[Fleet] Add <type>@custom component template to each integration index template's composed_of array
#190730
Closed
2 tasks done
Assignees
Labels
Team:Fleet
Team label for Observability Data Collection Fleet team
Comments
kpollich
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
A note on the ordering: in order for the |
Are you sure? Doesn't it need to go above "logs-system.auth@package" to override the package settings? I've been wanting to add the lowercase normaliser to fields like host.name, user.name and user.target.name since we moved to Elastic-Agent. This is because users are constantly missing logs or struggling to search for hostnames where most search interfaces/KQL is case-sensitive. We want to add these lowercase normalisers globally to all log data, overriding the elastic integration mappings. |
|
Yes, later component templates have a higher precedence.
|
This was referenced Sep 12, 2024
jillguyonnet
added a commit
that referenced
this issue
Sep 20, 2024
#192731) ## Summary Relates #190730 This PR adds a `<type>@Custom `component template to integrations index template's `composed_of` array. ### Testing Integration install/update should be tested. From my manual testing, Fleet seems to behave normally and the new component template is added to the `composed_of` array. For example, the output of `GET /_index_template/logs-system.auth` is: ```json { "index_templates": [ { "name": "logs-system.auth", "index_template": { "index_patterns": [ "logs-system.auth-*" ], "template": { "settings": {}, "mappings": { "_meta": { "package": { "name": "system" }, "managed_by": "fleet", "managed": true } } }, "composed_of": [ "logs@mappings", "logs@settings", "logs-system.auth@package", "logs@custom", "logs-system.auth@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1" ], "priority": 200, "_meta": { "package": { "name": "system" }, "managed_by": "fleet", "managed": true }, "data_stream": { "hidden": false, "allow_custom_routing": false, "failure_store": false }, "ignore_missing_component_templates": [ "logs@custom", "logs-system.auth@custom" ] } } ] } ``` ### Screenshot <img width="956" alt="Screenshot 2024-09-19 at 16 44 57" src="https://github.com/user-attachments/assets/7e1d8e67-1d78-45a7-bc8d-8e509f1a2533"> <img width="956" alt="Screenshot 2024-09-19 at 17 04 45" src="https://github.com/user-attachments/assets/8b6bbaf3-34b7-4169-8ca8-2bc6a38fe60d"> ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
|
Hello, I have a problem with the component template |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Nov 4, 2024
elastic#192731) ## Summary Relates elastic#190730 This PR adds a `<type>@Custom `component template to integrations index template's `composed_of` array. ### Testing Integration install/update should be tested. From my manual testing, Fleet seems to behave normally and the new component template is added to the `composed_of` array. For example, the output of `GET /_index_template/logs-system.auth` is: ```json { "index_templates": [ { "name": "logs-system.auth", "index_template": { "index_patterns": [ "logs-system.auth-*" ], "template": { "settings": {}, "mappings": { "_meta": { "package": { "name": "system" }, "managed_by": "fleet", "managed": true } } }, "composed_of": [ "logs@mappings", "logs@settings", "logs-system.auth@package", "logs@custom", "logs-system.auth@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1" ], "priority": 200, "_meta": { "package": { "name": "system" }, "managed_by": "fleet", "managed": true }, "data_stream": { "hidden": false, "allow_custom_routing": false, "failure_store": false }, "ignore_missing_component_templates": [ "logs@custom", "logs-system.auth@custom" ] } } ] } ``` ### Screenshot <img width="956" alt="Screenshot 2024-09-19 at 16 44 57" src="https://github.com/user-attachments/assets/7e1d8e67-1d78-45a7-bc8d-8e509f1a2533"> <img width="956" alt="Screenshot 2024-09-19 at 17 04 45" src="https://github.com/user-attachments/assets/8b6bbaf3-34b7-4169-8ca8-2bc6a38fe60d"> ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit c8ff7ea)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Nov 4, 2024
elastic#192731) ## Summary Relates elastic#190730 This PR adds a `<type>@Custom `component template to integrations index template's `composed_of` array. ### Testing Integration install/update should be tested. From my manual testing, Fleet seems to behave normally and the new component template is added to the `composed_of` array. For example, the output of `GET /_index_template/logs-system.auth` is: ```json { "index_templates": [ { "name": "logs-system.auth", "index_template": { "index_patterns": [ "logs-system.auth-*" ], "template": { "settings": {}, "mappings": { "_meta": { "package": { "name": "system" }, "managed_by": "fleet", "managed": true } } }, "composed_of": [ "logs@mappings", "logs@settings", "logs-system.auth@package", "logs@custom", "logs-system.auth@custom", "ecs@mappings", ".fleet_globals-1", ".fleet_agent_id_verification-1" ], "priority": 200, "_meta": { "package": { "name": "system" }, "managed_by": "fleet", "managed": true }, "data_stream": { "hidden": false, "allow_custom_routing": false, "failure_store": false }, "ignore_missing_component_templates": [ "logs@custom", "logs-system.auth@custom" ] } } ] } ``` ### Screenshot <img width="956" alt="Screenshot 2024-09-19 at 16 44 57" src="https://github.com/user-attachments/assets/7e1d8e67-1d78-45a7-bc8d-8e509f1a2533"> <img width="956" alt="Screenshot 2024-09-19 at 17 04 45" src="https://github.com/user-attachments/assets/8b6bbaf3-34b7-4169-8ca8-2bc6a38fe60d"> ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit c8ff7ea)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To better support user customization across all documents of a given type, Fleet should add a
@customcomponent template to each integration data stream's respective index template. For example, the index template for thelogs-system.auth-defaultdata stream should includelogs@customin itscomposed_ofarray:Implementation checklist
@customcomponent templates are included for all types:logs,metrics,traces,synthetics, andprofilingThe text was updated successfully, but these errors were encountered: