diff --git a/.buildkite/auditbeat/auditbeat-pipeline.yml b/.buildkite/auditbeat/auditbeat-pipeline.yml index 55085f1401fc..703c322cb4bc 100644 --- a/.buildkite/auditbeat/auditbeat-pipeline.yml +++ b/.buildkite/auditbeat/auditbeat-pipeline.yml @@ -38,7 +38,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -66,7 +66,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -85,7 +85,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_RHEL9}" @@ -103,7 +103,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -123,7 +123,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -142,7 +142,7 @@ steps: make -C auditbeat crosscompile retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -165,7 +165,7 @@ steps: mage build integTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -186,7 +186,7 @@ steps: mage build integTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -207,7 +207,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -228,7 +228,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -248,7 +248,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -271,7 +271,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -292,7 +292,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -313,7 +313,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -348,7 +348,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: gcp @@ -369,7 +369,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/deploy/kubernetes/deploy-k8s-pipeline.yml b/.buildkite/deploy/kubernetes/deploy-k8s-pipeline.yml index cd96a529f5b3..525ae0cd22fd 100644 --- a/.buildkite/deploy/kubernetes/deploy-k8s-pipeline.yml +++ b/.buildkite/deploy/kubernetes/deploy-k8s-pipeline.yml @@ -39,7 +39,7 @@ steps: make -C deploy/kubernetes test retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -61,7 +61,7 @@ steps: make -C deploy/kubernetes test retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -83,7 +83,7 @@ steps: make -C deploy/kubernetes test retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -105,7 +105,7 @@ steps: make -C deploy/kubernetes test retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" diff --git a/.buildkite/filebeat/filebeat-pipeline.yml b/.buildkite/filebeat/filebeat-pipeline.yml index 9dde05ccc81c..473f523d20c9 100644 --- a/.buildkite/filebeat/filebeat-pipeline.yml +++ b/.buildkite/filebeat/filebeat-pipeline.yml @@ -40,7 +40,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.3" cpu: "4000m" @@ -66,7 +66,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -84,7 +84,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -102,7 +102,7 @@ steps: mage pythonIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: gcp image: "${IMAGE_UBUNTU_X86_64}" @@ -121,7 +121,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -142,7 +142,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -171,7 +171,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -192,7 +192,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -211,7 +211,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -235,7 +235,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -256,7 +256,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -277,7 +277,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -310,7 +310,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -332,7 +332,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/heartbeat/heartbeat-pipeline.yml b/.buildkite/heartbeat/heartbeat-pipeline.yml index 27cf5a0d847f..8b009c8b064d 100644 --- a/.buildkite/heartbeat/heartbeat-pipeline.yml +++ b/.buildkite/heartbeat/heartbeat-pipeline.yml @@ -38,7 +38,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -65,7 +65,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -83,7 +83,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_RHEL9}" @@ -102,7 +102,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -122,7 +122,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -150,7 +150,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -174,7 +174,7 @@ steps: mage pythonIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -199,7 +199,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -219,7 +219,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -240,7 +240,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -263,7 +263,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -283,7 +283,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -303,7 +303,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -336,7 +336,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: gcp @@ -356,7 +356,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/libbeat/pipeline.libbeat.yml b/.buildkite/libbeat/pipeline.libbeat.yml index 0efad7805236..340a68bf97a0 100644 --- a/.buildkite/libbeat/pipeline.libbeat.yml +++ b/.buildkite/libbeat/pipeline.libbeat.yml @@ -28,7 +28,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -57,7 +57,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -77,7 +77,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -97,7 +97,7 @@ steps: mage pythonIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -117,7 +117,7 @@ steps: make crosscompile retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -137,7 +137,7 @@ steps: make STRESS_TEST_OPTIONS='-timeout=20m -race -v -parallel 1' GOTEST_OUTPUT_OPTIONS=' | go-junit-report > libbeat-stress-test.xml' stress-tests retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -160,7 +160,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" diff --git a/.buildkite/metricbeat/pipeline.yml b/.buildkite/metricbeat/pipeline.yml index c6081bd4c29a..6cc305e28c40 100644 --- a/.buildkite/metricbeat/pipeline.yml +++ b/.buildkite/metricbeat/pipeline.yml @@ -40,7 +40,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -68,7 +68,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -94,7 +94,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -120,7 +120,7 @@ steps: mage pythonIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -137,7 +137,7 @@ steps: command: "make -C metricbeat crosscompile" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -156,7 +156,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -177,7 +177,7 @@ steps: key: "mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -203,7 +203,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -224,7 +224,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -245,7 +245,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -273,7 +273,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -295,7 +295,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -325,7 +325,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -347,7 +347,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/packetbeat/pipeline.packetbeat.yml b/.buildkite/packetbeat/pipeline.packetbeat.yml index 9550c7fae92e..ec5a8a5cc7c2 100644 --- a/.buildkite/packetbeat/pipeline.packetbeat.yml +++ b/.buildkite/packetbeat/pipeline.packetbeat.yml @@ -38,7 +38,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -65,7 +65,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -83,7 +83,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_RHEL9_X86_64}" @@ -101,7 +101,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -121,7 +121,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -146,7 +146,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -167,7 +167,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -188,7 +188,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -216,7 +216,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -237,7 +237,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -256,7 +256,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -287,7 +287,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -309,7 +309,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/winlogbeat/pipeline.winlogbeat.yml b/.buildkite/winlogbeat/pipeline.winlogbeat.yml index 2e79a4bcf289..76a7443ac2f2 100644 --- a/.buildkite/winlogbeat/pipeline.winlogbeat.yml +++ b/.buildkite/winlogbeat/pipeline.winlogbeat.yml @@ -34,7 +34,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -60,7 +60,7 @@ steps: command: "make -C winlogbeat crosscompile" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -79,7 +79,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -100,7 +100,7 @@ steps: key: "mandatory-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -121,7 +121,7 @@ steps: key: "mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -147,7 +147,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -168,7 +168,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -201,7 +201,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" diff --git a/.buildkite/x-pack/pipeline.xpack.auditbeat.yml b/.buildkite/x-pack/pipeline.xpack.auditbeat.yml index 3e3baa4b1381..7f5eec0cb8bd 100644 --- a/.buildkite/x-pack/pipeline.xpack.auditbeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.auditbeat.yml @@ -38,7 +38,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -71,7 +71,7 @@ steps: mage update build test retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -90,7 +90,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_RHEL9_X86_64}" @@ -109,7 +109,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -130,7 +130,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -156,7 +156,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -177,7 +177,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -198,7 +198,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -226,7 +226,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -246,7 +246,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -264,7 +264,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -297,7 +297,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -319,7 +319,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/x-pack/pipeline.xpack.dockerlogbeat.yml b/.buildkite/x-pack/pipeline.xpack.dockerlogbeat.yml index 30264774b633..14f94df67f8e 100644 --- a/.buildkite/x-pack/pipeline.xpack.dockerlogbeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.dockerlogbeat.yml @@ -28,7 +28,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -56,7 +56,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -80,7 +80,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -113,7 +113,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: gcp @@ -133,7 +133,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/x-pack/pipeline.xpack.filebeat.yml b/.buildkite/x-pack/pipeline.xpack.filebeat.yml index df7b39f3f03c..e675a4b8a175 100644 --- a/.buildkite/x-pack/pipeline.xpack.filebeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.filebeat.yml @@ -37,7 +37,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.3" cpu: "4000m" @@ -66,7 +66,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -85,7 +85,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -104,7 +104,7 @@ steps: mage pythonIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -123,7 +123,7 @@ steps: key: "x-pack-filebeat-mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -144,7 +144,7 @@ steps: key: "x-pack-filebeat-mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -170,7 +170,7 @@ steps: key: "x-pack-filebeat-extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -191,7 +191,7 @@ steps: key: "x-pack-filebeat-extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -212,7 +212,7 @@ steps: key: "x-pack-filebeat-extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -238,7 +238,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -259,7 +259,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -279,7 +279,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -339,7 +339,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -361,7 +361,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/x-pack/pipeline.xpack.heartbeat.yml b/.buildkite/x-pack/pipeline.xpack.heartbeat.yml index 53dbab37716f..10073a873180 100644 --- a/.buildkite/x-pack/pipeline.xpack.heartbeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.heartbeat.yml @@ -42,7 +42,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -74,7 +74,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -97,7 +97,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -117,7 +117,7 @@ steps: mage build test retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -140,7 +140,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -167,7 +167,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -189,7 +189,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -209,7 +209,7 @@ steps: mage build test retry: automatic: - - limit: 3 + - limit: 1 key: "extended-win-2019-unit-tests" agents: provider: "gcp" @@ -239,7 +239,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -260,7 +260,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -293,7 +293,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -315,7 +315,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/x-pack/pipeline.xpack.libbeat.yml b/.buildkite/x-pack/pipeline.xpack.libbeat.yml index a34c8ac732d0..0a21b6a914c9 100644 --- a/.buildkite/x-pack/pipeline.xpack.libbeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.libbeat.yml @@ -34,7 +34,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -62,7 +62,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -81,7 +81,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -100,7 +100,7 @@ steps: mage pythonIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -119,7 +119,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -140,7 +140,7 @@ steps: key: "mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -166,7 +166,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -187,7 +187,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -208,7 +208,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -234,7 +234,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" diff --git a/.buildkite/x-pack/pipeline.xpack.metricbeat.yml b/.buildkite/x-pack/pipeline.xpack.metricbeat.yml index 15b9702eabe7..fde5db99bb9f 100644 --- a/.buildkite/x-pack/pipeline.xpack.metricbeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.metricbeat.yml @@ -36,7 +36,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -64,7 +64,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -89,7 +89,7 @@ steps: cd x-pack/metricbeat && mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -114,7 +114,7 @@ steps: cd x-pack/metricbeat && mage pythonIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -133,7 +133,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -154,7 +154,7 @@ steps: key: "mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -180,7 +180,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -201,7 +201,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -222,7 +222,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -249,7 +249,7 @@ steps: cd x-pack/metricbeat && mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -270,7 +270,7 @@ steps: cd x-pack/metricbeat && mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -328,7 +328,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -350,7 +350,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/x-pack/pipeline.xpack.osquerybeat.yml b/.buildkite/x-pack/pipeline.xpack.osquerybeat.yml index 3072c7b5bda1..ba6b57a8b0fe 100644 --- a/.buildkite/x-pack/pipeline.xpack.osquerybeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.osquerybeat.yml @@ -34,7 +34,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -62,7 +62,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -81,7 +81,7 @@ steps: mage goIntegTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -100,7 +100,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -121,7 +121,7 @@ steps: key: "mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -147,7 +147,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -168,7 +168,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -189,7 +189,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -215,7 +215,7 @@ steps: cd x-pack/osquerybeat && mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -233,7 +233,7 @@ steps: cd x-pack/osquerybeat && mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -264,7 +264,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" diff --git a/.buildkite/x-pack/pipeline.xpack.packetbeat.yml b/.buildkite/x-pack/pipeline.xpack.packetbeat.yml index 6b96973d1225..168094f35127 100644 --- a/.buildkite/x-pack/pipeline.xpack.packetbeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.packetbeat.yml @@ -38,7 +38,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -66,7 +66,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -85,7 +85,7 @@ steps: mage systemTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_UBUNTU_X86_64}" @@ -104,7 +104,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_RHEL9_X86_64}" @@ -123,7 +123,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -144,7 +144,7 @@ steps: key: "mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -166,7 +166,7 @@ steps: mage systemTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -192,7 +192,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -213,7 +213,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -234,7 +234,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -256,7 +256,7 @@ steps: mage systemTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -283,7 +283,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "aws" imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}" @@ -305,7 +305,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_X86_64}" @@ -326,7 +326,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 3 # using higher retries for now due to lack of custom vm images and vendor instability agents: provider: "orka" imagePrefix: "${IMAGE_MACOS_ARM}" @@ -354,7 +354,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" @@ -376,7 +376,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "aws" diff --git a/.buildkite/x-pack/pipeline.xpack.winlogbeat.yml b/.buildkite/x-pack/pipeline.xpack.winlogbeat.yml index 7853f651670e..d3c7b8cb476a 100644 --- a/.buildkite/x-pack/pipeline.xpack.winlogbeat.yml +++ b/.buildkite/x-pack/pipeline.xpack.winlogbeat.yml @@ -29,7 +29,7 @@ steps: make check-no-changes retry: automatic: - - limit: 3 + - limit: 1 agents: image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:latest" cpu: "4000m" @@ -60,7 +60,7 @@ steps: mage build unitTest retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -81,7 +81,7 @@ steps: key: "mandatory-win-2016-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2016}" @@ -102,7 +102,7 @@ steps: key: "mandatory-win-2022-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2022}" @@ -128,7 +128,7 @@ steps: key: "extended-win-10-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_10}" @@ -149,7 +149,7 @@ steps: key: "extended-win-11-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_11}" @@ -170,7 +170,7 @@ steps: key: "extended-win-2019-unit-tests" retry: automatic: - - limit: 3 + - limit: 1 agents: provider: "gcp" image: "${IMAGE_WIN_2019}" @@ -205,7 +205,7 @@ steps: mage package retry: automatic: - - limit: 3 + - limit: 1 timeout_in_minutes: 20 agents: provider: "gcp" diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index a2f11330782b..f4b6838855ef 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -197,6 +197,10 @@ The list below covers the major changes between 7.0.0-rc2 and main only. - Move x-pack/filebeat/input/salesforce jwt import to v5. {pull}39823[39823] - Drop x-pack/filebeat/input dependency on github.com/lestrrat-go/jwx/v2. {pull}39968[39968] - Added `ignore_empty_values` flag in `decode_cef` Filebeat processor. {pull}40268[40268] +- Bump version of elastic/toutoumomoma to remove internal forks of stdlib debug packages. {pull}40325[40325] +- Refactor x-pack/filebeat/input/websocket for generalisation. {pull}40308[40308] +- Add a configuration option for TCP/UDP network type. {issue}40407[40407] {pull}40623[40623] +- Added debug logging to parquet reader in x-pack/libbeat/reader. {pull}40651[40651] ==== Deprecated diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index f2e1438fe31f..339720a41b85 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -3,10 +3,62 @@ :issue: https://github.com/elastic/beats/issues/ :pull: https://github.com/elastic/beats/pull/ +[[release-notes-8.15.1]] +=== Beats version 8.15.1 +https://github.com/elastic/beats/compare/v8.15.0\...v8.15.1[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Aborts all active connections for Elasticsearch output. {pull}40572[40572] +- Closes beat Publisher on beat stop and by the Agent manager. {pull}40572[40572] +- Fix handling of escaped brackets in syslog structured data. {issue}40445[40445] {pull}40446[40446] + +*Auditbeat* + +- Fix segfaults that may happen if user runs multiple instances of the package metricset {pull}40525[40525] +- Fix incorrect definition of struct utmp for arm64 {pull}40541[40541] + +*Filebeat* + +- Relax requirements in Okta entity analytics provider user and device profile data shape. {pull}40359[40359] +- Fix bug in Okta entity analytics rate limit logic. {issue}40106[40106] {pull}40267[40267] +- Fix order of configuration for EntraID entity analytics provider. {pull}40487[40487] +- Ensure Entra ID request bodies are not truncated and trace logs are rotated before 100MB. {pull}40494[40494] +- The Elasticsearch output now correctly logs the event fields to the event log file {issue}40509[40509] {pull}40512[40512] +- Fix the "No such input type exist: 'azure-eventhub'" error on the Windows platform {issue}40608[40608] {pull}40609[40609] +- awss3 input: Fix handling of SQS notifications that don't contain a region. {pull}40628[40628] +- Fix credential handling when workload identity is being used in GCS input. {issue}39977[39977] {pull}40663[40663] +- Fix high IO and handling of a corrupted registry log file. {pull}35893[35893] +- Fix filestream's registry GC: registry entries will never be removed if clean_inactive is set to "-1". {pull}40258[40258] + +*Metricbeat* + +- Fix first HTTP 401 error when fetching metrics from the Kubelet API caused by a token update {pull}40636[40636] +- Fix needlessly verbose logging in cgroups setup {issue}40620[40620] + +==== Added + +*Filebeat* + +- Enable file ingestion to report detailed status to Elastic Agent {pull}40075[40075] +- Added `ignore_empty_values` flag in `decode_cef` Filebeat processor. {pull}40268[40268] + +*Metricbeat* + +- Added back `elasticsearch.node.stats.jvm.mem.pools.*` to the `node_stats` metricset {pull}40571[40571] + [[release-notes-8.15.0]] === Beats version 8.15.0 https://github.com/elastic/beats/compare/v8.14.3\...v8.15.0[View commits] +==== Known issues + +*Filebeat* + +- The Azure EventHub input in Filebeat is not found when running on Windows. Please refrain from upgrading to 8.15. See {issue}40608[40608] for details. + ==== Breaking changes *Filebeat* diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index ebfb8ba54259..00043a11cc52 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -26,12 +26,6 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Removed deprecated Cylance from Beats. See <> for migration options. {pull}38037[38037] - Removed deprecated Bluecoat from Beats. See <> for migration options. {pull}38037[38037] - Introduce input/netmetrics and refactor netflow input metrics {pull}38055[38055] -- Update Salesforce module to use new Salesforce input. {pull}37509[37509] -- Tag events that come from a filestream in "take over" mode. {pull}39828[39828] -- Fix high IO and handling of a corrupted registry log file. {pull}35893[35893] -- Enable file ingestion to report detailed status to Elastic Agent {pull}40075[40075] -- Fix filestream's registry GC: registry entries will never be removed if clean_inactive is set to "-1". {pull}40258[40258] -- Added `ignore_empty_values` flag in `decode_cef` Filebeat processor. {pull}40268[40268] *Heartbeat* @@ -76,12 +70,9 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Support Elastic Agent control protocol chunking support {pull}37343[37343] - Lower logging level to debug when attempting to configure beats with unknown fields from autodiscovered events/environments {pull}[37816][37816] - Set timeout of 1 minute for FQDN requests {pull}37756[37756] -- Update Go version to 1.22.6. {pull}40528[40528] *Auditbeat* -- Fix segfaults that may happen if user runs multiple instances of the package metricset {pull}40525[40525] -- Fix incorrect definition of struct utmp for arm64 {pull}40541[40541] *Filebeat* @@ -107,11 +98,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - [threatintel] MISP splitting fix for empty responses {issue}38739[38739] {pull}38917[38917] - Prevent GCP Pub/Sub input blockage by increasing default value of `max_outstanding_messages` {issue}35029[35029] {pull}38985[38985] - Updated Websocket input title to align with existing inputs {pull}39006[39006] -- Relax requirements in Okta entity analytics provider user and device profile data shape. {pull}40359[40359] -- Fix bug in Okta entity analytics rate limit logic. {issue}40106[40106] {pull}40267[40267] -- Fix order of configuration for EntraID entity analytics provider. {pull}40487[40487] -- Ensure Entra ID request bodies are not truncated and trace logs are rotated before 100MB. {pull}40494[40494] -- The Elasticsearch output now correctly logs the event fields to the event log file {issue}40509[40509] {pull}40512[40512] +- Fix publication of group data from the Okta entity analytics provider. {pull}40681[40681] *Heartbeat* @@ -267,3 +254,6 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] ==== Known Issues + + + diff --git a/NOTICE.txt b/NOTICE.txt index 869a40b4fa51..2efc83a906d9 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -10938,6 +10938,37 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-------------------------------------------------------------------------------- +Dependency : github.com/devigned/tab +Version: v0.1.2-0.20190607222403-0c15cf42f9a2 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/devigned/tab@v0.1.2-0.20190607222403-0c15cf42f9a2/LICENSE: + +MIT License + +Copyright (c) 2019 David Justice + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + + -------------------------------------------------------------------------------- Dependency : github.com/dgraph-io/badger/v3 Version: v3.2103.1 @@ -13211,11 +13242,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-l -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-agent-system-metrics -Version: v0.10.3 +Version: v0.10.4-0.20240826151019-9db0a02d3b85 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-system-metrics@v0.10.3/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-system-metrics@v0.10.4-0.20240826151019-9db0a02d3b85/LICENSE.txt: Apache License Version 2.0, January 2004 @@ -35202,37 +35233,6 @@ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/devigned/tab -Version: v0.1.2-0.20190607222403-0c15cf42f9a2 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/devigned/tab@v0.1.2-0.20190607222403-0c15cf42f9a2/LICENSE: - -MIT License - -Copyright (c) 2019 David Justice - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/elastic/ristretto Version: v0.1.1-0.20220602190459-83b0895ca5b3 diff --git a/deploy/kubernetes/auditbeat-kubernetes.yaml b/deploy/kubernetes/auditbeat-kubernetes.yaml index d25c7245066c..c79080753a35 100644 --- a/deploy/kubernetes/auditbeat-kubernetes.yaml +++ b/deploy/kubernetes/auditbeat-kubernetes.yaml @@ -209,7 +209,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: auditbeat - image: docker.elastic.co/beats/auditbeat:8.15.0 + image: docker.elastic.co/beats/auditbeat:8.15.1 args: [ "-c", "/etc/auditbeat.yml", "-e", diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml index 8539501d292f..6ce709004be9 100644 --- a/deploy/kubernetes/filebeat-kubernetes.yaml +++ b/deploy/kubernetes/filebeat-kubernetes.yaml @@ -183,7 +183,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: filebeat - image: docker.elastic.co/beats/filebeat:8.15.0 + image: docker.elastic.co/beats/filebeat:8.15.1 args: [ "-c", "/etc/filebeat.yml", "-e", diff --git a/deploy/kubernetes/heartbeat-kubernetes.yaml b/deploy/kubernetes/heartbeat-kubernetes.yaml index 0c22501e707c..c5d417dd60ff 100644 --- a/deploy/kubernetes/heartbeat-kubernetes.yaml +++ b/deploy/kubernetes/heartbeat-kubernetes.yaml @@ -171,7 +171,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: heartbeat - image: docker.elastic.co/beats/heartbeat:8.15.0 + image: docker.elastic.co/beats/heartbeat:8.15.1 args: [ "-c", "/etc/heartbeat.yml", "-e", diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index e319d4b884cb..000bfadcbf09 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -291,7 +291,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: metricbeat - image: docker.elastic.co/beats/metricbeat:8.15.0 + image: docker.elastic.co/beats/metricbeat:8.15.1 args: [ "-c", "/etc/metricbeat.yml", "-e", diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index 23f51fbe0c7a..06351015169f 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -184,7 +184,7 @@ shared: - &docker_arm_ubi_spec extra_vars: image_name: '{{.BeatName}}-ubi' - from: 'registry.access.redhat.com/ubi9/ubi-minimal:9.3' + from: 'registry.access.redhat.com/ubi9/ubi-minimal:9.4' - &elastic_docker_spec extra_vars: diff --git a/filebeat/modules.d/apache.yml.disabled b/filebeat/modules.d/apache.yml.disabled index cd58ed77b3c2..377b5561f7ad 100644 --- a/filebeat/modules.d/apache.yml.disabled +++ b/filebeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-apache.html - module: apache # Access logs diff --git a/filebeat/modules.d/auditd.yml.disabled b/filebeat/modules.d/auditd.yml.disabled index b63d14ffc276..a6c64724065b 100644 --- a/filebeat/modules.d/auditd.yml.disabled +++ b/filebeat/modules.d/auditd.yml.disabled @@ -1,5 +1,5 @@ # Module: auditd -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-auditd.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-auditd.html - module: auditd log: diff --git a/filebeat/modules.d/elasticsearch.yml.disabled b/filebeat/modules.d/elasticsearch.yml.disabled index 33ea085f7844..5adb6e00e150 100644 --- a/filebeat/modules.d/elasticsearch.yml.disabled +++ b/filebeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-elasticsearch.html - module: elasticsearch # Server log diff --git a/filebeat/modules.d/haproxy.yml.disabled b/filebeat/modules.d/haproxy.yml.disabled index cb0a107fb5f5..1e680a31040e 100644 --- a/filebeat/modules.d/haproxy.yml.disabled +++ b/filebeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-haproxy.html - module: haproxy # All logs diff --git a/filebeat/modules.d/icinga.yml.disabled b/filebeat/modules.d/icinga.yml.disabled index 1f0ba5e4de45..bdf1a0044822 100644 --- a/filebeat/modules.d/icinga.yml.disabled +++ b/filebeat/modules.d/icinga.yml.disabled @@ -1,5 +1,5 @@ # Module: icinga -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-icinga.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-icinga.html - module: icinga # Main logs diff --git a/filebeat/modules.d/iis.yml.disabled b/filebeat/modules.d/iis.yml.disabled index 6be750c8701f..ec9c31e01174 100644 --- a/filebeat/modules.d/iis.yml.disabled +++ b/filebeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-iis.html - module: iis # Access logs diff --git a/filebeat/modules.d/kafka.yml.disabled b/filebeat/modules.d/kafka.yml.disabled index 0cc4fbf9fe33..355135651757 100644 --- a/filebeat/modules.d/kafka.yml.disabled +++ b/filebeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-kafka.html - module: kafka # All logs diff --git a/filebeat/modules.d/kibana.yml.disabled b/filebeat/modules.d/kibana.yml.disabled index 5ade4bf1439e..1375b79279a4 100644 --- a/filebeat/modules.d/kibana.yml.disabled +++ b/filebeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-kibana.html - module: kibana # Server logs diff --git a/filebeat/modules.d/logstash.yml.disabled b/filebeat/modules.d/logstash.yml.disabled index 501b8bc33213..2a15ef702b70 100644 --- a/filebeat/modules.d/logstash.yml.disabled +++ b/filebeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-logstash.html - module: logstash # logs diff --git a/filebeat/modules.d/mongodb.yml.disabled b/filebeat/modules.d/mongodb.yml.disabled index 4180e5985821..08a4ca12ef36 100644 --- a/filebeat/modules.d/mongodb.yml.disabled +++ b/filebeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-mongodb.html - module: mongodb # All logs diff --git a/filebeat/modules.d/mysql.yml.disabled b/filebeat/modules.d/mysql.yml.disabled index b2c42d1f1cd8..6cecee36e7df 100644 --- a/filebeat/modules.d/mysql.yml.disabled +++ b/filebeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-mysql.html - module: mysql # Error logs diff --git a/filebeat/modules.d/nats.yml.disabled b/filebeat/modules.d/nats.yml.disabled index 2cfa45e5c193..76a7c59b2a3c 100644 --- a/filebeat/modules.d/nats.yml.disabled +++ b/filebeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-nats.html - module: nats # All logs diff --git a/filebeat/modules.d/nginx.yml.disabled b/filebeat/modules.d/nginx.yml.disabled index 709e52630e9c..793bd60b542a 100644 --- a/filebeat/modules.d/nginx.yml.disabled +++ b/filebeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-nginx.html - module: nginx # Access logs diff --git a/filebeat/modules.d/osquery.yml.disabled b/filebeat/modules.d/osquery.yml.disabled index 2def611ecbba..b5835cb4205b 100644 --- a/filebeat/modules.d/osquery.yml.disabled +++ b/filebeat/modules.d/osquery.yml.disabled @@ -1,5 +1,5 @@ # Module: osquery -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-osquery.