Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

V2: Agent log message details are not visible in the Fleet agent detail log view #1954

Closed
cmacknz opened this issue Dec 15, 2022 · 5 comments · Fixed by #2001
Closed

V2: Agent log message details are not visible in the Fleet agent detail log view #1954

cmacknz opened this issue Dec 15, 2022 · 5 comments · Fixed by #2001
Assignees
Labels

Comments

@cmacknz
Copy link
Member

cmacknz commented Dec 15, 2022

In V2 the majority of the detail in agent log messages is now included in an component object that is not visible in any of the easily accessible views in Fleet. An example log message is:

{
  "log.level": "info",
  "@timestamp": "2022-12-15T19:44:45.271Z",
  "log.origin": {
    "file.name": "coordinator/coordinator.go",
    "file.line": 345
  },
  "message": "Existing component state changed",
  "component": {
    "id": "beat/metrics-monitoring",
    "state": "HEALTHY",
    "message": "Healthy: communicating with pid 81194",
    "inputs": [
      {
        "id": "beat/metrics-monitoring-metrics-monitoring-beats",
        "state": "HEALTHY",
        "message": "beat reloaded"
      }
    ],
    "output": {
      "id": "beat/metrics-monitoring",
      "state": "CONFIGURING",
      "message": "reloading output component"
    }
  },
  "ecs.version": "1.6.0"
}

In Fleet this is presented only as "Existing component state changed" with very little detail:

Screen Shot 2022-12-15 at 3 15 36 PM

Following the "Open in Logs" link presents slightly more detail but still omits most of the useful information:

Screen Shot 2022-12-15 at 3 16 36 PM

@cmacknz
Copy link
Member Author

cmacknz commented Dec 15, 2022

@joshdover what controls the visibility of the message fields here? Is there a mapping we need to update on the Fleet side?

@joshdover
Copy link
Contributor

The mappings are populated by the elastic_agent package's field definitions: https://github.com/elastic/integrations/tree/main/packages/elastic_agent/data_stream/elastic_agent_logs/fields

This would need to be updated for the components key and then a new package version needs to be released and the version bundled with kibana needs to be updated here (and make sure it's backported to 8.6): https://github.com/elastic/kibana/blob/fa9094366c63aa371b7010a19e5ba5eb99b74236/fleet_packages.json#L28

That said I do think we should make the message field more useful as well as this is the only field presented in the Logs and Fleet UI. Maybe a format like:

[${component.id}][${component.state}] Existing component state changed: ${component.message}, inputs: ${component.inputs.map(i => i.state).join(",")}, output: ${component.output.state}

@cmacknz
Copy link
Member Author

cmacknz commented Dec 21, 2022

Agreed, just changing the log message here would help. We are using the logger.With pattern to attach the component log object everywhere so it might be a bit tricky to find every instance of this in the agent code, but at least for this state changed message we can change it since it is the most useful message in the logs usually.

@joshdover
Copy link
Contributor

Testing my fix is blocked on elastic/beats#34093

@cmacknz
Copy link
Member Author

cmacknz commented Dec 23, 2022

Blake also made some changes to address this in #2001

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants