-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fleet managed: enable debug mode #143
Comments
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
Hey! Is there an option to give some priority? It might be a useful feature for supporting customers once we're GA. Any workaround would be also appreciated. |
Assigning @michel-laterman to have more insight as he worked on the diagnosis topic. As soon as we have a clear target on it we'll move forward. |
We can pass the |
Should we add it in the same PR as ECS logging? elastic/beats#28573 |
Sounds good, but to be complete we need to control the log level with ENVs injected to the Docker image. Is this option available? |
There's some support for env vars now (https://www.elastic.co/guide/en/beats/metricbeat/7.15/using-environ-vars.html) however it needs changes made to the config file used in order to work, is that acceptable for the time being? |
This is the way we start elastic-agent and fleet-server: We depend on environment variables only. |
After a chat with @ruflin, I think that we agreed the best approach to take was to add the ability to define logging levels to the policy instead of just passing the agent's level to the process. This way we can use environment variables with a default, for example (syntax may not be correct) log.level: ${CUSTOM_LOG_LEVEL:'info'} |
@joshdover I wonder if we should use an environment variable with the preset values as the default from Fleet. This means, the policy sent down by Fleet would always contain something like Now what happens if a user was overwriting the log level for an elastic agent from Fleet? Which one wins? |
Seems reasonable to me. Let us know if we should open an issue to start tracking this.
Do we have precedence with any other settings? I sorta expect the local agent config to override the managed config for simple debugging purposes. I don't think there would be any security risk here since the user needs root access on the machine to edit the local configuration, which means they likely have access to everything that Agent is collecting data from. |
Do we need to always have the same winner? Shouldn't we take the most verbose for diagnosis purpose? |
@joshdover Sounds like this is the issue to track this? You mean we need an additional issue in Beats / Kibana? @jlind23 I expect us to have many more configs where this logic applies. Instead of having a case by case logic I rather have a principle in place do always have the same behaviour. I like the idea that the most local one wins. Basically the order would be:
|
Local first suits me well then! 👍🏼 |
Yes, I was asking if we should open an Fleet UI issue for making this the default value: |
I think we need both. Making it a default in the Elastic Agent but also when shipped down from the policy as the policy will overwrite it. |
Being able to enable debug logging is important for APM Server too, as we are going all in on Fleet. If users can't enable debug logging we're going to have a harder time debugging issues. Ideally we would also be able to set |
I've opened elastic/kibana#125956 to track this on the Fleet UI side. Following from @axw's suggestion above, it seems we're likely to want to expose more than just
TBH I'm still unclear on why Fleet needs to provide this in the policy and the default can't be part of the Elastic Agent logic. What wouldn't be possible if the default came from the policy? The only thing I can think of is whenever we get around to adding support for variables and conditions or global variables that this would be necessary. |
@ph would it be possible for you to give a first stab as designing it? |
I need bit more details, looking at the original description and the above information we are looking for a way to define using the environment variable a new log level or a new selector or both. Looking at this comment we are looking at log level per input? What is the actual
|
If there are inputs with different log levels then I think we should take the most verbose one. |
The debug logging option is also crucial for cloudbeat. We are less concerned about log level per input and even a log level that's inherited from the agent log level / env var would be helpful. Maybe we can start with that and reiterate once we have a complete definition? |
@oren-zohar starting with a global log level sounds good as a first step. If you give a first try at it let me know and i'll find someone to help you out if needed. |
Closing this as duplicate as it will be covered by #3090 |
Hi Team,
while investigating the root cause of elastic/integrations#1566 , we confirmed that's really useful to enable debug logs for filebeat and metricbeat running as Docker containers (under CI). The ideal option would involve an extra property in policy to enable debug logging or at least a special Docker image ENV which can be hardcoded in system tests.
The text was updated successfully, but these errors were encountered: