Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logs: add stream input vars #281

Merged
merged 6 commits into from
Mar 20, 2020
Merged

Logs: add stream input vars #281

merged 6 commits into from
Mar 20, 2020

Conversation

mtojek
Copy link
Contributor

@mtojek mtojek commented Mar 19, 2020
edited
Loading

This PR adds variables to logs stream input.

Blocker - I'm opening this as draft, because there is a design issue to be solved. If both, metricbeat and filebeat, have a dataset with the same name (e.g. aws - elb), the dataset/manifest.yml can't define two different types.

see cloudtrail/manifest.yml:

title: Aws Cloudtrail Logs
release: beta
type: logs
streams:
- input: logs
  vars:
  - default: s3
    name: input
  - name: queue_url
  - name: shared_credential_file
  - name: credential_profile_name
  - name: visibility_timeout
  - name: api_timeout
  - name: endpoint
  title: Aws cloudtrail logs
  description: Collect Aws cloudtrail logs

As there is no metricbeat module for cloudtrail, this file hasn't been overridden (opposite to some other aws datasets).

Fixed by creating two directories for datasets having the same name (e.g. cloudwatch-metrics and cloudwatch-logs).

BTW. Package validation passed:

$ go run ./dev/generator/ -sourceDir=./dev/packages/beats/ -publicDir=./public -tarGz=true

BTW2. Packages are properly pulled and presented by Kibana's ingestManager

$ yarn es snapshot -E xpack.security.authc.api_key.enabled=true
$ yarn start --xpack.ingestManager.enabled=true --xpack.ingestManager.epm.enabled=true --xpack.ingestManager.fleet.enabled=true --xpack.ingestManager.epm.registryUrl=http://localhost:8080/

Issue: #221

@mtojek mtojek requested a review from ruflin March 19, 2020 10:36
@mtojek mtojek self-assigned this Mar 19, 2020
@mtojek mtojek marked this pull request as ready for review March 19, 2020 13:41
@mtojek mtojek changed the title WIP: Logs: add stream input vars Logs: add stream input vars Mar 19, 2020
ruflin
ruflin reviewed Mar 20, 2020
View reviewed changes
dev/packages/beats/activemq-0.0.1/dataset/audit/manifest.yml Outdated
- /opt/apache-activemq-*/data/audit.log*
name: paths
os.darwin:
- /usr/local/apache-activemq-*/data/audit.log*
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The syntax in the package is slightly different because of the UI. It has also a default part inside: https://github.com/elastic/package-registry/blob/master/dev/packages/example/nginx-1.2.0/dataset/access/manifest.yml#L29

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about that. Fixed.

dev/packages/beats/activemq-0.0.1/dataset/broker/manifest.yml
title: Activemq Broker Metrics
release: ga
type: metrics
streams:
- input: TODO
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting that this will pass :-)

magefile.go Outdated
@@ -32,7 +32,7 @@ var (

publicDir = "./public"
buildDir = "./build"
packagePaths = []string{"./dev/packages/generated/", "./dev/packages/example/"}
packagePaths = []string{"./dev/packages/generated/", "./dev/packages/example/", "./dev/packages/beats/"}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking if we should add it here already or not. I like that it does validate the packages. But I'm wondering if they should already served. The good news is I assume things like nginx and system package keep working, as they have a never version number.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mtojek To get this PR in, can you remove this and merge it without it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, not a problem. Reverted.

@mtojek mtojek requested a review from ruflin March 20, 2020 14:28
@mtojek mtojek merged commit b9f11d5 into elastic:master Mar 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

Assignees

@mtojek mtojek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mtojek @ruflin