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-osquery.html - module: osquery result: diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled index 18a8b7d4efe1..6a459b0d6aa5 100644 --- a/filebeat/modules.d/pensando.yml.disabled +++ b/filebeat/modules.d/pensando.yml.disabled @@ -1,5 +1,5 @@ # Module: pensando -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-pensando.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-pensando.html - module: pensando # Firewall logs diff --git a/filebeat/modules.d/postgresql.yml.disabled b/filebeat/modules.d/postgresql.yml.disabled index bec77dc84f7a..491220bec5ca 100644 --- a/filebeat/modules.d/postgresql.yml.disabled +++ b/filebeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-postgresql.html - module: postgresql # All logs diff --git a/filebeat/modules.d/redis.yml.disabled b/filebeat/modules.d/redis.yml.disabled index 31b022d2bc99..46076783bfa3 100644 --- a/filebeat/modules.d/redis.yml.disabled +++ b/filebeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-redis.html - module: redis # Main logs diff --git a/filebeat/modules.d/santa.yml.disabled b/filebeat/modules.d/santa.yml.disabled index 4707b903ce8b..48b271599c3e 100644 --- a/filebeat/modules.d/santa.yml.disabled +++ b/filebeat/modules.d/santa.yml.disabled @@ -1,5 +1,5 @@ # Module: santa -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-santa.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-santa.html - module: santa log: diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled index 1302c6374da8..6d1668c38a10 100644 --- a/filebeat/modules.d/system.yml.disabled +++ b/filebeat/modules.d/system.yml.disabled @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-system.html - module: system # Syslog diff --git a/filebeat/modules.d/traefik.yml.disabled b/filebeat/modules.d/traefik.yml.disabled index cc65ce2de9cd..caa9cd4cbc6c 100644 --- a/filebeat/modules.d/traefik.yml.disabled +++ b/filebeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-traefik.html - module: traefik # Access logs diff --git a/go.mod b/go.mod index db7aed6e3572..d695c521a45a 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f github.com/davecgh/go-xdr v0.0.0-20161123171359-e6a2ba005892 // indirect github.com/denisenkom/go-mssqldb v0.12.3 - github.com/devigned/tab v0.1.2-0.20190607222403-0c15cf42f9a2 // indirect + github.com/devigned/tab v0.1.2-0.20190607222403-0c15cf42f9a2 github.com/dgraph-io/badger/v3 v3.2103.1 github.com/digitalocean/go-libvirt v0.0.0-20180301200012-6075ea3c39a1 github.com/docker/docker v26.1.5+incompatible @@ -199,7 +199,7 @@ require ( github.com/elastic/ebpfevents v0.6.0 github.com/elastic/elastic-agent-autodiscover v0.8.1 github.com/elastic/elastic-agent-libs v0.9.13 - github.com/elastic/elastic-agent-system-metrics v0.10.3 + github.com/elastic/elastic-agent-system-metrics v0.10.4-0.20240826151019-9db0a02d3b85 github.com/elastic/go-elasticsearch/v8 v8.14.0 github.com/elastic/go-sfdc v0.0.0-20240621062639-bcc8456508ff github.com/elastic/mito v1.13.1 diff --git a/go.sum b/go.sum index 9754c0822887..127f6ac58d17 100644 --- a/go.sum +++ b/go.sum @@ -560,8 +560,8 @@ github.com/elastic/elastic-agent-client/v7 v7.13.0 h1:ENCfV5XIMmjWo9/0J7t//5N7xg github.com/elastic/elastic-agent-client/v7 v7.13.0/go.mod h1:h2yJHN8Q5rhfi9i6FfyPufh+StFN+UD9PYGv8blXKbE= github.com/elastic/elastic-agent-libs v0.9.13 h1:D1rh1s67zlkDWmixWQaNWzn+qy6DafIDPTQnLpBNBUA= github.com/elastic/elastic-agent-libs v0.9.13/go.mod h1:G9ljFvDE+muOOOQBf2eRituF0fE4suGkv25rfjTwY+c= -github.com/elastic/elastic-agent-system-metrics v0.10.3 h1:8pWdj8DeY8PBG/BA0DJalRpJWruDoP5QrIP/YKug5dE= -github.com/elastic/elastic-agent-system-metrics v0.10.3/go.mod h1:3JwPa3zZJjmBYN87xwdLcFpHrUkWpR863jiYdg39sSc= +github.com/elastic/elastic-agent-system-metrics v0.10.4-0.20240826151019-9db0a02d3b85 h1:d2oD8FPZ4eBiNEg8tZVLFgKtwYSA65Xq35wUianqLJU= +github.com/elastic/elastic-agent-system-metrics v0.10.4-0.20240826151019-9db0a02d3b85/go.mod h1:3JwPa3zZJjmBYN87xwdLcFpHrUkWpR863jiYdg39sSc= github.com/elastic/elastic-transport-go/v8 v8.6.0 h1:Y2S/FBjx1LlCv5m6pWAF2kDJAHoSjSRSJCApolgfthA= github.com/elastic/elastic-transport-go/v8 v8.6.0/go.mod h1:YLHer5cj0csTzNFXoNQ8qhtGY1GTvSqPnKWKaqQE3Hk= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4= diff --git a/libbeat/cmd/instance/beat.go b/libbeat/cmd/instance/beat.go index c15d9b8c2006..939cdff56eaf 100644 --- a/libbeat/cmd/instance/beat.go +++ b/libbeat/cmd/instance/beat.go @@ -35,6 +35,7 @@ import ( "runtime/debug" "strconv" "strings" + "sync" "time" "github.com/gofrs/uuid" @@ -386,6 +387,10 @@ func (b *Beat) createBeater(bt beat.Creator) (beat.Beater, error) { } outputFactory := b.makeOutputFactory(b.Config.Output) settings := pipeline.Settings{ + // Since now publisher is closed on Stop, we want to give some + // time to ack any pending events by default to avoid + // changing on stop behavior too much. + WaitClose: time.Second, Processors: b.processors, InputQueueSize: b.InputQueueSize, } @@ -396,10 +401,6 @@ func (b *Beat) createBeater(bt beat.Creator) (beat.Beater, error) { reload.RegisterV2.MustRegisterOutput(b.makeOutputReloader(publisher.OutputReloader())) - // TODO: some beats race on shutdown with publisher.Stop -> do not call Stop yet, - // but refine publisher to disconnect clients on stop automatically - // defer pipeline.Close() - b.Publisher = publisher beater, err := bt(&b.Beat, sub) if err != nil { @@ -512,12 +513,25 @@ func (b *Beat) launch(settings Settings, bt beat.Creator) error { } ctx, cancel := context.WithCancel(context.Background()) + + // stopBeat must be idempotent since it will be called both from a signal and by the manager. + // Since publisher.Close is not safe to be called more than once this is necessary. + var once sync.Once stopBeat := func() { - b.Instrumentation.Tracer().Close() - beater.Stop() + once.Do(func() { + b.Instrumentation.Tracer().Close() + // If the publisher has a Close() method, call it before stopping the beater. + if c, ok := b.Publisher.(io.Closer); ok { + c.Close() + } + beater.Stop() + }) } svc.HandleSignals(stopBeat, cancel) + // Allow the manager to stop a currently running beats out of bound. + b.Manager.SetStopCallback(stopBeat) + err = b.loadDashboards(ctx, false) if err != nil { return err @@ -525,9 +539,6 @@ func (b *Beat) launch(settings Settings, bt beat.Creator) error { logp.Info("%s start running.", b.Info.Beat) - // Allow the manager to stop a currently running beats out of bound. - b.Manager.SetStopCallback(beater.Stop) - err = beater.Run(&b.Beat) if b.shouldReexec { if err := b.reexec(); err != nil { diff --git a/libbeat/docs/release.asciidoc b/libbeat/docs/release.asciidoc index 8dfc6167732b..ae01beb5c4ff 100644 --- a/libbeat/docs/release.asciidoc +++ b/libbeat/docs/release.asciidoc @@ -8,6 +8,7 @@ This section summarizes the changes in each release. Also read <> for more detail about changes that affect upgrade. +* <> * <> * <> * <> diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index 2c49294e15a3..f2436d463413 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,5 +1,5 @@ -:stack-version: 8.15.0 -:doc-branch: main +:stack-version: 8.15.1 +:doc-branch: 8.15 :go-version: 1.22.6 :release-state: unreleased :python: 3.7 diff --git a/libbeat/esleg/eslegclient/connection.go b/libbeat/esleg/eslegclient/connection.go index 122a47b80815..6f98935fab7f 100644 --- a/libbeat/esleg/eslegclient/connection.go +++ b/libbeat/esleg/eslegclient/connection.go @@ -19,6 +19,7 @@ package eslegclient import ( "bytes" + "context" "encoding/base64" "encoding/json" "fmt" @@ -62,6 +63,11 @@ type Connection struct { responseBuffer *bytes.Buffer isServerless bool + + // requests will share the same cancellable context + // so they can be aborted on Close() + reqsContext context.Context + cancelReqs func() } // ConnectionSettings are the settings needed for a Connection @@ -178,12 +184,15 @@ func NewConnection(s ConnectionSettings) (*Connection, error) { logger.Info("kerberos client created") } + ctx, cancelFunc := context.WithCancel(context.Background()) conn := Connection{ ConnectionSettings: s, HTTP: esClient, Encoder: encoder, log: logger, responseBuffer: bytes.NewBuffer(nil), + reqsContext: ctx, + cancelReqs: cancelFunc, } if s.APIKey != "" { @@ -317,6 +326,7 @@ func (conn *Connection) Ping() (ESPingData, error) { // Close closes a connection. func (conn *Connection) Close() error { conn.HTTP.CloseIdleConnections() + conn.cancelReqs() return nil } @@ -391,7 +401,7 @@ func (conn *Connection) execRequest( method, url string, body io.Reader, ) (int, []byte, error) { - req, err := http.NewRequest(method, url, body) //nolint:noctx // keep legacy behaviour + req, err := http.NewRequestWithContext(conn.reqsContext, method, url, body) if err != nil { conn.log.Warnf("Failed to create request %+v", err) return 0, nil, err diff --git a/libbeat/publisher/pipeline/controller.go b/libbeat/publisher/pipeline/controller.go index 4c27494fa68b..4ac2373bcea6 100644 --- a/libbeat/publisher/pipeline/controller.go +++ b/libbeat/publisher/pipeline/controller.go @@ -113,11 +113,7 @@ func (c *outputController) WaitClose(timeout time.Duration) error { c.consumer.close() close(c.workerChan) - // Signal the output workers to close. This step is a hint, and carries - // no guarantees. For example, on close the Elasticsearch output workers - // will close idle connections, but will not change any behavior for - // active connections, giving any remaining events a chance to ingest - // before we terminate. + // Signal the output workers to close. for _, out := range c.workers { out.Close() } @@ -209,11 +205,6 @@ func (c *outputController) closeQueue(timeout time.Duration) { // pipeline but it was shut down before any output was set. // In this case, return nil and Pipeline.ConnectWith will pass on a // real error to the caller. - // NOTE: under the current shutdown process, Pipeline.Close (and hence - // outputController.Close) is ~never called. So even if we did have - // blocked callers here, in a real shutdown they will never be woken - // up. But in hopes of a day when the shutdown process is more robust, - // I've decided to do the right thing here anyway. req.responseChan <- nil } } diff --git a/libbeat/reader/syslog/message_test.go b/libbeat/reader/syslog/message_test.go index 29fe756c784c..d42f2e461198 100644 --- a/libbeat/reader/syslog/message_test.go +++ b/libbeat/reader/syslog/message_test.go @@ -522,6 +522,20 @@ func TestParseStructuredData(t *testing.T) { }, }, }, + "multi-key-with-escape": { + in: `[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" somekey="[value\] more data"][examplePriority@32473 class="high"]`, + want: map[string]interface{}{ + "exampleSDID@32473": map[string]interface{}{ + "iut": "3", + "eventSource": "Application", + "eventID": "1011", + "somekey": "[value] more data", + }, + "examplePriority@32473": map[string]interface{}{ + "class": "high", + }, + }, + }, "repeated-id": { in: `[exampleSDID@32473 iut="3"][exampleSDID@32473 class="high"]`, want: map[string]interface{}{ diff --git a/libbeat/reader/syslog/parser/rfc5424.rl b/libbeat/reader/syslog/parser/rfc5424.rl index f7c5d1fb9205..267c823b9123 100644 --- a/libbeat/reader/syslog/parser/rfc5424.rl +++ b/libbeat/reader/syslog/parser/rfc5424.rl @@ -36,7 +36,7 @@ action set_param_value { if subMap, ok := structuredData[s.sdID].(map[string]interface{}); ok { - subMap[s.sdParamName] = removeBytes(data[tok:p], s.sdValueEscapes, p) + subMap[s.sdParamName] = removeBytes(data[tok:p], s.sdValueEscapes, tok) } } @@ -73,7 +73,9 @@ header = priority version sp timestamp sp hostname sp app_name sp proc_id sp msg_id; - sd_raw = nil_value | ('[' any+ ']') >tok %set_sd_raw; + sd_raw_escape = (bs | ']'); + sd_raw_values = ((bs ']') | (any - sd_raw_escape)); + sd_raw = nil_value | ('[' sd_raw_values+ ']')+ >tok %set_sd_raw; msg = any* >tok %set_msg; }%% diff --git a/libbeat/reader/syslog/rfc5424_gen.go b/libbeat/reader/syslog/rfc5424_gen.go index fdfd46a2594e..1dc8f6eb72d0 100644 --- a/libbeat/reader/syslog/rfc5424_gen.go +++ b/libbeat/reader/syslog/rfc5424_gen.go @@ -25,7 +25,7 @@ import ( ) const rfc5424_start int = 1 -const rfc5424_first_final int = 23 +const rfc5424_first_final int = 24 const rfc5424_error int = 0 const rfc5424_en_main int = 1 @@ -90,32 +90,28 @@ func parseRFC5424(data string) (message, error) { goto st_case_15 case 16: goto st_case_16 - case 23: - goto st_case_23 case 24: goto st_case_24 case 25: goto st_case_25 + case 26: + goto st_case_26 case 17: goto st_case_17 case 18: goto st_case_18 - case 26: - goto st_case_26 - case 27: - goto st_case_27 - case 28: - goto st_case_28 - case 29: - goto st_case_29 case 19: goto st_case_19 + case 27: + goto st_case_27 case 20: goto st_case_20 case 21: goto st_case_21 case 22: goto st_case_22 + case 23: + goto st_case_23 } goto st_out st_case_1: @@ -226,7 +222,7 @@ func parseRFC5424(data string) (message, error) { goto st8 } goto tr0 - tr31: + tr32: if err := m.setTimestampRFC3339(data[tok:p]); err != nil { errs = multierr.Append(errs, &ValidationError{Err: err, Pos: tok + 1}) @@ -364,29 +360,23 @@ func parseRFC5424(data string) (message, error) { st_case_16: switch data[p] { case 45: - goto st23 + goto st24 case 91: goto tr26 } goto tr0 - st23: - if p++; p == pe { - goto _test_eof23 - } - st_case_23: - if data[p] == 32 { - goto st24 - } - goto tr0 st24: if p++; p == pe { goto _test_eof24 } st_case_24: - goto tr34 - tr34: + if data[p] == 32 { + goto st25 + } + goto tr0 + tr37: - tok = p + m.setRawSDValue(data[tok:p]) goto st25 st25: @@ -394,7 +384,18 @@ func parseRFC5424(data string) (message, error) { goto _test_eof25 } st_case_25: - goto st25 + goto tr35 + tr35: + + tok = p + + goto st26 + st26: + if p++; p == pe { + goto _test_eof26 + } + st_case_26: + goto st26 tr26: tok = p @@ -405,148 +406,121 @@ func parseRFC5424(data string) (message, error) { goto _test_eof17 } st_case_17: + switch data[p] { + case 92: + goto st19 + case 93: + goto tr0 + } goto st18 st18: if p++; p == pe { goto _test_eof18 } st_case_18: - if data[p] == 93 { - goto st26 - } - goto st18 - st26: - if p++; p == pe { - goto _test_eof26 - } - st_case_26: switch data[p] { - case 32: - goto tr36 + case 92: + goto st19 case 93: - goto st26 + goto st27 } goto st18 - tr36: - - m.setRawSDValue(data[tok:p]) - - goto st27 - st27: - if p++; p == pe { - goto _test_eof27 - } - st_case_27: - if data[p] == 93 { - goto tr38 - } - goto tr37 - tr37: - - tok = p - - goto st28 - st28: + st19: if p++; p == pe { - goto _test_eof28 + goto _test_eof19 } - st_case_28: + st_case_19: if data[p] == 93 { - goto st29 + goto st18 } - goto st28 - tr38: - - tok = p - - goto st29 - st29: + goto tr0 + st27: if p++; p == pe { - goto _test_eof29 + goto _test_eof27 } - st_case_29: + st_case_27: switch data[p] { case 32: - goto tr36 - case 93: - goto st29 + goto tr37 + case 91: + goto st17 } - goto st28 + goto tr0 tr11: tok = p - goto st19 - st19: + goto st20 + st20: if p++; p == pe { - goto _test_eof19 + goto _test_eof20 } - st_case_19: + st_case_20: switch data[p] { case 43: - goto st20 + goto st21 case 58: - goto st20 + goto st21 } switch { case data[p] < 48: if 45 <= data[p] && data[p] <= 46 { - goto st20 + goto st21 } case data[p] > 57: switch { case data[p] > 90: if 97 <= data[p] && data[p] <= 122 { - goto st20 + goto st21 } case data[p] >= 65: - goto st20 + goto st21 } default: - goto st21 + goto st22 } goto tr0 - st20: + st21: if p++; p == pe { - goto _test_eof20 + goto _test_eof21 } - st_case_20: + st_case_21: if data[p] == 32 { - goto tr31 + goto tr32 } if 48 <= data[p] && data[p] <= 57 { - goto st19 + goto st20 } goto tr0 - st21: + st22: if p++; p == pe { - goto _test_eof21 + goto _test_eof22 } - st_case_21: + st_case_22: switch data[p] { case 32: - goto tr31 + goto tr32 case 43: - goto st20 + goto st21 case 58: - goto st20 + goto st21 } switch { case data[p] < 48: if 45 <= data[p] && data[p] <= 46 { - goto st20 + goto st21 } case data[p] > 57: switch { case data[p] > 90: if 97 <= data[p] && data[p] <= 122 { - goto st20 + goto st21 } case data[p] >= 65: - goto st20 + goto st21 } default: - goto st21 + goto st22 } goto tr0 tr9: @@ -555,7 +529,7 @@ func parseRFC5424(data string) (message, error) { errs = multierr.Append(errs, &ValidationError{Err: err, Pos: tok + 1}) } - goto st22 + goto st23 tr6: if err := m.setPriority(data[tok:p]); err != nil { @@ -564,12 +538,12 @@ func parseRFC5424(data string) (message, error) { tok = p - goto st22 - st22: + goto st23 + st23: if p++; p == pe { - goto _test_eof22 + goto _test_eof23 } - st_case_22: + st_case_23: switch data[p] { case 32: goto tr7 @@ -626,36 +600,27 @@ func parseRFC5424(data string) (message, error) { _test_eof16: cs = 16 goto _test_eof - _test_eof23: - cs = 23 - goto _test_eof _test_eof24: cs = 24 goto _test_eof _test_eof25: cs = 25 goto _test_eof + _test_eof26: + cs = 26 + goto _test_eof _test_eof17: cs = 17 goto _test_eof _test_eof18: cs = 18 goto _test_eof - _test_eof26: - cs = 26 + _test_eof19: + cs = 19 goto _test_eof _test_eof27: cs = 27 goto _test_eof - _test_eof28: - cs = 28 - goto _test_eof - _test_eof29: - cs = 29 - goto _test_eof - _test_eof19: - cs = 19 - goto _test_eof _test_eof20: cs = 20 goto _test_eof @@ -665,37 +630,34 @@ func parseRFC5424(data string) (message, error) { _test_eof22: cs = 22 goto _test_eof + _test_eof23: + cs = 23 + goto _test_eof _test_eof: { } if p == eof { switch cs { - case 25, 28: + case 26: m.setMsg(data[tok:p]) - case 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22: + case 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23: errs = multierr.Append(errs, &ParseError{Err: io.ErrUnexpectedEOF, Pos: p + 1}) p-- - case 26: + case 27: m.setRawSDValue(data[tok:p]) - case 24, 27: + case 25: tok = p m.setMsg(data[tok:p]) - case 29: - - m.setRawSDValue(data[tok:p]) - - m.setMsg(data[tok:p]) - } } @@ -1842,7 +1804,7 @@ func parseStructuredData(data string) map[string]interface{} { tr43: if subMap, ok := structuredData[s.sdID].(map[string]interface{}); ok { - subMap[s.sdParamName] = removeBytes(data[tok:p], s.sdValueEscapes, p) + subMap[s.sdParamName] = removeBytes(data[tok:p], s.sdValueEscapes, tok) } s.sdValueEscapes = nil diff --git a/libbeat/reader/syslog/rfc5424_test.go b/libbeat/reader/syslog/rfc5424_test.go index 47cb9ee0e363..51a3873743e8 100644 --- a/libbeat/reader/syslog/rfc5424_test.go +++ b/libbeat/reader/syslog/rfc5424_test.go @@ -98,8 +98,53 @@ func TestParseRFC5424(t *testing.T) { rawSDValue: `[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]`, }, }, + "sd-with-escape": { + in: `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" somekey="[value\] more data"][examplePriority@32473 class="high"] This is a message`, + want: message{ + timestamp: mustParseTime(time.RFC3339Nano, "2003-10-11T22:14:15.003Z", nil), + priority: 165, + facility: 20, + severity: 5, + version: 1, + hostname: "mymachine.example.com", + process: "evntslog", + msgID: "ID47", + msg: "This is a message", + rawSDValue: `[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" somekey="[value\] more data"][examplePriority@32473 class="high"]`, + }, + }, + "sd-with-escape-2": { + in: `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" somekey="[value\] more data"][examplePriority@32473 class="high"] Some message [value] more data`, + want: message{ + timestamp: mustParseTime(time.RFC3339Nano, "2003-10-11T22:14:15.003Z", nil), + priority: 165, + facility: 20, + severity: 5, + version: 1, + hostname: "mymachine.example.com", + process: "evntslog", + msgID: "ID47", + msg: "Some message [value] more data", + rawSDValue: `[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" somekey="[value\] more data"][examplePriority@32473 class="high"]`, + }, + }, + "sd-with-escape-3": { + in: `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" somekey="[value\] more data"][examplePriority@32473 class="high"] ` + utf8BOM + `Some message [value] more data`, + want: message{ + timestamp: mustParseTime(time.RFC3339Nano, "2003-10-11T22:14:15.003Z", nil), + priority: 165, + facility: 20, + severity: 5, + version: 1, + hostname: "mymachine.example.com", + process: "evntslog", + msgID: "ID47", + msg: "Some message [value] more data", + rawSDValue: `[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" somekey="[value\] more data"][examplePriority@32473 class="high"]`, + }, + }, "non-compliant-sd": { - in: `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"]`, + in: `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster\]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"]`, want: message{ timestamp: mustParseTime(time.RFC3339Nano, "2003-10-11T22:14:15.003Z", nil), priority: 165, @@ -109,11 +154,11 @@ func TestParseRFC5424(t *testing.T) { hostname: "mymachine.example.com", process: "evntslog", msgID: "ID47", - rawSDValue: `[action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"]`, + rawSDValue: `[action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster\]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"]`, }, }, "non-compliant-sd-with-msg": { - in: `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"] This is a test message`, + in: `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster\]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"] This is a test message`, want: message{ timestamp: mustParseTime(time.RFC3339Nano, "2003-10-11T22:14:15.003Z", nil), priority: 165, @@ -123,7 +168,7 @@ func TestParseRFC5424(t *testing.T) { hostname: "mymachine.example.com", process: "evntslog", msgID: "ID47", - rawSDValue: `[action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"]`, + rawSDValue: `[action:"Drop"; flags:"278528"; ifdir:"inbound"; ifname:"bond1.3999"; loguid:"{0x60928f1d,0x8,0x40de101f,0xfcdbb197}"; origin:"127.0.0.1"; originsicname:"CN=CP,O=cp.com.9jjkfo"; sequencenum:"62"; time:"1620217629"; version:"5"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={F6212FB3-54CE-6344-9164-B224119E2B92};mgmt=cp-m;date=1620031791;policy_name=CP-Cluster\]"; action_reason:"Dropped by multiportal infrastructure"; dst:"81.2.69.144"; product:"VPN & FireWall"; proto:"6"; s_port:"52780"; service:"80"; src:"81.2.69.144"]`, msg: "This is a test message", }, }, diff --git a/libbeat/tests/integration/http_test.go b/libbeat/tests/integration/http_test.go index bb2f7bde924a..41382ab9e090 100644 --- a/libbeat/tests/integration/http_test.go +++ b/libbeat/tests/integration/http_test.go @@ -21,7 +21,7 @@ package integration import ( "encoding/json" - "io/ioutil" + "io" "net/http" "testing" "time" @@ -57,12 +57,14 @@ output.console: mockbeat.WriteConfigFile(cfg) mockbeat.Start() mockbeat.WaitForLogs("Starting stats endpoint", 60*time.Second) + time.Sleep(time.Second) - r, err := http.Get("http://localhost:5066") + r, err := http.Get("http://localhost:5066") //nolint:noctx // fine for tests require.NoError(t, err) require.Equal(t, http.StatusOK, r.StatusCode, "incorrect status code") - body, err := ioutil.ReadAll(r.Body) + body, err := io.ReadAll(r.Body) + r.Body.Close() require.NoError(t, err) var m map[string]interface{} err = json.Unmarshal(body, &m) @@ -88,12 +90,14 @@ output.console: mockbeat.WriteConfigFile(cfg) mockbeat.Start() mockbeat.WaitForLogs("Starting stats endpoint", 60*time.Second) + time.Sleep(time.Second) - r, err := http.Get("http://localhost:5066/stats") + r, err := http.Get("http://localhost:5066/stats") //nolint:noctx // fine for tests require.NoError(t, err) require.Equal(t, http.StatusOK, r.StatusCode, "incorrect status code") - body, err := ioutil.ReadAll(r.Body) + body, err := io.ReadAll(r.Body) + r.Body.Close() require.NoError(t, err) var m Stats @@ -121,8 +125,10 @@ output.console: mockbeat.WriteConfigFile(cfg) mockbeat.Start() mockbeat.WaitForLogs("Starting stats endpoint", 60*time.Second) + time.Sleep(time.Second) - r, err := http.Get("http://localhost:5066/not-exist") + r, err := http.Get("http://localhost:5066/not-exist") //nolint:noctx // fine for tests + r.Body.Close() require.NoError(t, err) require.Equal(t, http.StatusNotFound, r.StatusCode, "incorrect status code") } @@ -143,8 +149,10 @@ output.console: mockbeat.WriteConfigFile(cfg) mockbeat.Start() mockbeat.WaitForLogs("Starting stats endpoint", 60*time.Second) + time.Sleep(time.Second) - r, err := http.Get("http://localhost:5066/debug/pprof/") + r, err := http.Get("http://localhost:5066/debug/pprof/") //nolint:noctx // fine for tests + r.Body.Close() require.NoError(t, err) require.Equal(t, http.StatusNotFound, r.StatusCode, "incorrect status code") } diff --git a/libbeat/version/version.go b/libbeat/version/version.go index 446abc1c0c24..3a20ff272eef 100644 --- a/libbeat/version/version.go +++ b/libbeat/version/version.go @@ -18,4 +18,4 @@ // Code generated by dev-tools/set_version package version -const defaultBeatVersion = "8.15.1" +const defaultBeatVersion = "8.15.2" diff --git a/metricbeat/docker-compose.yml b/metricbeat/docker-compose.yml index fff77ee47199..26fdf4478a1b 100644 --- a/metricbeat/docker-compose.yml +++ b/metricbeat/docker-compose.yml @@ -17,11 +17,11 @@ services: # Used by base tests elasticsearch: - image: docker.elastic.co/integrations-ci/beats-elasticsearch:${ELASTICSEARCH_VERSION:-8.15.0}-1 + image: docker.elastic.co/integrations-ci/beats-elasticsearch:${ELASTICSEARCH_VERSION:-8.15.1}-1 build: context: ./module/elasticsearch/_meta args: - ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION:-8.15.0} + ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION:-8.15.1} environment: - "ES_JAVA_OPTS=-Xms256m -Xmx256m" - "transport.host=127.0.0.1" @@ -38,11 +38,11 @@ services: # Used by base tests kibana: - image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-8.15.0}-1 + image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-8.15.1}-1 build: context: ./module/kibana/_meta args: - KIBANA_VERSION: ${KIBANA_VERSION:-8.15.0} + KIBANA_VERSION: ${KIBANA_VERSION:-8.15.1} healthcheck: test: ["CMD-SHELL", "curl -u beats:testing -s http://localhost:5601/api/status?v8format=true | grep -q '\"overall\":{\"level\":\"available\"'"] retries: 600 @@ -53,11 +53,11 @@ services: # Used by base tests metricbeat: - image: docker.elastic.co/integrations-ci/beats-metricbeat:${BEAT_VERSION:-8.15.0}-1 + image: docker.elastic.co/integrations-ci/beats-metricbeat:${BEAT_VERSION:-8.15.1}-1 build: context: ./module/beat/_meta args: - BEAT_VERSION: ${BEAT_VERSION:-8.15.0} + BEAT_VERSION: ${BEAT_VERSION:-8.15.1} command: '-e' ports: - 5066:5066 diff --git a/metricbeat/docs/modules/system.asciidoc b/metricbeat/docs/modules/system.asciidoc index a5da08c4fff6..2fc3930d8444 100644 --- a/metricbeat/docs/modules/system.asciidoc +++ b/metricbeat/docs/modules/system.asciidoc @@ -29,6 +29,21 @@ https://gitlab.com/apparmor/apparmor/wikis/TechnicalDoc_Proc_and_ptrace[AppArmor and other LSM software], even though the System module doesn't use `ptrace` directly. +[TIP] +.How and when metrics are collected +==== +Certain metrics monitored by the System module require multiple values to be +collected. +For example, the `system.process.cpu.total.norm.pct` field reports the percentage +of CPU time spent by the process since the last event. For this percentage to be +determined, the process needs to appear at least twice so that a performance delta +can be calculated. + +Note that in some cases a field like this may be missing from the System module +metricset if the process has not been available long enough to be included in +two periods of metric collection. +==== + [float] === Dashboard diff --git a/metricbeat/helper/http.go b/metricbeat/helper/http.go index 9b8cf792879c..d90213d4f1f8 100644 --- a/metricbeat/helper/http.go +++ b/metricbeat/helper/http.go @@ -23,14 +23,15 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "net/http" + "os" + + "github.com/elastic/elastic-agent-libs/transport/httpcommon" + "github.com/elastic/elastic-agent-libs/useragent" "github.com/elastic/beats/v7/libbeat/version" "github.com/elastic/beats/v7/metricbeat/helper/dialer" "github.com/elastic/beats/v7/metricbeat/mb" - "github.com/elastic/elastic-agent-libs/transport/httpcommon" - "github.com/elastic/elastic-agent-libs/useragent" ) var userAgent = useragent.UserAgent("Metricbeat", version.GetDefaultVersion(), version.Commit(), version.BuildTime().String()) @@ -38,13 +39,14 @@ var userAgent = useragent.UserAgent("Metricbeat", version.GetDefaultVersion(), v // HTTP is a custom HTTP Client that handle the complexity of connection and retrieving information // from HTTP endpoint. type HTTP struct { - hostData mb.HostData - client *http.Client // HTTP client that is reused across requests. - headers http.Header - name string - uri string - method string - body []byte + hostData mb.HostData + bearerFile string + client *http.Client // HTTP client that is reused across requests. + headers http.Header + name string + uri string + method string + body []byte } // NewHTTP creates new http helper @@ -57,7 +59,7 @@ func NewHTTP(base mb.BaseMetricSet) (*HTTP, error) { return NewHTTPFromConfig(config, base.HostData()) } -// newHTTPWithConfig creates a new http helper from some configuration +// NewHTTPFromConfig newHTTPWithConfig creates a new http helper from some configuration func NewHTTPFromConfig(config Config, hostData mb.HostData) (*HTTP, error) { headers := http.Header{} if config.Headers == nil { @@ -96,12 +98,13 @@ func NewHTTPFromConfig(config Config, hostData mb.HostData) (*HTTP, error) { } return &HTTP{ - hostData: hostData, - client: client, - headers: headers, - method: "GET", - uri: hostData.SanitizedURI, - body: nil, + hostData: hostData, + bearerFile: config.BearerTokenFile, + client: client, + headers: headers, + method: "GET", + uri: hostData.SanitizedURI, + body: nil, }, nil } @@ -126,7 +129,7 @@ func (h *HTTP) FetchResponse() (*http.Response, error) { resp, err := h.client.Do(req) if err != nil { - return nil, fmt.Errorf("error making http request: %v", err) + return nil, fmt.Errorf("error making http request: %w", err) } return resp, nil @@ -179,7 +182,7 @@ func (h *HTTP) FetchContent() ([]byte, error) { return nil, fmt.Errorf("HTTP error %d in %s: %s", resp.StatusCode, h.name, resp.Status) } - return ioutil.ReadAll(resp.Body) + return io.ReadAll(resp.Body) } // FetchScanner returns a Scanner for the content. @@ -210,11 +213,23 @@ func (h *HTTP) FetchJSON() (map[string]interface{}, error) { return data, nil } -// getAuthHeaderFromToken reads a bearer authorizaiton token from the given file +func (h *HTTP) RefreshAuthorizationHeader() (bool, error) { + if h.bearerFile != "" { + header, err := getAuthHeaderFromToken(h.bearerFile) + if err != nil { + return false, err + } + h.headers.Set("Authorization", header) + return true, nil + } + return false, nil +} + +// getAuthHeaderFromToken reads a bearer authorization token from the given file func getAuthHeaderFromToken(path string) (string, error) { var token string - b, err := ioutil.ReadFile(path) + b, err := os.ReadFile(path) if err != nil { return "", fmt.Errorf("reading bearer token file: %w", err) } diff --git a/metricbeat/helper/http_test.go b/metricbeat/helper/http_test.go index 2fbfea0d1ad4..142fd2eea06e 100644 --- a/metricbeat/helper/http_test.go +++ b/metricbeat/helper/http_test.go @@ -24,6 +24,7 @@ import ( "net/http" "net/http/httptest" "os" + "path/filepath" "runtime" "testing" "time" @@ -294,6 +295,42 @@ func TestUserAgentCheck(t *testing.T) { assert.Contains(t, ua, "Metricbeat") } +func TestRefreshAuthorizationHeader(t *testing.T) { + path := t.TempDir() + bearerFileName := "token" + bearerFilePath := filepath.Join(path, bearerFileName) + + getAuth := func(helper *HTTP) string { + for k, v := range helper.headers { + if k == "Authorization" { + return v[0] + } + } + return "" + } + + firstToken := "token-1" + err := os.WriteFile(bearerFilePath, []byte(firstToken), 0644) + assert.NoError(t, err) + + helper := &HTTP{bearerFile: bearerFilePath, headers: make(http.Header)} + updated, err := helper.RefreshAuthorizationHeader() + assert.NoError(t, err) + assert.True(t, updated) + expected := fmt.Sprintf("Bearer %s", firstToken) + assert.Equal(t, expected, getAuth(helper)) + + secondToken := "token-2" + err = os.WriteFile(bearerFilePath, []byte(secondToken), 0644) + assert.NoError(t, err) + + updated, err = helper.RefreshAuthorizationHeader() + assert.NoError(t, err) + assert.True(t, updated) + expected = fmt.Sprintf("Bearer %s", secondToken) + assert.Equal(t, expected, getAuth(helper)) +} + func checkTimeout(t *testing.T, h *HTTP) { t.Helper() diff --git a/metricbeat/module/kubernetes/container/container.go b/metricbeat/module/kubernetes/container/container.go index d1071f613de8..e48926215483 100644 --- a/metricbeat/module/kubernetes/container/container.go +++ b/metricbeat/module/kubernetes/container/container.go @@ -20,12 +20,13 @@ package container import ( "fmt" + "github.com/elastic/elastic-agent-libs/mapstr" + "github.com/elastic/beats/v7/metricbeat/helper" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/beats/v7/metricbeat/mb/parse" k8smod "github.com/elastic/beats/v7/metricbeat/module/kubernetes" "github.com/elastic/beats/v7/metricbeat/module/kubernetes/util" - "github.com/elastic/elastic-agent-libs/mapstr" ) const ( diff --git a/metricbeat/module/kubernetes/kubernetes.go b/metricbeat/module/kubernetes/kubernetes.go index 23611e0b63c5..238b8ec21d46 100644 --- a/metricbeat/module/kubernetes/kubernetes.go +++ b/metricbeat/module/kubernetes/kubernetes.go @@ -19,6 +19,8 @@ package kubernetes import ( "fmt" + httpnet "net/http" + "strings" "sync" "time" @@ -123,7 +125,7 @@ func (m *module) GetStateMetricsFamilies(prometheus p.Prometheus) ([]*p.MetricFa defer m.kubeStateMetricsCache.lock.Unlock() now := time.Now() - // NOTE: These entries will be never removed, this can be a leak if + // NOTE: These entries will never be removed, this can be a leak if // metricbeat is used to monitor clusters dynamically created. // (https://github.com/elastic/beats/pull/25640#discussion_r633395213) familiesCache := m.kubeStateMetricsCache.getCacheMapEntry(m.cacheHash) @@ -142,13 +144,32 @@ func (m *module) GetKubeletStats(http *helper.HTTP) ([]byte, error) { now := time.Now() - // NOTE: These entries will be never removed, this can be a leak if + // NOTE: These entries will never be removed, this can be a leak if // metricbeat is used to monitor clusters dynamically created. // (https://github.com/elastic/beats/pull/25640#discussion_r633395213) statsCache := m.kubeletStatsCache.getCacheMapEntry(m.cacheHash) + // Check if the last time we tried to make a request to the Kubelet API ended in a 401 Unauthorized error. + // If this is the case, we should not keep making requests. + errorUnauthorisedMsg := fmt.Sprintf("HTTP error %d", httpnet.StatusUnauthorized) + if statsCache.lastFetchErr != nil && strings.Contains(statsCache.lastFetchErr.Error(), errorUnauthorisedMsg) { + return statsCache.sharedStats, statsCache.lastFetchErr + } + + // If this is the first request, or it has passed more time than config.period, we should + // make a request to the Kubelet API again to get the last metrics' values. if statsCache.lastFetchTimestamp.IsZero() || now.Sub(statsCache.lastFetchTimestamp) > m.Config().Period { statsCache.sharedStats, statsCache.lastFetchErr = http.FetchContent() + + // If we got an unauthorized error from our HTTP request, it is possible the token has expired. + // We should update the Authorization header in that case. We only try this for the first time + // we get HTTP 401 to avoid getting in a loop in case the cause of the error is something different. + if statsCache.lastFetchErr != nil && strings.Contains(statsCache.lastFetchErr.Error(), errorUnauthorisedMsg) { + if _, err := http.RefreshAuthorizationHeader(); err == nil { + statsCache.sharedStats, statsCache.lastFetchErr = http.FetchContent() + } + } + statsCache.lastFetchTimestamp = now } diff --git a/metricbeat/module/system/_meta/docs.asciidoc b/metricbeat/module/system/_meta/docs.asciidoc index 8a106240d784..3b3dc461ebe4 100644 --- a/metricbeat/module/system/_meta/docs.asciidoc +++ b/metricbeat/module/system/_meta/docs.asciidoc @@ -18,6 +18,21 @@ https://gitlab.com/apparmor/apparmor/wikis/TechnicalDoc_Proc_and_ptrace[AppArmor and other LSM software], even though the System module doesn't use `ptrace` directly. +[TIP] +.How and when metrics are collected +==== +Certain metrics monitored by the System module require multiple values to be +collected. +For example, the `system.process.cpu.total.norm.pct` field reports the percentage +of CPU time spent by the process since the last event. For this percentage to be +determined, the process needs to appear at least twice so that a performance delta +can be calculated. + +Note that in some cases a field like this may be missing from the System module +metricset if the process has not been available long enough to be included in +two periods of metric collection. +==== + [float] === Dashboard diff --git a/metricbeat/modules.d/aerospike.yml.disabled b/metricbeat/modules.d/aerospike.yml.disabled index 35aad6b8e406..327fb2495249 100644 --- a/metricbeat/modules.d/aerospike.yml.disabled +++ b/metricbeat/modules.d/aerospike.yml.disabled @@ -1,5 +1,5 @@ # Module: aerospike -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-aerospike.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-aerospike.html - module: aerospike #metricsets: diff --git a/metricbeat/modules.d/apache.yml.disabled b/metricbeat/modules.d/apache.yml.disabled index 9c3adaa97d80..cdf0afe63b43 100644 --- a/metricbeat/modules.d/apache.yml.disabled +++ b/metricbeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-apache.html - module: apache #metricsets: diff --git a/metricbeat/modules.d/beat-xpack.yml.disabled b/metricbeat/modules.d/beat-xpack.yml.disabled index 98cd8c7edefb..3565decbc9a7 100644 --- a/metricbeat/modules.d/beat-xpack.yml.disabled +++ b/metricbeat/modules.d/beat-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-beat.html - module: beat xpack.enabled: true diff --git a/metricbeat/modules.d/beat.yml.disabled b/metricbeat/modules.d/beat.yml.disabled index cb26d83a5cf6..222fd00c2aaa 100644 --- a/metricbeat/modules.d/beat.yml.disabled +++ b/metricbeat/modules.d/beat.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-beat.html - module: beat metricsets: diff --git a/metricbeat/modules.d/ceph-mgr.yml.disabled b/metricbeat/modules.d/ceph-mgr.yml.disabled index 9d06114f79f7..35f0e766fd2d 100644 --- a/metricbeat/modules.d/ceph-mgr.yml.disabled +++ b/metricbeat/modules.d/ceph-mgr.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-ceph.html - module: ceph metricsets: diff --git a/metricbeat/modules.d/ceph.yml.disabled b/metricbeat/modules.d/ceph.yml.disabled index 550ea8fe6ea4..6494e5eb49c0 100644 --- a/metricbeat/modules.d/ceph.yml.disabled +++ b/metricbeat/modules.d/ceph.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-ceph.html - module: ceph #metricsets: diff --git a/metricbeat/modules.d/consul.yml.disabled b/metricbeat/modules.d/consul.yml.disabled index 9344dd8c999f..52e11d92ca5b 100644 --- a/metricbeat/modules.d/consul.yml.disabled +++ b/metricbeat/modules.d/consul.yml.disabled @@ -1,5 +1,5 @@ # Module: consul -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-consul.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-consul.html - module: consul metricsets: diff --git a/metricbeat/modules.d/couchbase.yml.disabled b/metricbeat/modules.d/couchbase.yml.disabled index 088f98b45c5c..c1b52745766d 100644 --- a/metricbeat/modules.d/couchbase.yml.disabled +++ b/metricbeat/modules.d/couchbase.yml.disabled @@ -1,5 +1,5 @@ # Module: couchbase -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-couchbase.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-couchbase.html - module: couchbase #metricsets: diff --git a/metricbeat/modules.d/couchdb.yml.disabled b/metricbeat/modules.d/couchdb.yml.disabled index 2a2eb9a5613b..725623d993c3 100644 --- a/metricbeat/modules.d/couchdb.yml.disabled +++ b/metricbeat/modules.d/couchdb.yml.disabled @@ -1,5 +1,5 @@ # Module: couchdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-couchdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-couchdb.html - module: couchdb metricsets: ["server"] diff --git a/metricbeat/modules.d/docker.yml.disabled b/metricbeat/modules.d/docker.yml.disabled index 88af5d212889..b4e17eea3b3d 100644 --- a/metricbeat/modules.d/docker.yml.disabled +++ b/metricbeat/modules.d/docker.yml.disabled @@ -1,5 +1,5 @@ # Module: docker -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-docker.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-docker.html - module: docker #metricsets: diff --git a/metricbeat/modules.d/dropwizard.yml.disabled b/metricbeat/modules.d/dropwizard.yml.disabled index 1103a314d1d5..0f8b39b2798f 100644 --- a/metricbeat/modules.d/dropwizard.yml.disabled +++ b/metricbeat/modules.d/dropwizard.yml.disabled @@ -1,5 +1,5 @@ # Module: dropwizard -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-dropwizard.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-dropwizard.html - module: dropwizard #metricsets: diff --git a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled index b69fe6b87f9c..a4387fe83590 100644 --- a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled +++ b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-elasticsearch.html - module: elasticsearch xpack.enabled: true diff --git a/metricbeat/modules.d/elasticsearch.yml.disabled b/metricbeat/modules.d/elasticsearch.yml.disabled index 33983e4ac14b..8f679310ab62 100644 --- a/metricbeat/modules.d/elasticsearch.yml.disabled +++ b/metricbeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-elasticsearch.html - module: elasticsearch #metricsets: diff --git a/metricbeat/modules.d/envoyproxy.yml.disabled b/metricbeat/modules.d/envoyproxy.yml.disabled index ca75daff0850..4b4c54d87167 100644 --- a/metricbeat/modules.d/envoyproxy.yml.disabled +++ b/metricbeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-envoyproxy.html - module: envoyproxy #metricsets: diff --git a/metricbeat/modules.d/etcd.yml.disabled b/metricbeat/modules.d/etcd.yml.disabled index 5aa30fb86e7a..a2539396ee6e 100644 --- a/metricbeat/modules.d/etcd.yml.disabled +++ b/metricbeat/modules.d/etcd.yml.disabled @@ -1,5 +1,5 @@ # Module: etcd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-etcd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-etcd.html - module: etcd #metricsets: diff --git a/metricbeat/modules.d/golang.yml.disabled b/metricbeat/modules.d/golang.yml.disabled index 9f9e5624fa30..a183aa9dc41b 100644 --- a/metricbeat/modules.d/golang.yml.disabled +++ b/metricbeat/modules.d/golang.yml.disabled @@ -1,5 +1,5 @@ # Module: golang -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-golang.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-golang.html - module: golang #metricsets: diff --git a/metricbeat/modules.d/graphite.yml.disabled b/metricbeat/modules.d/graphite.yml.disabled index 3354715923c4..12f580d187a9 100644 --- a/metricbeat/modules.d/graphite.yml.disabled +++ b/metricbeat/modules.d/graphite.yml.disabled @@ -1,5 +1,5 @@ # Module: graphite -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-graphite.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-graphite.html - module: graphite #metricsets: diff --git a/metricbeat/modules.d/haproxy.yml.disabled b/metricbeat/modules.d/haproxy.yml.disabled index e95f687253d2..d0b2250c0c08 100644 --- a/metricbeat/modules.d/haproxy.yml.disabled +++ b/metricbeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-haproxy.html - module: haproxy #metricsets: diff --git a/metricbeat/modules.d/http.yml.disabled b/metricbeat/modules.d/http.yml.disabled index 63ebd2ee0935..ee88f0761bb1 100644 --- a/metricbeat/modules.d/http.yml.disabled +++ b/metricbeat/modules.d/http.yml.disabled @@ -1,5 +1,5 @@ # Module: http -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-http.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-http.html - module: http #metricsets: diff --git a/metricbeat/modules.d/jolokia.yml.disabled b/metricbeat/modules.d/jolokia.yml.disabled index b58782353ecd..0b307cfc832e 100644 --- a/metricbeat/modules.d/jolokia.yml.disabled +++ b/metricbeat/modules.d/jolokia.yml.disabled @@ -1,5 +1,5 @@ # Module: jolokia -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-jolokia.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-jolokia.html - module: jolokia #metricsets: ["jmx"] diff --git a/metricbeat/modules.d/kafka.yml.disabled b/metricbeat/modules.d/kafka.yml.disabled index afafa7e5a4c5..0eb633a0f0cf 100644 --- a/metricbeat/modules.d/kafka.yml.disabled +++ b/metricbeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-kafka.html # Kafka metrics collected using the Kafka protocol - module: kafka diff --git a/metricbeat/modules.d/kibana-xpack.yml.disabled b/metricbeat/modules.d/kibana-xpack.yml.disabled index 91471a7c212b..f486cf4cf52c 100644 --- a/metricbeat/modules.d/kibana-xpack.yml.disabled +++ b/metricbeat/modules.d/kibana-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-kibana.html - module: kibana xpack.enabled: true diff --git a/metricbeat/modules.d/kibana.yml.disabled b/metricbeat/modules.d/kibana.yml.disabled index 27ca4b1a05fe..a64c94f12a3d 100644 --- a/metricbeat/modules.d/kibana.yml.disabled +++ b/metricbeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-kibana.html - module: kibana #metricsets: diff --git a/metricbeat/modules.d/kubernetes.yml.disabled b/metricbeat/modules.d/kubernetes.yml.disabled index 12bbeee26ca5..aef10354b54b 100644 --- a/metricbeat/modules.d/kubernetes.yml.disabled +++ b/metricbeat/modules.d/kubernetes.yml.disabled @@ -1,5 +1,5 @@ # Module: kubernetes -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kubernetes.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-kubernetes.html # Node metrics, from kubelet: - module: kubernetes diff --git a/metricbeat/modules.d/kvm.yml.disabled b/metricbeat/modules.d/kvm.yml.disabled index 00e06354b0b2..b3bfe761980d 100644 --- a/metricbeat/modules.d/kvm.yml.disabled +++ b/metricbeat/modules.d/kvm.yml.disabled @@ -1,5 +1,5 @@ # Module: kvm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kvm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-kvm.html - module: kvm #metricsets: diff --git a/metricbeat/modules.d/linux.yml.disabled b/metricbeat/modules.d/linux.yml.disabled index 2c28e8bcbd07..56b443d6228c 100644 --- a/metricbeat/modules.d/linux.yml.disabled +++ b/metricbeat/modules.d/linux.yml.disabled @@ -1,5 +1,5 @@ # Module: linux -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-linux.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-linux.html - module: linux period: 10s diff --git a/metricbeat/modules.d/logstash-xpack.yml.disabled b/metricbeat/modules.d/logstash-xpack.yml.disabled index b00f4479919a..c4ddcb80826a 100644 --- a/metricbeat/modules.d/logstash-xpack.yml.disabled +++ b/metricbeat/modules.d/logstash-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-logstash.html - module: logstash xpack.enabled: true diff --git a/metricbeat/modules.d/logstash.yml.disabled b/metricbeat/modules.d/logstash.yml.disabled index 90274a3c7281..756db0ac2d03 100644 --- a/metricbeat/modules.d/logstash.yml.disabled +++ b/metricbeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-logstash.html - module: logstash #metricsets: diff --git a/metricbeat/modules.d/memcached.yml.disabled b/metricbeat/modules.d/memcached.yml.disabled index 0df976bb0bf6..a9a014e4ac27 100644 --- a/metricbeat/modules.d/memcached.yml.disabled +++ b/metricbeat/modules.d/memcached.yml.disabled @@ -1,5 +1,5 @@ # Module: memcached -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-memcached.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-memcached.html - module: memcached # metricsets: ["stats"] diff --git a/metricbeat/modules.d/mongodb.yml.disabled b/metricbeat/modules.d/mongodb.yml.disabled index 48705eae39f6..73279f8a5fd7 100644 --- a/metricbeat/modules.d/mongodb.yml.disabled +++ b/metricbeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-mongodb.html - module: mongodb #metricsets: diff --git a/metricbeat/modules.d/munin.yml.disabled b/metricbeat/modules.d/munin.yml.disabled index 803d200561ba..35b70d7cad77 100644 --- a/metricbeat/modules.d/munin.yml.disabled +++ b/metricbeat/modules.d/munin.yml.disabled @@ -1,5 +1,5 @@ # Module: munin -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-munin.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-munin.html - module: munin #metricsets: diff --git a/metricbeat/modules.d/mysql.yml.disabled b/metricbeat/modules.d/mysql.yml.disabled index 27dcc1e59ea5..458f49e4641f 100644 --- a/metricbeat/modules.d/mysql.yml.disabled +++ b/metricbeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-mysql.html - module: mysql #metricsets: diff --git a/metricbeat/modules.d/nats.yml.disabled b/metricbeat/modules.d/nats.yml.disabled index e1e751cdb495..f8582d4f3c98 100644 --- a/metricbeat/modules.d/nats.yml.disabled +++ b/metricbeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-nats.html - module: nats metricsets: diff --git a/metricbeat/modules.d/nginx.yml.disabled b/metricbeat/modules.d/nginx.yml.disabled index 40c3bea92e55..fc968f981993 100644 --- a/metricbeat/modules.d/nginx.yml.disabled +++ b/metricbeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-nginx.html - module: nginx #metricsets: diff --git a/metricbeat/modules.d/openmetrics.yml.disabled b/metricbeat/modules.d/openmetrics.yml.disabled index bebd339a1a27..d9f0b9a62768 100644 --- a/metricbeat/modules.d/openmetrics.yml.disabled +++ b/metricbeat/modules.d/openmetrics.yml.disabled @@ -1,5 +1,5 @@ # Module: openmetrics -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-openmetrics.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-openmetrics.html - module: openmetrics metricsets: ['collector'] diff --git a/metricbeat/modules.d/php_fpm.yml.disabled b/metricbeat/modules.d/php_fpm.yml.disabled index 0ca2ac5c1df1..70ec40017812 100644 --- a/metricbeat/modules.d/php_fpm.yml.disabled +++ b/metricbeat/modules.d/php_fpm.yml.disabled @@ -1,5 +1,5 @@ # Module: php_fpm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-php_fpm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-php_fpm.html - module: php_fpm #metricsets: diff --git a/metricbeat/modules.d/postgresql.yml.disabled b/metricbeat/modules.d/postgresql.yml.disabled index fe2e5858dfb6..fb75f7a2c122 100644 --- a/metricbeat/modules.d/postgresql.yml.disabled +++ b/metricbeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-postgresql.html - module: postgresql #metricsets: diff --git a/metricbeat/modules.d/prometheus.yml.disabled b/metricbeat/modules.d/prometheus.yml.disabled index f829e3d89da3..26dd76325205 100644 --- a/metricbeat/modules.d/prometheus.yml.disabled +++ b/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-prometheus.html # Metrics collected from a Prometheus endpoint - module: prometheus diff --git a/metricbeat/modules.d/rabbitmq.yml.disabled b/metricbeat/modules.d/rabbitmq.yml.disabled index b6967556f838..4ad534cb527e 100644 --- a/metricbeat/modules.d/rabbitmq.yml.disabled +++ b/metricbeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-rabbitmq.html - module: rabbitmq #metricsets: diff --git a/metricbeat/modules.d/redis.yml.disabled b/metricbeat/modules.d/redis.yml.disabled index 99a7288e5ee1..5a6377232c90 100644 --- a/metricbeat/modules.d/redis.yml.disabled +++ b/metricbeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-redis.html - module: redis #metricsets: diff --git a/metricbeat/modules.d/system.yml b/metricbeat/modules.d/system.yml index 4123ea00f332..1a8e3cc27e18 100644 --- a/metricbeat/modules.d/system.yml +++ b/metricbeat/modules.d/system.yml @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-system.html - module: system period: 10s diff --git a/metricbeat/modules.d/traefik.yml.disabled b/metricbeat/modules.d/traefik.yml.disabled index b186538f4e19..2151cb020fad 100644 --- a/metricbeat/modules.d/traefik.yml.disabled +++ b/metricbeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-traefik.html - module: traefik metricsets: ["health"] diff --git a/metricbeat/modules.d/uwsgi.yml.disabled b/metricbeat/modules.d/uwsgi.yml.disabled index 7ac6322064c1..b3f9211092ff 100644 --- a/metricbeat/modules.d/uwsgi.yml.disabled +++ b/metricbeat/modules.d/uwsgi.yml.disabled @@ -1,5 +1,5 @@ # Module: uwsgi -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-uwsgi.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-uwsgi.html - module: uwsgi #metricsets: diff --git a/metricbeat/modules.d/vsphere.yml.disabled b/metricbeat/modules.d/vsphere.yml.disabled index 874b3b5b2e89..ede326e4ec26 100644 --- a/metricbeat/modules.d/vsphere.yml.disabled +++ b/metricbeat/modules.d/vsphere.yml.disabled @@ -1,5 +1,5 @@ # Module: vsphere -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-vsphere.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-vsphere.html - module: vsphere #metricsets: diff --git a/metricbeat/modules.d/windows.yml.disabled b/metricbeat/modules.d/windows.yml.disabled index afe1af593116..43d05a9eff4f 100644 --- a/metricbeat/modules.d/windows.yml.disabled +++ b/metricbeat/modules.d/windows.yml.disabled @@ -1,5 +1,5 @@ # Module: windows -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-windows.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-windows.html - module: windows metricsets: diff --git a/metricbeat/modules.d/zookeeper.yml.disabled b/metricbeat/modules.d/zookeeper.yml.disabled index f8d16c527a66..d201433ceda2 100644 --- a/metricbeat/modules.d/zookeeper.yml.disabled +++ b/metricbeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-zookeeper.html - module: zookeeper #metricsets: diff --git a/testing/environments/latest.yml b/testing/environments/latest.yml index 4587bb70c4cc..d662ccc9ef71 100644 --- a/testing/environments/latest.yml +++ b/testing/environments/latest.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0 + image: docker.elastic.co/elasticsearch/elasticsearch:8.15.1 healthcheck: test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] retries: 300 @@ -19,7 +19,7 @@ services: - "script.context.template.cache_max_size=2000" logstash: - image: docker.elastic.co/logstash/logstash:8.15.0 + image: docker.elastic.co/logstash/logstash:8.15.1 healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 300 @@ -29,7 +29,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana:8.15.0 + image: docker.elastic.co/kibana/kibana:8.15.1 healthcheck: test: ["CMD", "curl", "-f", "http://localhost:5601"] retries: 300 diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index a59fe011e7f6..c74cc6c18e59 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.15.1-18f0c058-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:8.15.1-69336cfc-SNAPSHOT # When extend is used it merges healthcheck.tests, see: # https://github.com/docker/compose/issues/8962 # healthcheck: @@ -31,7 +31,7 @@ services: - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: - image: docker.elastic.co/logstash/logstash:8.15.1-18f0c058-SNAPSHOT + image: docker.elastic.co/logstash/logstash:8.15.1-69336cfc-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -44,7 +44,7 @@ services: - 5055:5055 kibana: - image: docker.elastic.co/kibana/kibana:8.15.1-18f0c058-SNAPSHOT + image: docker.elastic.co/kibana/kibana:8.15.1-69336cfc-SNAPSHOT environment: - "ELASTICSEARCH_USERNAME=kibana_system_user" - "ELASTICSEARCH_PASSWORD=testing" diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index 5e2cc02a4c94..fcca6f27de86 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -15,6 +15,7 @@ import ( // Import packages that perform 'func init()'. _ "github.com/elastic/beats/v7/x-pack/filebeat/input/awscloudwatch" _ "github.com/elastic/beats/v7/x-pack/filebeat/input/awss3" + _ "github.com/elastic/beats/v7/x-pack/filebeat/input/azureeventhub" _ "github.com/elastic/beats/v7/x-pack/filebeat/input/cometd" _ "github.com/elastic/beats/v7/x-pack/filebeat/input/etw" _ "github.com/elastic/beats/v7/x-pack/filebeat/input/gcppubsub" diff --git a/x-pack/filebeat/input/awss3/interfaces.go b/x-pack/filebeat/input/awss3/interfaces.go index b5a0c408ae22..5e9eb13d243a 100644 --- a/x-pack/filebeat/input/awss3/interfaces.go +++ b/x-pack/filebeat/input/awss3/interfaces.go @@ -305,7 +305,7 @@ func (a *awsS3API) clientFor(region string) *s3.Client { // Conditionally replace the client if the region of // the request does not match the pre-prepared client. opts := a.client.Options() - if opts.Region == region { + if region == "" || opts.Region == region { return a.client } // Use a cached client if we have already seen this region. diff --git a/x-pack/filebeat/input/awss3/interfaces_test.go b/x-pack/filebeat/input/awss3/interfaces_test.go new file mode 100644 index 000000000000..568486466d7b --- /dev/null +++ b/x-pack/filebeat/input/awss3/interfaces_test.go @@ -0,0 +1,25 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package awss3 + +import ( + "testing" + + "github.com/aws/aws-sdk-go-v2/service/s3" +) + +func TestAWSS3API_clientFor(t *testing.T) { + // When SQS notifications do not contain a region (like Crowdstrike FDR's + // custom notifications), then the default pre-made S3 client should be used. + t.Run("empty_region_uses_pre_made_client", func(t *testing.T) { + want := s3.New(s3.Options{Region: "us-east-1"}) + api := newAWSs3API(want) + got := api.clientFor("") + + if want != got { + t.Errorf("Empty region should return the default premade client: want %p, got %p", want, got) + } + }) +} diff --git a/x-pack/filebeat/input/azureeventhub/tracer.go b/x-pack/filebeat/input/azureeventhub/tracer.go new file mode 100644 index 000000000000..f998a548e373 --- /dev/null +++ b/x-pack/filebeat/input/azureeventhub/tracer.go @@ -0,0 +1,117 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +//go:build !aix + +package azureeventhub + +import ( + "context" + + "github.com/devigned/tab" + + "github.com/elastic/elastic-agent-libs/logp" +) + +func init() { + tab.Register(new(logsOnlyTracer)) +} + +// logsOnlyTracer manages the creation of the required +// Spanners and Loggers with the goal of deferring logging +// to the `logp` package. +// +// According to the `github.com/devigned/tab package`, +// to implement a Tracer, you must provide the following +// three components: +// +// - Tracer +// - Spanner +// - Logger +// +// Since we are currently only interested in logging, we will +// implement a Tracer that only logs. +type logsOnlyTracer struct{} + +// ---------------------------------------------------------------------------- +// Tracer +// ---------------------------------------------------------------------------- + +// StartSpan returns the input context and a no-op Spanner +func (nt *logsOnlyTracer) StartSpan(ctx context.Context, operationName string, opts ...interface{}) (context.Context, tab.Spanner) { + return ctx, new(logsOnlySpanner) +} + +// StartSpanWithRemoteParent returns the input context and a no-op Spanner +func (nt *logsOnlyTracer) StartSpanWithRemoteParent(ctx context.Context, operationName string, carrier tab.Carrier, opts ...interface{}) (context.Context, tab.Spanner) { + return ctx, new(logsOnlySpanner) +} + +// FromContext returns a no-op Spanner without regard to the input context +func (nt *logsOnlyTracer) FromContext(ctx context.Context) tab.Spanner { + return new(logsOnlySpanner) +} + +// NewContext returns the parent context +func (nt *logsOnlyTracer) NewContext(parent context.Context, span tab.Spanner) context.Context { + return parent +} + +// ---------------------------------------------------------------------------- +// Spanner +// ---------------------------------------------------------------------------- + +// logsOnlySpanner is a Spanner implementation that focuses +// on logging only. +type logsOnlySpanner struct{} + +// AddAttributes is a no-op +func (ns *logsOnlySpanner) AddAttributes(attributes ...tab.Attribute) {} + +// End is a no-op +func (ns *logsOnlySpanner) End() {} + +// Logger returns a Logger implementation +func (ns *logsOnlySpanner) Logger() tab.Logger { + return &logpLogger{logp.L()} +} + +// Inject is no-op +func (ns *logsOnlySpanner) Inject(carrier tab.Carrier) error { + return nil +} + +// InternalSpan returns nil +func (ns *logsOnlySpanner) InternalSpan() interface{} { + return nil +} + +// ---------------------------------------------------------------------------- +// Logger +// ---------------------------------------------------------------------------- + +// logpLogger defers logging to the logp package +type logpLogger struct { + logger *logp.Logger +} + +// Info logs a message at info level +func (sl logpLogger) Info(msg string, attributes ...tab.Attribute) { + sl.logger.Info(msg) +} + +// Error logs a message at error level +func (sl logpLogger) Error(err error, attributes ...tab.Attribute) { + sl.logger.Error(err) +} + +// Fatal logs a message at Fatal level +func (sl logpLogger) Fatal(msg string, attributes ...tab.Attribute) { + sl.logger.Fatal(msg) +} + +// Debug logs a message at Debug level +func (sl logpLogger) Debug(msg string, attributes ...tab.Attribute) { + sl.logger.Debug(msg) +} diff --git a/x-pack/filebeat/input/azureeventhub/v2_input.go b/x-pack/filebeat/input/azureeventhub/v2_input.go index 03145163a493..4f3645f513f7 100644 --- a/x-pack/filebeat/input/azureeventhub/v2_input.go +++ b/x-pack/filebeat/input/azureeventhub/v2_input.go @@ -388,7 +388,7 @@ func (in *eventHubInputV2) workersLoop(ctx context.Context, processor *azeventhu go func() { in.log.Infow( "starting a partition worker", - "partition", partitionID, + "partition_id", partitionID, ) if err := in.processEventsForPartition(ctx, processorPartitionClient); err != nil { @@ -397,13 +397,13 @@ func (in *eventHubInputV2) workersLoop(ctx context.Context, processor *azeventhu in.log.Infow( "stopping processing events for partition", "reason", err, - "partition", partitionID, + "partition_id", partitionID, ) } in.log.Infow( "partition worker exited", - "partition", partitionID, + "partition_id", partitionID, ) }() } @@ -428,7 +428,10 @@ func (in *eventHubInputV2) processEventsForPartition(ctx context.Context, partit // 3/3 [END] Do cleanup here, like shutting down database clients // or other resources used for processing this partition. shutdownPartitionResources(ctx, partitionClient, pipelineClient) - in.log.Debugw("partition resources cleaned up", "partition", partitionID) + in.log.Debugw( + "partition resources cleaned up", + "partition_id", partitionID, + ) }() // 2/3 [CONTINUOUS] Receive events, checkpointing as needed using UpdateCheckpoint. @@ -444,7 +447,7 @@ func (in *eventHubInputV2) processEventsForPartition(ctx context.Context, partit if errors.As(err, &eventHubError) && eventHubError.Code == azeventhubs.ErrorCodeOwnershipLost { in.log.Infow( "ownership lost for partition, stopping processing", - "partition", partitionID, + "partition_id", partitionID, ) return nil @@ -454,6 +457,10 @@ func (in *eventHubInputV2) processEventsForPartition(ctx context.Context, partit } if len(events) == 0 { + in.log.Debugw( + "no events received", + "partition_id", partitionID, + ) continue } @@ -467,30 +474,32 @@ func (in *eventHubInputV2) processEventsForPartition(ctx context.Context, partit // processReceivedEvents func (in *eventHubInputV2) processReceivedEvents(receivedEvents []*azeventhubs.ReceivedEventData, partitionID string, pipelineClient beat.Client) error { processingStartTime := time.Now() - eventHubMetadata := mapstr.M{ - "partition_id": partitionID, - "eventhub": in.config.EventHubName, - "consumer_group": in.config.ConsumerGroup, - } for _, receivedEventData := range receivedEvents { + eventHubMetadata := mapstr.M{ + "partition_id": partitionID, + "eventhub": in.config.EventHubName, + "consumer_group": in.config.ConsumerGroup, + } + // Update input metrics. in.metrics.receivedMessages.Inc() in.metrics.receivedBytes.Add(uint64(len(receivedEventData.Body))) + _, _ = eventHubMetadata.Put("offset", receivedEventData.Offset) + _, _ = eventHubMetadata.Put("sequence_number", receivedEventData.SequenceNumber) + _, _ = eventHubMetadata.Put("enqueued_time", receivedEventData.EnqueuedTime) + + // The partition key is optional. + if receivedEventData.PartitionKey != nil { + _, _ = eventHubMetadata.Put("partition_key", *receivedEventData.PartitionKey) + } + // A single event can contain multiple records. // We create a new event for each record. records := in.messageDecoder.Decode(receivedEventData.Body) for _, record := range records { - _, _ = eventHubMetadata.Put("offset", receivedEventData.Offset) - _, _ = eventHubMetadata.Put("sequence_number", receivedEventData.SequenceNumber) - _, _ = eventHubMetadata.Put("enqueued_time", receivedEventData.EnqueuedTime) - - // The partition key is optional. - if receivedEventData.PartitionKey != nil { - _, _ = eventHubMetadata.Put("partition_key", *receivedEventData.PartitionKey) - } event := beat.Event{ // this is the default value for the @timestamp field; usually the ingest @@ -537,7 +546,7 @@ func initializePartitionResources(ctx context.Context, partitionClient *azeventh if !ok { log.Errorw( "error updating checkpoint", - "partition", partitionClient.PartitionID(), + "partition_id", partitionClient.PartitionID(), "acked", acked, "error", "invalid data type", "type", fmt.Sprintf("%T", data), @@ -555,7 +564,7 @@ func initializePartitionResources(ctx context.Context, partitionClient *azeventh log.Debugw( "checkpoint updated", - "partition", partitionClient.PartitionID(), + "partition_id", partitionClient.PartitionID(), "acked", acked, "sequence_number", receivedEventData.SequenceNumber, "offset", receivedEventData.Offset, diff --git a/x-pack/filebeat/input/default-inputs/inputs_windows.go b/x-pack/filebeat/input/default-inputs/inputs_windows.go index 7ec003623b6b..e63327634d4e 100644 --- a/x-pack/filebeat/input/default-inputs/inputs_windows.go +++ b/x-pack/filebeat/input/default-inputs/inputs_windows.go @@ -13,6 +13,7 @@ import ( "github.com/elastic/beats/v7/x-pack/filebeat/input/awscloudwatch" "github.com/elastic/beats/v7/x-pack/filebeat/input/awss3" "github.com/elastic/beats/v7/x-pack/filebeat/input/azureblobstorage" + "github.com/elastic/beats/v7/x-pack/filebeat/input/azureeventhub" "github.com/elastic/beats/v7/x-pack/filebeat/input/cel" "github.com/elastic/beats/v7/x-pack/filebeat/input/cloudfoundry" "github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics" @@ -29,6 +30,7 @@ import ( func xpackInputs(info beat.Info, log *logp.Logger, store beater.StateStore) []v2.Plugin { return []v2.Plugin{ azureblobstorage.Plugin(log, store), + azureeventhub.Plugin(log), cel.Plugin(log, store), cloudfoundry.Plugin(), entityanalytics.Plugin(log), diff --git a/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go b/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go index 988f44d08407..c27b7a67c4ed 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go +++ b/x-pack/filebeat/input/entityanalytics/provider/okta/okta.go @@ -695,6 +695,7 @@ func (p *oktaInput) publishUser(u *User, state *stateStore, inputID string, clie _, _ = userDoc.Put("okta", u.User) _, _ = userDoc.Put("labels.identity_source", inputID) _, _ = userDoc.Put("user.id", u.ID) + _, _ = userDoc.Put("groups", u.Groups) switch u.State { case Deleted: diff --git a/x-pack/filebeat/input/gcs/client.go b/x-pack/filebeat/input/gcs/client.go index 128ab753d926..7fd45d2d0a9c 100644 --- a/x-pack/filebeat/input/gcs/client.go +++ b/x-pack/filebeat/input/gcs/client.go @@ -6,10 +6,11 @@ package gcs import ( "context" - "errors" + "fmt" "net/url" "cloud.google.com/go/storage" + "golang.org/x/oauth2/google" "google.golang.org/api/option" "github.com/elastic/elastic-agent-libs/logp" @@ -30,5 +31,9 @@ func fetchStorageClient(ctx context.Context, cfg config, log *logp.Logger) (*sto } else if cfg.Auth.CredentialsFile != nil { return storage.NewClient(ctx, option.WithCredentialsFile(cfg.Auth.CredentialsFile.Path)) } - return nil, errors.New("no valid auth specified") + cred, err := google.FindDefaultCredentials(ctx, storage.ScopeReadOnly) + if err != nil { + return nil, fmt.Errorf("no valid auth specified: %w", err) + } + return storage.NewClient(ctx, option.WithCredentials(cred)) } diff --git a/x-pack/filebeat/modules.d/activemq.yml.disabled b/x-pack/filebeat/modules.d/activemq.yml.disabled index e19824686aef..f31b77d0a898 100644 --- a/x-pack/filebeat/modules.d/activemq.yml.disabled +++ b/x-pack/filebeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-activemq.html - module: activemq # Audit logs diff --git a/x-pack/filebeat/modules.d/aws.yml.disabled b/x-pack/filebeat/modules.d/aws.yml.disabled index c730b8aea074..0e8eb7ae03fc 100644 --- a/x-pack/filebeat/modules.d/aws.yml.disabled +++ b/x-pack/filebeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-aws.html - module: aws cloudtrail: diff --git a/x-pack/filebeat/modules.d/awsfargate.yml.disabled b/x-pack/filebeat/modules.d/awsfargate.yml.disabled index c2e96fd2f933..08511595be4e 100644 --- a/x-pack/filebeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/filebeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-awsfargate.html - module: awsfargate log: diff --git a/x-pack/filebeat/modules.d/azure.yml.disabled b/x-pack/filebeat/modules.d/azure.yml.disabled index 97eb4b9e4612..bc11ea70bbd1 100644 --- a/x-pack/filebeat/modules.d/azure.yml.disabled +++ b/x-pack/filebeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-azure.html - module: azure # All logs diff --git a/x-pack/filebeat/modules.d/cef.yml.disabled b/x-pack/filebeat/modules.d/cef.yml.disabled index 1834c8f4dbae..9fc2f81aafcd 100644 --- a/x-pack/filebeat/modules.d/cef.yml.disabled +++ b/x-pack/filebeat/modules.d/cef.yml.disabled @@ -1,5 +1,5 @@ # Module: cef -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cef.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-cef.html - module: cef log: diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled index 595beccdbffd..7af40dff5f45 100644 --- a/x-pack/filebeat/modules.d/checkpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/checkpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: checkpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-checkpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-checkpoint.html - module: checkpoint firewall: diff --git a/x-pack/filebeat/modules.d/cisco.yml.disabled b/x-pack/filebeat/modules.d/cisco.yml.disabled index 636ed03fcfd3..7ef935f0123d 100644 --- a/x-pack/filebeat/modules.d/cisco.yml.disabled +++ b/x-pack/filebeat/modules.d/cisco.yml.disabled @@ -1,5 +1,5 @@ # Module: cisco -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cisco.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-cisco.html - module: cisco asa: diff --git a/x-pack/filebeat/modules.d/coredns.yml.disabled b/x-pack/filebeat/modules.d/coredns.yml.disabled index bfcc3bba412e..75ebdfb63875 100644 --- a/x-pack/filebeat/modules.d/coredns.yml.disabled +++ b/x-pack/filebeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-coredns.html - module: coredns # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled index 8f30c4ed8995..53875b791907 100644 --- a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled +++ b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled @@ -1,5 +1,5 @@ # Module: crowdstrike -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-crowdstrike.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-crowdstrike.html - module: crowdstrike diff --git a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled index 8b4ddf9b814c..2179528977bd 100644 --- a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled +++ b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled @@ -1,5 +1,5 @@ # Module: cyberarkpas -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cyberarkpas.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-cyberarkpas.html - module: cyberarkpas audit: diff --git a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled index b06026cc061f..ba261eed154c 100644 --- a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled +++ b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-envoyproxy.html - module: envoyproxy # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/fortinet.yml.disabled b/x-pack/filebeat/modules.d/fortinet.yml.disabled index 86ba39d3218d..8bda86d76f8f 100644 --- a/x-pack/filebeat/modules.d/fortinet.yml.disabled +++ b/x-pack/filebeat/modules.d/fortinet.yml.disabled @@ -1,5 +1,5 @@ # Module: fortinet -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-fortinet.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-fortinet.html - module: fortinet firewall: diff --git a/x-pack/filebeat/modules.d/gcp.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled index 601be53f69b5..5a4f95bd5fa6 100644 --- a/x-pack/filebeat/modules.d/gcp.yml.disabled +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-gcp.html - module: gcp vpcflow: diff --git a/x-pack/filebeat/modules.d/google_workspace.yml.disabled b/x-pack/filebeat/modules.d/google_workspace.yml.disabled index a079e429f846..ac007629bf72 100644 --- a/x-pack/filebeat/modules.d/google_workspace.yml.disabled +++ b/x-pack/filebeat/modules.d/google_workspace.yml.disabled @@ -1,5 +1,5 @@ # Module: google_workspace -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-google_workspace.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-google_workspace.html - module: google_workspace saml: diff --git a/x-pack/filebeat/modules.d/ibmmq.yml.disabled b/x-pack/filebeat/modules.d/ibmmq.yml.disabled index fd19cafb3c92..639155d4f688 100644 --- a/x-pack/filebeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/filebeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-ibmmq.html - module: ibmmq # All logs diff --git a/x-pack/filebeat/modules.d/iptables.yml.disabled b/x-pack/filebeat/modules.d/iptables.yml.disabled index a4c73b7a04a1..e0d1bbb885e8 100644 --- a/x-pack/filebeat/modules.d/iptables.yml.disabled +++ b/x-pack/filebeat/modules.d/iptables.yml.disabled @@ -1,5 +1,5 @@ # Module: iptables -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-iptables.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-iptables.html - module: iptables log: diff --git a/x-pack/filebeat/modules.d/juniper.yml.disabled b/x-pack/filebeat/modules.d/juniper.yml.disabled index 92f66eec68e8..a5506bfa8e82 100644 --- a/x-pack/filebeat/modules.d/juniper.yml.disabled +++ b/x-pack/filebeat/modules.d/juniper.yml.disabled @@ -1,5 +1,5 @@ # Module: juniper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-juniper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-juniper.html - module: juniper srx: diff --git a/x-pack/filebeat/modules.d/microsoft.yml.disabled b/x-pack/filebeat/modules.d/microsoft.yml.disabled index efa8e98fdbd9..a6d68ece6186 100644 --- a/x-pack/filebeat/modules.d/microsoft.yml.disabled +++ b/x-pack/filebeat/modules.d/microsoft.yml.disabled @@ -1,5 +1,5 @@ # Module: microsoft -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-microsoft.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-microsoft.html - module: microsoft # ATP configuration diff --git a/x-pack/filebeat/modules.d/misp.yml.disabled b/x-pack/filebeat/modules.d/misp.yml.disabled index 28ca66083678..2cbd6a3fec9a 100644 --- a/x-pack/filebeat/modules.d/misp.yml.disabled +++ b/x-pack/filebeat/modules.d/misp.yml.disabled @@ -1,5 +1,5 @@ # Module: misp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-misp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-misp.html # Deprecated in 7.14.0: Recommended to migrate to the Threat Intel module. diff --git a/x-pack/filebeat/modules.d/mssql.yml.disabled b/x-pack/filebeat/modules.d/mssql.yml.disabled index ee3f225a9415..a431ee507d78 100644 --- a/x-pack/filebeat/modules.d/mssql.yml.disabled +++ b/x-pack/filebeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-mssql.html - module: mssql # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled index 50e8860671f8..0ba85e54dd10 100644 --- a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled +++ b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: mysqlenterprise -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mysqlenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-mysqlenterprise.html - module: mysqlenterprise audit: diff --git a/x-pack/filebeat/modules.d/netflow.yml.disabled b/x-pack/filebeat/modules.d/netflow.yml.disabled index b2584b168906..f5dee1f6034f 100644 --- a/x-pack/filebeat/modules.d/netflow.yml.disabled +++ b/x-pack/filebeat/modules.d/netflow.yml.disabled @@ -1,5 +1,5 @@ # Module: netflow -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-netflow.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-netflow.html - module: netflow log: diff --git a/x-pack/filebeat/modules.d/o365.yml.disabled b/x-pack/filebeat/modules.d/o365.yml.disabled index 99724949b39b..1ec61323f917 100644 --- a/x-pack/filebeat/modules.d/o365.yml.disabled +++ b/x-pack/filebeat/modules.d/o365.yml.disabled @@ -1,5 +1,5 @@ # Module: o365 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-o365.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-o365.html - module: o365 audit: diff --git a/x-pack/filebeat/modules.d/okta.yml.disabled b/x-pack/filebeat/modules.d/okta.yml.disabled index 13706b240d2b..422a1404f10c 100644 --- a/x-pack/filebeat/modules.d/okta.yml.disabled +++ b/x-pack/filebeat/modules.d/okta.yml.disabled @@ -1,5 +1,5 @@ # Module: okta -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-okta.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-okta.html - module: okta system: diff --git a/x-pack/filebeat/modules.d/oracle.yml.disabled b/x-pack/filebeat/modules.d/oracle.yml.disabled index c74c5f889f83..0d4dbca50e99 100644 --- a/x-pack/filebeat/modules.d/oracle.yml.disabled +++ b/x-pack/filebeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-oracle.html - module: oracle database_audit: diff --git a/x-pack/filebeat/modules.d/panw.yml.disabled b/x-pack/filebeat/modules.d/panw.yml.disabled index 93b9a6836030..a84dc285f1a0 100644 --- a/x-pack/filebeat/modules.d/panw.yml.disabled +++ b/x-pack/filebeat/modules.d/panw.yml.disabled @@ -1,5 +1,5 @@ # Module: panw -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-panw.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-panw.html - module: panw panos: diff --git a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled index 2b2171f86d0d..42e05f25e507 100644 --- a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled +++ b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-rabbitmq.html - module: rabbitmq # All logs diff --git a/x-pack/filebeat/modules.d/salesforce.yml.disabled b/x-pack/filebeat/modules.d/salesforce.yml.disabled index bd9b7b03bbfb..84cf9c1e47e0 100644 --- a/x-pack/filebeat/modules.d/salesforce.yml.disabled +++ b/x-pack/filebeat/modules.d/salesforce.yml.disabled @@ -1,5 +1,5 @@ # Module: salesforce -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-salesforce.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-salesforce.html # Configuration file for Salesforce module in Filebeat diff --git a/x-pack/filebeat/modules.d/snyk.yml.disabled b/x-pack/filebeat/modules.d/snyk.yml.disabled index ab6b379f389d..3ad1faa02bad 100644 --- a/x-pack/filebeat/modules.d/snyk.yml.disabled +++ b/x-pack/filebeat/modules.d/snyk.yml.disabled @@ -1,5 +1,5 @@ # Module: snyk -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-snyk.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-snyk.html - module: snyk audit: diff --git a/x-pack/filebeat/modules.d/sophos.yml.disabled b/x-pack/filebeat/modules.d/sophos.yml.disabled index cc7049f5dcc0..b4c3247e0e82 100644 --- a/x-pack/filebeat/modules.d/sophos.yml.disabled +++ b/x-pack/filebeat/modules.d/sophos.yml.disabled @@ -1,5 +1,5 @@ # Module: sophos -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-sophos.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-sophos.html - module: sophos xg: diff --git a/x-pack/filebeat/modules.d/suricata.yml.disabled b/x-pack/filebeat/modules.d/suricata.yml.disabled index 14b1855a0584..627ff74ce996 100644 --- a/x-pack/filebeat/modules.d/suricata.yml.disabled +++ b/x-pack/filebeat/modules.d/suricata.yml.disabled @@ -1,5 +1,5 @@ # Module: suricata -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-suricata.