Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[azure logs] use one input + routing for all data streams (WIP) #11432

Closed
wants to merge 5 commits into from
Closed

[azure logs] use one input + routing for all data streams (WIP) #11432

wants to merge 5 commits into from

Conversation

zmoog
Copy link
Contributor

@zmoog zmoog commented Oct 16, 2024
edited
Loading

Proposed commit message

Switch the integration package from the one-input-per-data-stream model to the one-input model.

One input per data stream model:

image

One input model:

image

In the one-input model, there is only one azure-eventhub input running and sending events to the events data stream. In the events data stream, the ingest pipeline performs these tasks:

  • discover and set the event.dataset field using the category field in the event.
  • use the event.dataset field to reroute the event to the target data stream.

The discover process uses the following logic:

  • if the event doesn't have a category, it sets event.dataset to azure.eventhub (the generic integration)
  • if the event does have a category, it sets event.dataset to azure.platformlogs (it's probably an Azure log)
  • if the event category is supported, it sets event.dataset to specific one like azure.activitylogs or azure.signinlogs.

After the discovery step, the routing rules use the event.dataset value to forward the events to the best available target data stream.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@zmoog zmoog self-assigned this Oct 16, 2024
@zmoog zmoog added Team:obs-ds-hosted-services Label for the Observability Hosted Services team [elastic/obs-ds-hosted-services] enhancement New feature or request Integration:azure Azure Logs labels Oct 16, 2024
@zmoog zmoog changed the title [azure logs] use one input for all data streams + routing (WIP) [azure logs] use one input + routing for all data streams (WIP) Oct 16, 2024
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 16, 2024
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
26.1% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@zmoog
Copy link
Contributor Author

zmoog commented Nov 7, 2024

Here's the latest iteration for the integration settings to evidence the recommended single data stream (v2) vs. the legacy multiple data stream (v1) solutions:

image

@defutek-tj
Copy link

@zmoog - do you have any updates as to the timeframe when this will be ready / released?

@zmoog
Copy link
Contributor Author

zmoog commented Dec 3, 2024

@zmoog - do you have any updates as to the timeframe when this will be ready / released?

Hey @defutek-tj, my apologies for the delay.

We clarified the Event Hub SDK behavior with the Event Hub team, and now we can move forward with the first update.

In the following integration update, we will ship a new data stream v2 (preview) to handle all the log categories. ETA is next week.

@zmoog zmoog force-pushed the zmoog/one-input-to-rule-them-all branch from 533db9d to 45192fb Compare December 3, 2024 12:42
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
26.2% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @zmoog

@zmoog
Copy link
Contributor Author

zmoog commented Dec 3, 2024

I'm replacing this PR with the simpler and backwards compatible #11984

@zmoog zmoog closed this Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@zmoog zmoog

Labels
enhancement New feature or request Integration:azure Azure Logs Team:obs-ds-hosted-services Label for the Observability Hosted Services team [elastic/obs-ds-hosted-services]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Azure Logs: use one input per agent policy
3 participants
@zmoog @defutek-tj @elasticmachine