Update .fleet-agents mappings for integration health status #89574

joshdover · 2022-08-24T12:14:54Z

Related to elastic/elastic-agent#100 we need to update https://github.com/elastic/elasticsearch/blob/main/x-pack/plugin/core/src/main/resources/fleet-agents.json to add mappings for the new fields.

Here is a sample of the new fields added:

{
    "status": "online",
    "events": null,
    "message": "Running",
    "components": [
        {
            "id": "winlog-default",
            "type": "winlog",
            "status": "starting",
            "message": "Starting: spawned pid '41297'",
            "units": [
                {
                    "id": "winlog-default-winlog-system-066f58e7-8cb9-4ff1-9324-26361cc929d0",
                    "type": "input",
                    "status": "starting",
                    "message": "Starting: spawned pid '41297'"
                },
                {
                    "id": "winlog-default",
                    "type": "output",
                    "status": "starting",
                    "message": "Starting: spawned pid '41297'"
                }
            ]
        },
        {
            "id": "system/metrics-default",
            "type": "system/metrics",
            "status": "starting",
            "message": "Starting: spawned pid '41298'",
            "units": [
                {
                    "id": "system/metrics-default",
                    "type": "output",
                    "status": "starting",
                    "message": "Starting: spawned pid '41298'"
                },
                {
                    "id": "system/metrics-default-system/metrics-system-066f58e7-8cb9-4ff1-9324-26361cc929d0",
                    "type": "input",
                    "status": "starting",
                    "message": "Starting: spawned pid '41298'"
                }
            ]
        },
        {
            "id": "log-default",
            "type": "log",
            "status": "starting",
            "message": "Starting: spawned pid '41296'",
            "units": [
                {
                    "id": "log-default-logfile-system-066f58e7-8cb9-4ff1-9324-26361cc929d0",
                    "type": "input",
                    "status": "starting",
                    "message": "Starting: spawned pid '41296'"
                },
                {
                    "id": "log-default",
                    "type": "output",
                    "status": "starting",
                    "message": "Starting: spawned pid '41296'"
                }
            ]
        }
    ]
}

The text was updated successfully, but these errors were encountered:

aleksmaus · 2022-08-24T13:32:16Z

The actual .fleet-agents document example:

{
    "access_api_key_id": "Di0iooIBTRpRIDsNZNU3",
    "action_seq_no": [
        -1
    ],
    "active": true,
    "agent": {
        "id": "4a3932ee-601c-4a54-b3c9-dae64bcf6c8c",
        "version": "8.4.0"
    },
    "enrolled_at": "2022-08-15T15:32:19Z",
    "local_metadata": {
        "elastic": {
            "agent": {
                "build.original": "8.4.0-SNAPSHOT (build: 1aefaf999ee4dab4e02512e47c13c96c86eaf023 at 2022-08-15 15:28:56 +0000 UTC)",
                "id": "4a3932ee-601c-4a54-b3c9-dae64bcf6c8c",
                "log_level": "info",
                "snapshot": true,
                "upgradeable": true,
                "version": "8.4.0"
            }
        },
        "host": {
            "architecture": "x86_64",
            "hostname": "mars2020",
            "id": "2628AB39-F770-5FC3-B7F1-8CC95E506B0D",
            "ip": [
                "127.0.0.1/8",
                "::1/128",
                "fe80::1/64",
                "fe80::aede:48ff:fe00:1122/64",
                "fe80::10c9:d85d:3022:447d/64",
                "10.0.0.18/24",
                "fe80::c76:65ff:fee3:9657/64",
                "fe80::c76:65ff:fee3:9657/64",
                "fe80::94c0:5e15:cad:5482/64",
                "fe80::ea11:53f7:9933:39cc/64",
                "fe80::ce81:b1c:bd2c:69e/64"
            ],
            "mac": [
                "ac:de:48:00:11:22",
                "a6:83:e7:76:80:31",
                "a4:83:e7:76:80:31",
                "0e:76:65:e3:96:57",
                "0e:76:65:e3:96:57",
                "82:52:53:a8:c0:05",
                "82:52:53:a8:c0:01",
                "82:52:53:a8:c0:00",
                "82:52:53:a8:c0:04",
                "82:52:53:a8:c0:01"
            ],
            "name": "mars2020"
        },
        "os": {
            "family": "darwin",
            "full": "macOS(12.5)",
            "kernel": "21.6.0",
            "name": "macOS",
            "platform": "darwin",
            "version": "12.5"
        }
    },
    "policy_id": "95feb870-1caa-11ed-9762-833638d127f6",
    "type": "PERMANENT",
    "default_api_key": "EC0iooIBTRpRIDsNmdXf:NCQKlvUOTxyY28Cq4PV9AA",
    "default_api_key_id": "EC0iooIBTRpRIDsNmdXf",
    "policy_output_permissions_hash": "d167d4b2ecca517a5179731c1496f8e46e7dad34e6fd20f0cdc2c27308c7b571",
    "policy_revision_idx": 2,
    "policy_coordinator_idx": 1,
    "updated_at": "2022-08-15T16:59:28Z",
    "last_checkin_status": "online",
    "last_checkin": "2022-08-15T16:59:23Z",
    "last_checkin_message": "Running",
    "components": [
        {
            "id": "system/metrics-default",
            "units": [
                {
                    "id": "system/metrics-default",
                    "type": "output",
                    "message": "Starting: spawned pid '41532'",
                    "status": "starting"
                },
                {
                    "id": "system/metrics-default-system/metrics-system-aa5fe74e-c1fd-4d27-a5eb-e3860d815836",
                    "type": "input",
                    "message": "Starting: spawned pid '41532'",
                    "status": "starting"
                }
            ],
            "type": "system/metrics",
            "message": "Starting: spawned pid '41532'",
            "status": "starting"
        },
        {
            "id": "log-default",
            "units": [
                {
                    "id": "log-default-logfile-system-aa5fe74e-c1fd-4d27-a5eb-e3860d815836",
                    "type": "input",
                    "message": "Starting: spawned pid '41530'",
                    "status": "starting"
                },
                {
                    "id": "log-default",
                    "type": "output",
                    "message": "Starting: spawned pid '41530'",
                    "status": "starting"
                }
            ],
            "type": "log",
            "message": "Starting: spawned pid '41530'",
            "status": "starting"
        },
        {
            "id": "winlog-default",
            "units": [
                {
                    "id": "winlog-default",
                    "type": "output",
                    "message": "Starting: spawned pid '41531'",
                    "status": "starting"
                },
                {
                    "id": "winlog-default-winlog-system-aa5fe74e-c1fd-4d27-a5eb-e3860d815836",
                    "type": "input",
                    "message": "Starting: spawned pid '41531'",
                    "status": "starting"
                }
            ],
            "type": "winlog",
            "message": "Starting: spawned pid '41531'",
            "status": "starting"
        }
    ]
}

aleksmaus · 2022-08-24T13:45:13Z

@kevinlog @joshdover
Could you take a look at the actual .fleet-agent document above? We have nested components array and then nested within the component the units array. How do you want to search this? Do we need two levels of nested objects (which could be expensive)?
https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html#_limits_on_nested_mappings_and_objects
Should we just have these fields "flattened" (as by default) https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html#nested-arrays-flattening-objects?

With two levels of nested mapping, the one document above becomes 10 documents at Lucene level as far as I understand.

joshdover · 2022-08-24T13:53:21Z

I think we could probably get away with only mapping the fields that are being used to search / filter on today (none?), plus some obvious ones that may be useful for support situations and update the mappings later when additional functionality is added. Typically adding mappings would require a reindex for them to be applied, but since these documents are updated constantly, I don't anticipate that being an issue.

It'd be good to validate that that assumption first though.

kevinlog · 2022-08-24T13:57:19Z

cc @joeypoon - which fields would we need to search on to display input statuses?

joeypoon · 2022-08-24T15:41:37Z

For our initial use case, I believe we just plan to update the /agent/{agentId} API to include the new components field. As of now, we only need to parse components[i].units[i].payload for endpoint ES connection error. So we shouldn't need to search by any of the new fields yet. cc @dasansol92

aleksmaus · 2022-08-24T15:44:24Z

cool, then it makes sense to disable any mapping on the components for now, to avoid "auto-mapping/type-guess" and will add the mapping for the new top level field

        "last_checkin_message": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 1024
            }
          }
        },

juliaElastic · 2022-09-28T15:09:53Z

@joshdover Is this issue done? I am wondering why it is still open.

aleksmaus · 2022-09-28T16:52:07Z

Yeah, this is done and merged. Closing.

joshdover assigned aleksmaus Aug 24, 2022

joshdover added v8.5.0 Team:Fleet labels Aug 24, 2022

aleksmaus mentioned this issue Aug 24, 2022

Fleet: Add new mappings for .fleet-agents last_checkin_message and components fields #89599

Merged

csoulios added v8.6.0 and removed v8.5.0 labels Sep 21, 2022

juliaElastic mentioned this issue Sep 28, 2022

Report the status message field to Fleet Server checkins elastic/elastic-agent#1151

Closed

aleksmaus closed this as completed Sep 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update .fleet-agents mappings for integration health status #89574

Update .fleet-agents mappings for integration health status #89574

joshdover commented Aug 24, 2022

aleksmaus commented Aug 24, 2022

aleksmaus commented Aug 24, 2022 •

edited

Loading

joshdover commented Aug 24, 2022 •

edited

Loading

kevinlog commented Aug 24, 2022

joeypoon commented Aug 24, 2022

aleksmaus commented Aug 24, 2022

juliaElastic commented Sep 28, 2022 •

edited

Loading

aleksmaus commented Sep 28, 2022

Update .fleet-agents mappings for integration health status #89574

Update .fleet-agents mappings for integration health status #89574

Comments

joshdover commented Aug 24, 2022

aleksmaus commented Aug 24, 2022

aleksmaus commented Aug 24, 2022 • edited Loading

joshdover commented Aug 24, 2022 • edited Loading

kevinlog commented Aug 24, 2022

joeypoon commented Aug 24, 2022

aleksmaus commented Aug 24, 2022

juliaElastic commented Sep 28, 2022 • edited Loading

aleksmaus commented Sep 28, 2022

aleksmaus commented Aug 24, 2022 •

edited

Loading

joshdover commented Aug 24, 2022 •

edited

Loading

juliaElastic commented Sep 28, 2022 •

edited

Loading