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-suricata.html - module: suricata # All logs diff --git a/x-pack/filebeat/modules.d/threatintel.yml.disabled b/x-pack/filebeat/modules.d/threatintel.yml.disabled index d5a0365f40cf..39f960b1f798 100644 --- a/x-pack/filebeat/modules.d/threatintel.yml.disabled +++ b/x-pack/filebeat/modules.d/threatintel.yml.disabled @@ -1,5 +1,5 @@ # Module: threatintel -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-threatintel.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-threatintel.html - module: threatintel abuseurl: diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 4017a6e39976..947717e584e0 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -1,5 +1,5 @@ # Module: zeek -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zeek.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-zeek.html - module: zeek capture_loss: diff --git a/x-pack/filebeat/modules.d/zookeeper.yml.disabled b/x-pack/filebeat/modules.d/zookeeper.yml.disabled index a2cb2977935e..2daf7fceab66 100644 --- a/x-pack/filebeat/modules.d/zookeeper.yml.disabled +++ b/x-pack/filebeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-zookeeper.html - module: zookeeper # All logs diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled index 8fb6dffcaffb..c38dbf9e03d2 100644 --- a/x-pack/filebeat/modules.d/zoom.yml.disabled +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -1,5 +1,5 @@ # Module: zoom -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zoom.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.15/filebeat-module-zoom.html - module: zoom webhook: diff --git a/x-pack/libbeat/reader/parquet/parquet.go b/x-pack/libbeat/reader/parquet/parquet.go index cc8956155961..3fbe357b2126 100644 --- a/x-pack/libbeat/reader/parquet/parquet.go +++ b/x-pack/libbeat/reader/parquet/parquet.go @@ -14,6 +14,8 @@ import ( "github.com/apache/arrow/go/v14/parquet" "github.com/apache/arrow/go/v14/parquet/file" "github.com/apache/arrow/go/v14/parquet/pqarrow" + + "github.com/elastic/elastic-agent-libs/logp" ) // BufferedReader parses parquet inputs from io streams. @@ -21,6 +23,7 @@ type BufferedReader struct { cfg *Config fileReader *file.Reader recordReader pqarrow.RecordReader + log *logp.Logger } // NewBufferedReader creates a new reader that can decode parquet data from an io.Reader. @@ -28,51 +31,62 @@ type BufferedReader struct { // Note: As io.ReadAll is used, the entire data stream would be read into memory, so very large data streams // may cause memory bottleneck issues. func NewBufferedReader(r io.Reader, cfg *Config) (*BufferedReader, error) { - batchSize := 1 - if cfg.BatchSize > 1 { - batchSize = cfg.BatchSize + log := logp.L().Named("reader.parquet") + + if cfg.BatchSize == 0 { + cfg.BatchSize = 1 } + log.Debugw("creating parquet reader", "batch_size", cfg.BatchSize) // reads the contents of the reader object into a byte slice data, err := io.ReadAll(r) if err != nil { return nil, fmt.Errorf("failed to read data from stream reader: %w", err) } + log.Debugw("read data from stream reader", "size", len(data)) // defines a memory allocator for allocating memory for Arrow objects pool := memory.NewCheckedAllocator(&memory.GoAllocator{}) - + // constructs a parquet file reader object from the byte slice data pf, err := file.NewParquetReader(bytes.NewReader(data), file.WithReadProps(parquet.NewReaderProperties(pool))) if err != nil { return nil, fmt.Errorf("failed to create parquet reader: %w", err) } + log.Debugw("created parquet reader") // constructs a reader for converting to Arrow objects from an existing parquet file reader object reader, err := pqarrow.NewFileReader(pf, pqarrow.ArrowReadProperties{ Parallel: cfg.ProcessParallel, - BatchSize: int64(batchSize), + BatchSize: int64(cfg.BatchSize), }, pool) if err != nil { return nil, fmt.Errorf("failed to create pqarrow parquet reader: %w", err) } + log.Debugw("created pqarrow parquet reader") // constructs a record reader that is capable of reding entire sets of arrow records rr, err := reader.GetRecordReader(context.Background(), nil, nil) if err != nil { return nil, fmt.Errorf("failed to create parquet record reader: %w", err) } + log.Debugw("initialization process completed") return &BufferedReader{ cfg: cfg, recordReader: rr, fileReader: pf, + log: log, }, nil } // Next advances the pointer to point to the next record and returns true if the next record exists. // It will return false if there are no more records to read. func (sr *BufferedReader) Next() bool { - return sr.recordReader.Next() + next := sr.recordReader.Next() + if !next { + sr.log.Debugw("no more records to read", "next", next) + } + return next } // Record reads the current record from the parquet file and returns it as a JSON marshaled byte slice. @@ -81,6 +95,7 @@ func (sr *BufferedReader) Next() bool { func (sr *BufferedReader) Record() ([]byte, error) { rec := sr.recordReader.Record() if rec == nil { + sr.log.Debugw("reached the end of the record reader", "record_reader", rec) return nil, io.EOF } defer rec.Release() @@ -88,6 +103,8 @@ func (sr *BufferedReader) Record() ([]byte, error) { if err != nil { return nil, fmt.Errorf("failed to marshal JSON for parquet value: %w", err) } + sr.log.Debugw("records successfully read", "batch_size", sr.cfg.BatchSize) + return val, nil } diff --git a/x-pack/libbeat/reader/parquet/parquet_test.go b/x-pack/libbeat/reader/parquet/parquet_test.go index a4ba04426183..61f4936d1f87 100644 --- a/x-pack/libbeat/reader/parquet/parquet_test.go +++ b/x-pack/libbeat/reader/parquet/parquet_test.go @@ -19,6 +19,8 @@ import ( "github.com/apache/arrow/go/v14/arrow/memory" "github.com/apache/arrow/go/v14/parquet/pqarrow" "github.com/stretchr/testify/assert" + + "github.com/elastic/elastic-agent-libs/logp" ) // all test files are read from/stored within the "testdata" directory @@ -55,6 +57,7 @@ func TestParquetWithRandomData(t *testing.T) { }, } + logp.TestingSetup() for i, tc := range testCases { name := fmt.Sprintf("Test parquet files with rows=%d, and columns=%d", tc.rows, tc.columns) t.Run(name, func(t *testing.T) { @@ -189,6 +192,7 @@ func TestParquetWithFiles(t *testing.T) { }, } + logp.TestingSetup() for _, tc := range testCases { name := fmt.Sprintf("Test parquet files with source file=%s, and target comparison file=%s", tc.parquetFile, tc.jsonFile) t.Run(name, func(t *testing.T) { diff --git a/x-pack/metricbeat/docker-compose.yml b/x-pack/metricbeat/docker-compose.yml index 171d1f15d162..cce4bc835f46 100644 --- a/x-pack/metricbeat/docker-compose.yml +++ b/x-pack/metricbeat/docker-compose.yml @@ -24,11 +24,11 @@ services: kibana: # Copied configuration from OSS metricbeat because services with depends_on # cannot be extended with extends - image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-8.15.0}-1 + image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-8.15.1}-1 build: context: ../../metricbeat/module/kibana/_meta args: - KIBANA_VERSION: ${KIBANA_VERSION:-8.15.0} + KIBANA_VERSION: ${KIBANA_VERSION:-8.15.1} depends_on: - elasticsearch ports: diff --git a/x-pack/metricbeat/modules.d/activemq.yml.disabled b/x-pack/metricbeat/modules.d/activemq.yml.disabled index de0ecb7c79f3..bedcf607d154 100644 --- a/x-pack/metricbeat/modules.d/activemq.yml.disabled +++ b/x-pack/metricbeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-activemq.html - module: activemq metricsets: ['broker', 'queue', 'topic'] diff --git a/x-pack/metricbeat/modules.d/airflow.yml.disabled b/x-pack/metricbeat/modules.d/airflow.yml.disabled index e874fcf7db02..080df4399947 100644 --- a/x-pack/metricbeat/modules.d/airflow.yml.disabled +++ b/x-pack/metricbeat/modules.d/airflow.yml.disabled @@ -1,5 +1,5 @@ # Module: airflow -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-airflow.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-airflow.html - module: airflow host: "localhost" diff --git a/x-pack/metricbeat/modules.d/aws.yml.disabled b/x-pack/metricbeat/modules.d/aws.yml.disabled index 28b6a2bd60ab..7721026b68e3 100644 --- a/x-pack/metricbeat/modules.d/aws.yml.disabled +++ b/x-pack/metricbeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-aws.html - module: aws period: 1m diff --git a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled index 81c34f5759dd..2684cce14586 100644 --- a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-awsfargate.html - module: awsfargate period: 10s diff --git a/x-pack/metricbeat/modules.d/azure.yml.disabled b/x-pack/metricbeat/modules.d/azure.yml.disabled index e42f064618a8..c3546dc5b10d 100644 --- a/x-pack/metricbeat/modules.d/azure.yml.disabled +++ b/x-pack/metricbeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-azure.html - module: azure metricsets: diff --git a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled index e082545a78d0..47bd80eed90b 100644 --- a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled +++ b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled @@ -1,5 +1,5 @@ # Module: cloudfoundry -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-cloudfoundry.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-cloudfoundry.html - module: cloudfoundry metricsets: diff --git a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled index 198fb66f8d88..f55fc763d68b 100644 --- a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled +++ b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled @@ -1,5 +1,5 @@ # Module: cockroachdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-cockroachdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-cockroachdb.html - module: cockroachdb metricsets: ['status'] diff --git a/x-pack/metricbeat/modules.d/containerd.yml.disabled b/x-pack/metricbeat/modules.d/containerd.yml.disabled index 20b03cd9e508..31ed9692d153 100644 --- a/x-pack/metricbeat/modules.d/containerd.yml.disabled +++ b/x-pack/metricbeat/modules.d/containerd.yml.disabled @@ -1,5 +1,5 @@ # Module: containerd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-containerd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-containerd.html - module: containerd metricsets: ["cpu", "memory", "blkio"] diff --git a/x-pack/metricbeat/modules.d/coredns.yml.disabled b/x-pack/metricbeat/modules.d/coredns.yml.disabled index 60e8b71c32c5..7e1eab661dbc 100644 --- a/x-pack/metricbeat/modules.d/coredns.yml.disabled +++ b/x-pack/metricbeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-coredns.html - module: coredns metricsets: ["stats"] diff --git a/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled b/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled index 0af7916573a0..d1f822f10f50 100644 --- a/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled +++ b/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: enterprisesearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-enterprisesearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-enterprisesearch.html - module: enterprisesearch xpack.enabled: true diff --git a/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled b/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled index 122e56b627b1..bc4591893bcc 100644 --- a/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled +++ b/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled @@ -1,5 +1,5 @@ # Module: enterprisesearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-enterprisesearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-enterprisesearch.html - module: enterprisesearch metricsets: ["health", "stats"] diff --git a/x-pack/metricbeat/modules.d/gcp.yml.disabled b/x-pack/metricbeat/modules.d/gcp.yml.disabled index f79e1607a453..2fb8b449840e 100644 --- a/x-pack/metricbeat/modules.d/gcp.yml.disabled +++ b/x-pack/metricbeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-gcp.html - module: gcp metricsets: diff --git a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled index 43940532263f..ce9aaacc237a 100644 --- a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-ibmmq.html - module: ibmmq metricsets: ['qmgr'] diff --git a/x-pack/metricbeat/modules.d/iis.yml.disabled b/x-pack/metricbeat/modules.d/iis.yml.disabled index 19f348a28755..e7b42c5ecdf9 100644 --- a/x-pack/metricbeat/modules.d/iis.yml.disabled +++ b/x-pack/metricbeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-iis.html - module: iis metricsets: diff --git a/x-pack/metricbeat/modules.d/istio.yml.disabled b/x-pack/metricbeat/modules.d/istio.yml.disabled index ccb0884610a9..df0a3852be30 100644 --- a/x-pack/metricbeat/modules.d/istio.yml.disabled +++ b/x-pack/metricbeat/modules.d/istio.yml.disabled @@ -1,5 +1,5 @@ # Module: istio -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-istio.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-istio.html # Istio mesh. To collect all Mixer-generated metrics. For versions of Istio prior to 1.5. - module: istio diff --git a/x-pack/metricbeat/modules.d/mssql.yml.disabled b/x-pack/metricbeat/modules.d/mssql.yml.disabled index fbbb7bad8fc1..9b5b7d7ade55 100644 --- a/x-pack/metricbeat/modules.d/mssql.yml.disabled +++ b/x-pack/metricbeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-mssql.html - module: mssql metricsets: diff --git a/x-pack/metricbeat/modules.d/oracle.yml.disabled b/x-pack/metricbeat/modules.d/oracle.yml.disabled index 445924b61ea1..d51b0c822af5 100644 --- a/x-pack/metricbeat/modules.d/oracle.yml.disabled +++ b/x-pack/metricbeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-oracle.html # Module: oracle diff --git a/x-pack/metricbeat/modules.d/prometheus.yml.disabled b/x-pack/metricbeat/modules.d/prometheus.yml.disabled index 11cc449ba47b..ddd07e0341e7 100644 --- a/x-pack/metricbeat/modules.d/prometheus.yml.disabled +++ b/x-pack/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-prometheus.html - module: prometheus period: 10s diff --git a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled index 350843a88e93..98336f040fa8 100644 --- a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled +++ b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: redisenterprise -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-redisenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-redisenterprise.html - module: redisenterprise metricsets: diff --git a/x-pack/metricbeat/modules.d/sql.yml.disabled b/x-pack/metricbeat/modules.d/sql.yml.disabled index f45644b0b112..c906ebb01fd1 100644 --- a/x-pack/metricbeat/modules.d/sql.yml.disabled +++ b/x-pack/metricbeat/modules.d/sql.yml.disabled @@ -1,5 +1,5 @@ # Module: sql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-sql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-sql.html - module: sql metricsets: diff --git a/x-pack/metricbeat/modules.d/stan.yml.disabled b/x-pack/metricbeat/modules.d/stan.yml.disabled index b3f192298747..e0f9e335ee15 100644 --- a/x-pack/metricbeat/modules.d/stan.yml.disabled +++ b/x-pack/metricbeat/modules.d/stan.yml.disabled @@ -1,5 +1,5 @@ # Module: stan -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-stan.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-stan.html - module: stan metricsets: ["stats", "subscriptions", "channels"] diff --git a/x-pack/metricbeat/modules.d/statsd.yml.disabled b/x-pack/metricbeat/modules.d/statsd.yml.disabled index 16712fd96b3d..7897d186b7c3 100644 --- a/x-pack/metricbeat/modules.d/statsd.yml.disabled +++ b/x-pack/metricbeat/modules.d/statsd.yml.disabled @@ -1,5 +1,5 @@ # Module: statsd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-statsd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-statsd.html - module: statsd host: "localhost" diff --git a/x-pack/metricbeat/modules.d/syncgateway.yml.disabled b/x-pack/metricbeat/modules.d/syncgateway.yml.disabled index f37b367c9593..4a69fc069455 100644 --- a/x-pack/metricbeat/modules.d/syncgateway.yml.disabled +++ b/x-pack/metricbeat/modules.d/syncgateway.yml.disabled @@ -1,5 +1,5 @@ # Module: syncgateway -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-syncgateway.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-syncgateway.html - module: syncgateway metricsets: diff --git a/x-pack/metricbeat/modules.d/tomcat.yml.disabled b/x-pack/metricbeat/modules.d/tomcat.yml.disabled index 623f5a888d5c..aad2e10499f7 100644 --- a/x-pack/metricbeat/modules.d/tomcat.yml.disabled +++ b/x-pack/metricbeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-tomcat.html - module: tomcat metricsets: ['threading', 'cache', 'memory', 'requests']