroh andrewkroh added review libbeat needs_backport PR is waiting to be backported to other branches. ecs labels Apr 26, 2020
@andrewkroh andrewkroh force-pushed the feature/libbeat/default-agent-name-hostname branch from e0905d7 to 612a17a Compare April 26, 2020 23:12
@andrewkroh andrewkroh marked this pull request as ready for review April 26, 2020 23:22
@andrewkroh andrewkroh requested a review from a team as a code owner April 26, 2020 23:22
@andrewkroh andrewkroh force-pushed the feature/libbeat/default-agent-name-hostname branch from c00f9fb to c0e59e7 Compare April 28, 2020 01:16
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

"type": info.Beat, // Per ECS this is not a valid type value.
"ephemeral_id": info.EphemeralID.String(), // Not in ECS.
"hostname": info.Hostname,
"id": info.ID.String(), // Not in ECS.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should "name" also be here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nevermind, I see this has not changed

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, I didn't change observer. I had to separate them to avoid introducing changes to it. observer does need some changes, but that's another task - probably for 8.0.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 30, 2020

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview stats

Expand to view the summary

Build stats

  • Build Cause: [andrewkroh commented: run tests]

  • Start Time: 2020-05-02T02:53:47.881+0000

  • Duration: 85 min 25 sec (5125116)

  • Commit: db5eb1c

Test stats 🧪

Test Results
Failed 0
Passed 7688
Skipped 1210
Total 8898

Steps errors

Expand to view the steps failures

  • Name: Make -C generator/_templates/metricbeat test

    • Description: make -C generator/_templates/metricbeat test

    • Result: FAILURE

    • Duration: 2 min 38 sec<

    • Start Time: 2020-05-02T03:24:58.364+0000

  • Name: Make -C generator/_templates/beat test

    • Description: make -C generator/_templates/beat test

    • Result: FAILURE

    • Duration: 1 min 50 sec<

    • Start Time: 2020-05-02T03:27:26.755+0000

  • Name: Make -C generator/_templates/metricbeat test

    • Description: make -C generator/_templates/metricbeat test

    • Result: FAILURE

    • Duration: 1 min 24 sec<

    • Start Time: 2020-05-02T03:29:54.114+0000

  • Name: Make -C generator/_templates/beat test

    • Description: make -C generator/_templates/beat test

    • Result: FAILURE

    • Duration: 6 min 14 sec<

    • Start Time: 2020-05-02T03:39:45.712+0000

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Result: FAILURE

    • Duration: 1 min 27 sec<

    • Start Time: 2020-05-02T03:46:02.118+0000

andrewkroh added 4 commits May 1, 2020 20:32
Since ECS does not define agent.hostname it will be removed in a future release.
In order to always have a field available to identify the agent by name we will
set the agent.name to hostname unless the user has provided a custom name.

Relates elastic#16377
@andrewkroh andrewkroh force-pushed the feature/libbeat/default-agent-name-hostname branch from 3d845bb to db5eb1c Compare May 2, 2020 00:34
@andrewkroh
Copy link
Member Author

run tests

@andrewkroh andrewkroh merged commit 3711ee6 into elastic:master May 2, 2020
@andrewkroh andrewkroh added v7.8.0 and removed needs_backport PR is waiting to be backported to other branches. labels May 2, 2020
andrewkroh added a commit to andrewkroh/beats that referenced this pull request May 2, 2020
Since ECS does not define agent.hostname it will be removed in a future release.
In order to always have a field available to identify the agent by name we will
set the agent.name to hostname unless the user has provided a custom name.

Relates elastic#16377

(cherry picked from commit 3711ee6)
andrewkroh added a commit that referenced this pull request May 4, 2020
Since ECS does not define agent.hostname it will be removed in a future release.
In order to always have a field available to identify the agent by name we will
set the agent.name to hostname unless the user has provided a custom name.

Relates #16377

(cherry picked from commit 3711ee6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants