elastic · kvch · Mar 8, 2019 · urso · Apr 15, 2019 · urso
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -240,6 +240,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add `community_id` processor for computing network flow hashes. {pull}10745[10745]
 - Add output test to kafka output {pull}10834[10834]
 - Add ip fields to default_field in Elasticsearch template. {pull}11035[11035]
+- Loading external fields.yml files. {pull}11199[11199]
 
 
 *Auditbeat*

diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml
@@ -979,6 +979,10 @@ output.elasticsearch:
 #- name: field_name
 #  type: field_type
 
+# List of external fields.yml files to load.
+#setup.template.external_fields:
+#- /path/to/external/fields.yml
+
 # Enable JSON template loading. If this is enabled, the fields.yml is ignored.
 #setup.template.json.enabled: false
 

diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml
@@ -1690,6 +1690,10 @@ output.elasticsearch:
 #- name: field_name
 #  type: field_type
 
+# List of external fields.yml files to load.
+#setup.template.external_fields:
+#- /path/to/external/fields.yml
+
 # Enable JSON template loading. If this is enabled, the fields.yml is ignored.
 #setup.template.json.enabled: false
 

@@ -1123,6 +1123,10 @@ output.elasticsearch:
 #- name: field_name
 #  type: field_type
 
+# List of external fields.yml files to load.
+#setup.template.external_fields:
+#- /path/to/external/fields.yml
+
 # Enable JSON template loading. If this is enabled, the fields.yml is ignored.
 #setup.template.json.enabled: false
 

diff --git a/journalbeat/journalbeat.reference.yml b/journalbeat/journalbeat.reference.yml
@@ -919,6 +919,10 @@ output.elasticsearch:
 #- name: field_name
 #  type: field_type
 
+# List of external fields.yml files to load.
+#setup.template.external_fields:
+#- /path/to/external/fields.yml
+
 # Enable JSON template loading. If this is enabled, the fields.yml is ignored.
 #setup.template.json.enabled: false
 

@@ -867,6 +867,10 @@ output.elasticsearch:
 #- name: field_name
 #  type: field_type
 
+# List of external fields.yml files to load.
+#setup.template.external_fields:
+#- /path/to/external/fields.yml
+
 # Enable JSON template loading. If this is enabled, the fields.yml is ignored.
 #setup.template.json.enabled: false
 

@@ -64,8 +64,6 @@ type Beat struct {
 
 	BeatConfig *common.Config // The beat's own configuration section
 
-	Fields []byte // Data from fields.yml
-
 	ConfigManager management.ConfigManager // config manager
 }
 

@@ -63,7 +63,11 @@ func GenIndexPatternConfigCmd(settings instance.Settings) *cobra.Command {
 			if err != nil {
 				fatalf("Error creating version: %+v", err)
 			}
-			indexPattern, err := kibana.NewGenerator(b.Info.IndexPrefix, b.Info.Beat, b.Fields, settings.Version, *v, withMigration)
+			fields, err := b.Mapping.GetBytes()
+			if err != nil {
+				fatalf("Error reading fields of Beat: %+v", err)
+			}
+			indexPattern, err := kibana.NewGenerator(b.Info.IndexPrefix, b.Info.Beat, fields, settings.Version, *v, withMigration)
 			if err != nil {
 				log.Fatal(err)
 			}

@@ -93,7 +93,11 @@ func GenTemplateConfigCmd(settings instance.Settings) *cobra.Command {
 				fieldsPath := paths.Resolve(paths.Config, tmplCfg.Fields)
 				templateString, err = tmpl.LoadFile(fieldsPath)
 			} else {
-				templateString, err = tmpl.LoadBytes(b.Fields)
+				fields, err := b.Mapping.GetBytes()
+				if err != nil {
+					fatalf("Error getting fields of Beat: %+v", err)
+				}
+				templateString, err = tmpl.LoadBytes(fields)
 			}
 			if err != nil {
 				fatalf("Error generating template: %+v", err)

@@ -33,13 +33,13 @@ import (
 	"time"
 
 	"github.com/elastic/beats/libbeat/kibana"
+	"github.com/elastic/beats/libbeat/mapping"
 
 	"github.com/gofrs/uuid"
 	errw "github.com/pkg/errors"
 	"go.uber.org/zap"
 
 	"github.com/elastic/beats/libbeat/api"
-	"github.com/elastic/beats/libbeat/asset"
 	"github.com/elastic/beats/libbeat/beat"
 	"github.com/elastic/beats/libbeat/cfgfile"
 	"github.com/elastic/beats/libbeat/cloudid"
@@ -77,6 +77,8 @@ type Beat struct {
 	Config    beatConfig
 	RawConfig *common.Config // Raw config that can be unpacked to get Beat specific config data.
 
+	Mapping mapping.Supporter // Get all fields of the Beat
+
 	keystore keystore.Keystore
 	index    idxmgmt.Supporter
 
@@ -193,11 +195,6 @@ func NewBeat(name, indexPrefix, v string) (*Beat, error) {
 		return nil, err
 	}
 
-	fields, err := asset.GetFields(name)
-	if err != nil {
-		return nil, err
-	}
-
 	id, err := uuid.NewV4()
 	if err != nil {
 		return nil, err
@@ -213,7 +210,6 @@ func NewBeat(name, indexPrefix, v string) (*Beat, error) {
 			ID:          id,
 			EphemeralID: ephemeralID,
 		},
-		Fields: fields,
 	}
 
 	return &Beat{Beat: b}, nil
@@ -457,8 +453,11 @@ func (b *Beat) Setup(settings Settings, bt beat.Creator, setup SetupSettings) er
 				}
 
 				// prepare index by loading templates, lifecycle policies and write aliases
-
-				m := b.index.Manager(esClient, idxmgmt.BeatsAssets(b.Fields))
+				fields, err := b.Mapping.GetBytes()
+				if err != nil {
+					return err
+				}
+				m := b.index.Manager(esClient, idxmgmt.BeatsAssets(fields))
 				err = m.Setup(setup.Template, setup.ILMPolicy)
 				if err != nil {
 					return err
@@ -606,7 +605,11 @@ func (b *Beat) configure(settings Settings) error {
 		processingFactory = processing.MakeDefaultBeatSupport(true)
 	}
 	b.processing, err = processingFactory(b.Info, logp.L().Named("processors"), b.RawConfig)
+	if err != nil {
+		return err
+	}
 
+	b.Mapping, err = mapping.DefaultSupport(nil, b.Beat.Info.Beat, b.RawConfig)
 	return err
 }
 
@@ -718,7 +721,11 @@ func (b *Beat) loadDashboards(ctx context.Context, force bool) error {
 		// but it's assumed that KB and ES have the same minor version.
 		v := client.GetVersion()
 
-		indexPattern, err := kibana.NewGenerator(b.Info.IndexPrefix, b.Info.Beat, b.Fields, b.Info.Version, v, withMigration)
+		fieldBytes, err := b.Mapping.GetBytes()
+		if err != nil {
+			return err
+		}
+		indexPattern, err := kibana.NewGenerator(b.Info.IndexPrefix, b.Info.Beat, fieldBytes, b.Info.Version, v, withMigration)
 		if err != nil {
 			return fmt.Errorf("error creating index pattern generator: %v", err)
 		}
@@ -757,7 +764,12 @@ func (b *Beat) registerESIndexManagement() error {
 // Build and return a callback to load index template into ES
 func (b *Beat) indexSetupCallback() func(esClient *elasticsearch.Client) error {
 	return func(esClient *elasticsearch.Client) error {
-		m := b.index.Manager(esClient, idxmgmt.BeatsAssets(b.Fields))
+		fieldBytes, err := b.Mapping.GetBytes()
+		if err != nil {
+			return err
+		}
+
+		m := b.index.Manager(esClient, idxmgmt.BeatsAssets(fieldBytes))
 		return m.Setup(true, true)
 	}
 }

@@ -0,0 +1,146 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package mapping
+
+import (
+	"io/ioutil"
+
+	"github.com/elastic/beats/libbeat/asset"
+	"github.com/elastic/beats/libbeat/common"
+	"github.com/elastic/beats/libbeat/logp"
+)
+
+// Supporter returns the configured fields bytes
+type Supporter interface {
+	GetBytes() ([]byte, error)
+}
+
+// fieldsSupport returns the default fields of a Beat
+type fieldsSupport struct {
+	log  *logp.Logger
+	beat string
+}
+
+// customFieldsSupport returns the custom configured fields of a Beat
+type customFieldsSupport struct {
+	log  *logp.Logger
+	beat string
+	path string
+}
+
+// appendFieldsSupport return the default fields of a Beat
+// and the additional fields from append_fields
+type appendFieldsSupport struct {
+	original       Supporter
+	appendedFields []byte
+}
+
+// externalFieldsSupport return the default fields of a Beat
+// and the additional fields from external_fields
+type externalFieldsSupport struct {
+	original Supporter
+	paths    []string
+}
+
+func DefaultSupport(log *logp.Logger, beat string, cfg *common.Config) (Supporter, error) {
+	if log == nil {
+		log = logp.NewLogger("mapping")
+	} else {
+		log = log.Named("mapping")
+	}
+
+	config := struct {
+		Template struct {
+			Fields         string   `config:"fields"`
+			AppendFields   []byte   `config:"append_fields"`
+			ExternalFields []string `config:"external_fields"`
+		} `config:"setup.template"`
+	}{}
+	err := cfg.Unpack(&config)
+	if err != nil {
+		return nil, err
+	}
+
+	// load default fields.ymls of Beat
+	var s Supporter
+	s = &fieldsSupport{
+		log:  log,
+		beat: beat,
+	}
+
+	// custom fields.yml file is configured
+	if config.Template.Fields != "" {
+		s = &customFieldsSupport{
+			log:  log,
+			beat: beat,
+			path: config.Template.Fields,
+		}
+	}
+
+	// append_fields
+	if len(config.Template.AppendFields) > 0 {
+		s = &appendFieldsSupport{
+			original:       s,
+			appendedFields: config.Template.AppendFields,
+		}
+	}
+
+	// external_fields
+	if len(config.Template.ExternalFields) > 0 {
+		s = &externalFieldsSupport{
+			original: s,
+			paths:    config.Template.ExternalFields,
+		}
+	}
+
+	return s, nil
+}
+
+func (f *fieldsSupport) GetBytes() ([]byte, error) {
+	return asset.GetFields(f.beat)
+}
+
+func (c *customFieldsSupport) GetBytes() ([]byte, error) {
+	c.log.Debugf("Reading bytes custom fields.yml from %s", c.path)
+	return ioutil.ReadFile(c.path)
+}
+
+func (a *appendFieldsSupport) GetBytes() ([]byte, error) {
+	fields, err := a.original.GetBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	return append(fields, a.appendedFields...), nil
+}
+
+func (e *externalFieldsSupport) GetBytes() ([]byte, error) {
+	fields, err := e.original.GetBytes()
+	if err != nil {
+		return nil, err
+	}
+	for _, path := range e.paths {
+		f, err := ioutil.ReadFile(path)
+		if err != nil {
+			return nil, err
+		}
+		fields = append(fields, f...)
+	}
+
+	return fields, nil
+}
@@ -29,9 +29,10 @@ type TemplateConfig struct {
 		Path    string `config:"path"`
 		Name    string `config:"name"`
 	} `config:"json"`
-	AppendFields mapping.Fields   `config:"append_fields"`
-	Overwrite    bool             `config:"overwrite"`
-	Settings     TemplateSettings `config:"settings"`
+	AppendFields   mapping.Fields   `config:"append_fields"`
+	ExternalFields []string         `config:"external_fields"`
+	Overwrite      bool             `config:"overwrite"`
+	Settings       TemplateSettings `config:"settings"`
 }
 
 type TemplateSettings struct {

@@ -102,18 +102,8 @@ func (l *Loader) Load() error {
 			if err != nil {
 				return fmt.Errorf("could not unmarshal json template: %s", err)
 			}
-			// Load fields from path
-		} else if l.config.Fields != "" {
-			logp.Debug("template", "Load fields.yml from file: %s", l.config.Fields)
-
-			fieldsPath := paths.Resolve(paths.Config, l.config.Fields)
-
-			template, err = tmpl.LoadFile(fieldsPath)
-			if err != nil {
-				return fmt.Errorf("error creating template from file %s: %v", fieldsPath, err)
-			}
 		} else {
-			logp.Debug("template", "Load default fields.yml")
+			logp.Debug("template", "Load fields from configured fields.yml and additions")
 			template, err = tmpl.LoadBytes(l.fields)
 			if err != nil {
 				return fmt.Errorf("error creating template: %v", err)

@@ -24,7 +24,6 @@ import (
 
 	"github.com/elastic/beats/libbeat/beat"
 	"github.com/elastic/beats/libbeat/common"
-	"github.com/elastic/beats/libbeat/common/cfgwarn"
 	"github.com/elastic/beats/libbeat/common/fmtstr"
 	"github.com/elastic/beats/libbeat/mapping"
 	"github.com/elastic/go-ucfg/yaml"
@@ -139,15 +138,6 @@ func (t *Template) load(fields mapping.Fields) (common.MapStr, error) {
 	dynamicTemplates = nil
 	defaultFields = nil
 
-	var err error
-	if len(t.config.AppendFields) > 0 {
-		cfgwarn.Experimental("append_fields is used.")
-		fields, err = mapping.ConcatFields(fields, t.config.AppendFields)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	// Start processing at the root
 	properties := common.MapStr{}
 	processor := Processor{EsVersion: t.esVersion, Migration: t.migration}