Including protologbeat in list of community beats

[hartfordfive]

No description provided.

[elasticmachine]

Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run.

[elasticmachine]

Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run.

[hartfordfive]

@andrewkroh @tsg @ruflin I've added this latest beat i've created. As a sample use case, I'll be using it for diskless logging for application containers within a Kubernetes pod. I appreciate any feedback you guys might have.

[ruflin]

I think the first [ ] brackets are too much?

[hartfordfive]

Yup, missed that one. I'll fix that.

[ruflin]

Very interesting. In the meantime I did quite a bit of refactoring of the filebeat prospector structure which now makes adding new prospector types easier and thing like this possible: #4180

It could be discussed if this should also be a prospector type? Or if it fits in filebeat or not?

[hartfordfive]

Yes I'm definitely open for that discussion. If you see it as beneficial to merge some of this functionality into the beats library, I'm all for it. Considering syslog messages have a predefined format, maybe that would be a good first candidate to integrate as a new prospector? I also like the idea of adding GELF as a potential prospector considering it does have a message standard although it can have some additional field names.

Considering I've only briefly looked through the code in #4180, would you see the potential of unknown fields as a problem? Could this be something the user specifies in the YAML config? Also, keep in mind that the logs for this beat are all accepted via TCP or UDP instead of files like filebeat does. Could prospectors also be applied to non-file originating events?

[hartfordfive]

@ruflin On a total separate note (just as a heads up), I plan on also developing a custom beat to process logs from Sendgrid Webhook events. I may have some questions for you guys regarding that in the IRC chat sometime in the near future.

[hartfordfive]

@ruflin By the way, I was thinking about a few things regarding filebeat/libbeat. These ideas of mine might be totally off or unreasonable so don't hesitate to let me know if out of line!

Considering now that filebeat has an input_type of log, stdin, and now redis, would it also be reasonable to potentially implement an input_type of tcp and udp? I haven't gone through that part of the code yet to see how feasible it is, but if it is and it's not overly complex to implement, maybe it could make sense to add those? If you do think that makes sense, the would it also be reasonable to rename the filebeat project to something more suitable like "logbeat" or something similar?

Again, I know I might be way off on this, but I was just curious to know what you and the other team members feedback was on this?

[ruflin]

s/Accpets/Accepts/

I would put the successor part at the end.

[hartfordfive]

Sorry, seems like spelling skills are lacking today...

[ruflin]

• Not file based prospectors: Yes. This is the case for the redis one. It connects to redis for the slowlog.
• Unknown fields are always an issue but issues are here to be solved ;-)
• TCP/UDP: I worry a bit about opening a port TBH but we need to think more about this. Socket is here probably better (not sure)
• Sendgrid: As it does remote crawling and not localhost, for me this seems to belong in Logstash
• Input types: Definitively something we are also discussing internally, but there is no easy answer.
• Renaming: Tricky 🏃

Perhaps it makes sense to have in the future a zoom conversation to discuss these points more directly as you seem to be working on quite a few things related to beats 🎉

[hartfordfive]

Yes, we can definitely do a Zoom call sometime soon to go over those discussion points in more detail.