Add mysql docs

[mtojek]

Changes:

• write basic MySQL README file (output: https://github.com/mtojek/package-registry/blob/add-mysql-docs/dev/packages/beats/mysql-0.0.1/docs/README.md)
• use nginx README file as template
• implement template function to generated exported fields
• apply exported fields to MySQL, nginx READMEs
• fix typo: resouce
• replace default empty README file with single word "TODO" (smaller empty READMEs)

Resolves: #278

[ruflin]

What about all the ECS fields that are used as part of the access dataset? They should also be documented here.

[mtojek]

Issue created for this.

[ruflin]

One thing missing here is the updating the fields.yml files. The problem becomes obvious with the nginx access logs. Historically there was just one massive fields.yml for Filebeat where all the fields were shipped together and we had a tree of definitions: Global, ECS, Module, Fileset. Now that we have a template per Dataset, all the fields used must be defined on the Dataset level. This has the advantage that the template becomes much more compact but brings the challenge, there is no easy way to tell which fields from Global, ECS etc. are used in the dataset. We can't just take all of ECS as this is too many fields and not all are used.

Having it documented separately also solves an other issue: It allows us to document how an ECS fields is exactly used in a dataset. What does source.ip exactly mean in the context of nginx.access logs. So far, we only had a generic doc but now we can fill in the details.

[ruflin]

I think we are missing here all the additional fields which are need to make the UI nicer. See https://github.com/elastic/package-registry/blob/master/dev/packages/example/nginx-1.2.0/dataset/access/manifest.yml#L17 for an example.

[mtojek]

So this is mostly manual work here. Once I fix it, it would be harder to automatically import beats. Should all options have these properties?

[mtojek]

#318

[ruflin]

I think most fields will need it, at least part of the options. And yes, this will probably rely on manual work as it is not something we have today.

[ruflin]

Same like below for the UI part

[mtojek]

Responded above

[ruflin]

Good to see such a feature. I wonder if this should become part of the overall build step instead of the import part. I'm good having it here at the moment.

[mtojek]

I would keep it here at the moment, later on we can think about refactoring this part.

[ruflin]

Where did you take this even from? Existing from Beat? This will probably look slightly different when shipped through the agent.

[mtojek]

Yes, I will refresh the samples once I run the agent.

[mtojek]

#317

[ruflin]

These alias fields are not part of the even anymore. These were only used for migration from 6.x to 7.x and are not needed anymore.

[mtojek]

Based on the offline discussion - I will skip all the alias fields with the migration: true property.

[mtojek]

Fixed.

[ruflin]

Approving the PR as I think this is already a big step forward and we can further iterate on it.

[ruflin]

@mtojek An other thing that just came to my mind is that as part of the migration we should also start thinking about optimising the dashboards. For example the query for event.dataset should become a query for stream.dataset which is a constant keyword and much more efficient. The gent should always add these fields (@michalpristas will know more if this already happens).

I don't think we need to do all these optimisations directly during the migration but could be done later on. But we should start a checklist with these already now so we don't forget.

[mtojek]

@mtojek An other thing that just came to my mind is that as part of the migration we should also start thinking about optimising the dashboards. For example the query for event.dataset should become a query for stream.dataset which is a constant keyword and much more efficient. The gent should always add these fields (@michalpristas will know more if this already happens).

Ok, but this is a new requirement that I wasn't aware before. Probably will have to adjust the dashboard generating process. I will create an issue for this.

EDIT:
Issue: #315

[mtojek]

One thing missing here is the updating the fields.yml files. The problem becomes obvious with the nginx access logs. Historically there was just one massive fields.yml for Filebeat where all the fields were shipped together and we had a tree of definitions: Global, ECS, Module, Fileset. Now that we have a template per Dataset, all the fields used must be defined on the Dataset level. This has the advantage that the template becomes much more compact but brings the challenge, there is no easy way to tell which fields from Global, ECS etc. are used in the dataset. We can't just take all of ECS as this is too many fields and not all are used.

Having it documented separately also solves an other issue: It allows us to document how an ECS fields is exactly used in a dataset. What does source.ip exactly mean in the context of nginx.access logs. So far, we only had a generic doc but now we can fill in the details.

#316