Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts #41188

Merged

Conversation

Kavindu-Dodan
Copy link
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Oct 9, 2024

Proposed commit message

PR adds support to Cloudwatch logs from source linked accounts. This is implemented by using existing configuration log_group_arn and mapping it to LogGroupIdentifier of FilterLogEvents API [1]

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Note for reviewers

You could review commit by commit for better understanding of the changes

How to test this PR locally

This require a linked cloudwatch account. If already has one, then,

  • Push logs to a newly created log group OR use an already existing log group in a source account
    • Note - you may use data-gen Go program to generate and push logs to your log group (using output CLOUDWATCH_LOG) [2]
  • Configure filebeat cloudwatch input with log group ARN to log_group_arn
  • Run filebeat and observe filebeat logs in Kibana discover

Related issues

Addresses: #36642
And makes #36645 PR obsolete
closes #37681

Next step

Utilize includeLinkedAccounts when dealing with prefixes. To be done in a dedicated PR.

[1] - https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
[1] - https://github.com/Kavindu-Dodan/data-gen

@Kavindu-Dodan Kavindu-Dodan requested review from a team as code owners October 9, 2024 19:03
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 9, 2024
@Kavindu-Dodan Kavindu-Dodan added the Team:obs-ds-hosted-services Label for the Observability Hosted Services team label Oct 9, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 9, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

Copy link
Contributor

mergify bot commented Oct 9, 2024

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Oct 9, 2024
@elastic elastic deleted a comment from mergify bot Oct 9, 2024
@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Oct 10, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@pierrehilbert pierrehilbert requested a review from faec October 10, 2024 07:18
Copy link
Contributor

@belimawr belimawr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are just a couple of small things to fix:

CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
…meter, field renaming

Signed-off-by: Kavindu Dodanduwa <[email protected]>
Signed-off-by: Kavindu Dodanduwa <[email protected]>
Signed-off-by: Kavindu Dodanduwa <[email protected]>
Signed-off-by: Kavindu Dodanduwa <[email protected]>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/filebeat-support-linked-accounts branch from 90fb3d5 to e280d23 Compare October 10, 2024 14:29
@Kavindu-Dodan
Copy link
Contributor Author

@kaiyan-sheng @belimawr thanks for the reviews, I added proposed changes with my latest commit :) appreciate another look

Signed-off-by: Kavindu Dodanduwa <[email protected]>
@Kavindu-Dodan
Copy link
Contributor Author

@belimawr appreciate another review from you :)

Copy link
Contributor

mergify bot commented Oct 14, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/filebeat-support-linked-accounts upstream/feat/filebeat-support-linked-accounts
git merge upstream/main
git push upstream feat/filebeat-support-linked-accounts

@Kavindu-Dodan Kavindu-Dodan merged commit 42f2d41 into elastic:main Oct 15, 2024
22 checks passed
mergify bot pushed a commit that referenced this pull request Oct 15, 2024
…d accounts (#41188)

* use LogGroupIdentifier fiter instead of LogGroupName and related parameter, field renaming

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* configuration parsing to support arn & linked accounts

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* document the ARN usage

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* code review changes

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* code review change - fix typo

Signed-off-by: Kavindu Dodanduwa <[email protected]>

---------

Signed-off-by: Kavindu Dodanduwa <[email protected]>
Co-authored-by: kaiyan-sheng <[email protected]>
(cherry picked from commit 42f2d41)
Kavindu-Dodan added a commit that referenced this pull request Oct 15, 2024
…udwatch logs from linked accounts (#41240)

* [Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts (#41188)

* use LogGroupIdentifier fiter instead of LogGroupName and related parameter, field renaming

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* configuration parsing to support arn & linked accounts

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* document the ARN usage

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* code review changes

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* code review change - fix typo

Signed-off-by: Kavindu Dodanduwa <[email protected]>

---------

Signed-off-by: Kavindu Dodanduwa <[email protected]>
Co-authored-by: kaiyan-sheng <[email protected]>
(cherry picked from commit 42f2d41)

* fix backport commit

Signed-off-by: Kavindu Dodanduwa <[email protected]>

---------

Signed-off-by: Kavindu Dodanduwa <[email protected]>
Co-authored-by: Kavindu Dodanduwa <[email protected]>
Co-authored-by: Kavindu Dodanduwa <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-8.x Automated backport to the 8.x branch with mergify enhancement Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[AWS] Requests include loggroups from linked accounts
6 participants