Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use stream.dataset instead of event.dataset #315

Closed
mtojek opened this issue Mar 31, 2020 · 13 comments
Closed

Use stream.dataset instead of event.dataset #315

mtojek opened this issue Mar 31, 2020 · 13 comments
Assignees
@mtojek

Comments

@mtojek
Copy link
Contributor

mtojek commented Mar 31, 2020

Reported in #313

@mtojek An other thing that just came to my mind is that as part of the migration we should also start thinking about optimising the dashboards. For example the query for event.dataset should become a query for stream.dataset which is a constant keyword and much more efficient. The gent should always add these fields (@michalpristas will know more if this already happens).
I don't think we need to do all these optimisations directly during the migration but could be done later on. But we should start a checklist with these already now so we don't forget.
@mtojek mtojek mentioned this issue Mar 31, 2020
Merged
@michalpristas
Copy link

just a small note, agent provides information about dataset to corresponding beats but whether or how they are used or injected into events is up to beat itself. agent does not enrich any event coming from beat.

@ruflin
Copy link
Contributor

ruflin commented Mar 31, 2020

@michalpristas @ph Even though events are not sent through the agent, my understanding is that it is up to the agent to ensure that the stream fields and correct index are set: elastic/beats#16562

@michalpristas
Copy link

correct index is something we have now. i dont' think we inject these 2 fields separately and that input on the beat side knows to pick them up and inject.
or is the issue meant in a way that agent will generate add_fields processor out of these fields?

@ruflin
Copy link
Contributor

ruflin commented Mar 31, 2020

@michalpristas Lets take this to a separate issue.

@mtojek
Copy link
Contributor Author

mtojek commented Apr 1, 2020
edited
Loading

@michalpristas Lets take this to a separate issue.

Could you please link it here? I'm not sure if I can proceed with issue or not yet.

/cc @ruflin

@mtojek mtojek changed the title MySQL integration: use stream.dataset instead of event.dataset Use stream.dataset instead of event.dataset Apr 21, 2020
@mtojek
Copy link
Contributor Author

mtojek commented Apr 21, 2020

I converted this into general issue as I don't see stream.dataset in collected documents.

@ruflin
Copy link
Contributor

ruflin commented Apr 21, 2020

@michalpristas Can you investigate this? ^

@michalpristas
Copy link

have this as part of each beat configuration (with according values) will take a look though

processors:
      - add_fields:
          fields:
            stream.type: logs
            stream.dataset: generic
            stream.namespace: default

@michalpristas
Copy link

I see them here under fields:
image

@ruflin
Copy link
Contributor

ruflin commented Apr 21, 2020

@michalpristas They must be on the top level and not under fields!

@michalpristas
Copy link

let me check what i can do about it, i hope this is not the default behavior of the processor

@michalpristas
Copy link

PR here: elastic/beats#17858

@ruflin
Copy link
Contributor

ruflin commented Jun 22, 2020

Closing as by now we landed by dataset.name.

@ruflin ruflin closed this as completed Jun 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mtojek mtojek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ruflin @michalpristas @mtojek