IBM MQ Filebeat module #8782
IBM MQ Filebeat module #8782
Conversation
|
Still need to have a closer look. Two things so far:
|
| type: group | ||
| fields: | ||
| - name: process | ||
| description: Please add description |
There was a problem hiding this comment.
@felix-lessoer Help on describing these fields from your side would be super helpful as you know more about these then I do.
x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json
Outdated
Show resolved
Hide resolved
x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01_QM2.log-expected.json
Outdated
Show resolved
Hide resolved
|
@ruflin Thanks for pinging me on this! Don't wait for me for a review of the PR. But I'll definitely be coming back to this module, to see patterns for doing structured logging |
x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
@exekias @felix-lessoer I pushed quite a few changes to the module around the fields and some docs cleanup. I left some comments where I still need more details on the fields to have a proper description and for the arithinsert* and commentinsert* we need to decide on how to handle it.
| @@ -162,8 +162,8 @@ def run_on_file(self, module, fileset, test_file, cfgfile): | |||
| assert obj["event"]["module"] == module, "expected event.module={} but got {}".format( | |||
| module, obj["event"]["module"]) | |||
|
|
|||
| assert "error" not in obj, "not error expected but got: {}".format( | |||
| obj) | |||
| #assert "error" not in obj, "not error expected but got: {}".format( | |||
There was a problem hiding this comment.
This is currently commented out to allow for error.id. But not sure we should store it into this value, it depends a bit on what we want to use it for long term in the context of ECS. @webmat
| [float] | ||
| === Compatibility | ||
|
|
||
| TODO: document with what versions of the software is this tested |
There was a problem hiding this comment.
@felix-lessoer Can you provide these details here?
There was a problem hiding this comment.
I tested in v 9.1.0.0 .. But the logs are the same in older versions
There was a problem hiding this comment.
I think we can just write that, it's good to explain what versions have we tested against, even if it's expected to work with others
| @@ -0,0 +1,814 @@ | |||
| { | |||
There was a problem hiding this comment.
This dashboard will probably need an update as soon as we finished the field renaming.
| type: group | ||
| fields: | ||
| - name: installation | ||
| description: Please add description |
There was a problem hiding this comment.
@felix-lessoer I need some details here on the description.
There was a problem hiding this comment.
This is the installation name which can be given at installation time. Default: Installation 1
From IBM documentation
Each installation of IBM® MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation.
There was a problem hiding this comment.
updated. I wonder if we should in some cases even provide links to the docs.
| "remove": { | ||
| "field": [ | ||
| "log_timestamp", | ||
| "message" |
There was a problem hiding this comment.
Note for myself: Should we really fully remove message or keep at least something inside?
|
@felix-lessoer I have a more high level question: We call this fileset |
|
Thats fine. Lets call it log for now |
|
I updated the pipeline to handle error when fields are missing. I also added the @timestamp and message field to be able to use the default configuration of the Logs UI . |
|
Checked the dashboard and it's now loading properly, we need to add filters to make sure that showed metrics and saved search only apply to data coming out of this module ( |
|
I've updated expected files, let's wait for CI 🤞 |
|
Tests are failing, it seems |
x-pack/filebeat/module/ibmmq/errorlog/test/AMQERR01.log-expected.json
Outdated
Show resolved
Hide resolved
|
failing tests are unrelated |
|
🎉 Thanks @felix-lessoer and @exekias for pushing this through! |
This module is able to read errorlogs from IBM MQ.
@ruflin supporting this.