Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Convert Filebeat icinga.* to ECS #9294

Merged
merged 6 commits into from
Dec 20, 2018
Merged

Conversation

webmat
Copy link
Contributor

@webmat webmat commented Nov 29, 2018

Caveats

  • ECS doesn't have support for "facility" yet. Not sure if we should mix Icinga and Syslog facilities in any case. So haven't touched this field
  • This module doesn't do deep parsing of the Icinga messages. There are interesting bits (e.g. PID, execution_time) that may eventually be interesting to extract out. This is out of scope for this initial mapping to ECS, however.
  • Not copying original message to log.original, as this is out of scope for this mapping. Will be addressed with an optional toggle at the Beats level.

Renames

  • icinga.debug.message => message
  • icinga.main.message => message
  • icinga.startup.message => message
  • icinga.debug.severity => log.level
  • icinga.main.severity => log.level
  • icinga.startup.severity => log.level

TODO

  • Commit missing updates to the -expected.json file
  • Alias renamed fields to their ECS counterpart
  • Document field migrations in ecs-migration.yml
  • Changelog

@ruflin ruflin mentioned this pull request Nov 29, 2018
@webmat webmat self-assigned this Nov 29, 2018
@webmat webmat added in progress Pull request is currently in progress. module Filebeat Filebeat ecs labels Nov 29, 2018
@webmat
Copy link
Contributor Author

webmat commented Nov 30, 2018

jenkins, test this bro

@ruflin
Copy link
Contributor

ruflin commented Dec 3, 2018

Caveats: Agree to "ignore" all of them for now.

@webmat webmat requested a review from a team as a code owner December 19, 2018 16:59
@webmat webmat added review and removed in progress Pull request is currently in progress. labels Dec 19, 2018
@webmat
Copy link
Contributor Author

webmat commented Dec 19, 2018

jenkins, test this

@webmat webmat changed the title WIP Convert Filebeat icinga.* to ECS Convert Filebeat icinga.* to ECS Dec 19, 2018
@webmat webmat requested a review from ruflin December 19, 2018 21:00
@webmat
Copy link
Contributor Author

webmat commented Dec 19, 2018

Ready for final review

@webmat
Copy link
Contributor Author

webmat commented Dec 20, 2018

jenkins, test this

@webmat
Copy link
Contributor Author

webmat commented Dec 20, 2018

Timeouts on ML tests. Will restart the filebeat tests, should be unrelated to my very simple changes.

Test modules list command ... ok (0.0913s)
======================================================================
ERROR: Test ML are installed in all possible ways [with setup_flag=True, modules_flag=False]
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/go/src/github.com/elastic/beats/filebeat/build/python-env/local/lib/python2.7/site-packages/parameterized/parameterized.py", line 392, in standalone_func
    return func(*(a + p.args), **p.kwargs)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 46, in test_ml_setup
    self._run_ml_test(setup_flag, modules_flag)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 136, in _run_ml_test
    max_timeout=60)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 363, in wait_log_contains
    name=name)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 340, in wait_until
    "Waited {} seconds.".format(max_timeout))
TimeoutError: Timeout waiting for 'log_contains' to be true. Waited 60 seconds.
-------------------- >> begin captured stdout << ---------------------
Using elasticsearch: http://elasticsearch:9200
Test setup_flag: True, modules_flag: False
--------------------- >> end captured stdout << ----------------------
======================================================================
ERROR: Test ML are installed in all possible ways [with setup_flag=True, modules_flag=True]
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/go/src/github.com/elastic/beats/filebeat/build/python-env/local/lib/python2.7/site-packages/parameterized/parameterized.py", line 392, in standalone_func
    return func(*(a + p.args), **p.kwargs)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 46, in test_ml_setup
    self._run_ml_test(setup_flag, modules_flag)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 136, in _run_ml_test
    max_timeout=60)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 363, in wait_log_contains
    name=name)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 340, in wait_until
    "Waited {} seconds.".format(max_timeout))
TimeoutError: Timeout waiting for 'log_contains' to be true. Waited 60 seconds.
-------------------- >> begin captured stdout << ---------------------
Using elasticsearch: http://elasticsearch:9200
License already enabled
Test setup_flag: True, modules_flag: True
--------------------- >> end captured stdout << ----------------------
======================================================================
ERROR: Test ML are installed in all possible ways [with setup_flag=False, modules_flag=False]
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/go/src/github.com/elastic/beats/filebeat/build/python-env/local/lib/python2.7/site-packages/parameterized/parameterized.py", line 392, in standalone_func
    return func(*(a + p.args), **p.kwargs)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 46, in test_ml_setup
    self._run_ml_test(setup_flag, modules_flag)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 136, in _run_ml_test
    max_timeout=60)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 363, in wait_log_contains
    name=name)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 340, in wait_until
    "Waited {} seconds.".format(max_timeout))
TimeoutError: Timeout waiting for 'log_contains' to be true. Waited 60 seconds.
-------------------- >> begin captured stdout << ---------------------
Using elasticsearch: http://elasticsearch:9200
License already enabled
Test setup_flag: False, modules_flag: False
--------------------- >> end captured stdout << ----------------------
======================================================================
ERROR: Test ML are installed in all possible ways [with setup_flag=False, modules_flag=True]
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/go/src/github.com/elastic/beats/filebeat/build/python-env/local/lib/python2.7/site-packages/parameterized/parameterized.py", line 392, in standalone_func
    return func(*(a + p.args), **p.kwargs)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 46, in test_ml_setup
    self._run_ml_test(setup_flag, modules_flag)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/test_ml.py", line 136, in _run_ml_test
    max_timeout=60)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 363, in wait_log_contains
    name=name)
  File "/go/src/github.com/elastic/beats/filebeat/tests/system/../../../libbeat/tests/system/beat/beat.py", line 340, in wait_until
    "Waited {} seconds.".format(max_timeout))
TimeoutError: Timeout waiting for 'log_contains' to be true. Waited 60 seconds.
-------------------- >> begin captured stdout << ---------------------
Using elasticsearch: http://elasticsearch:9200
License already enabled
Test setup_flag: False, modules_flag: True
--------------------- >> end captured stdout << ----------------------
----------------------------------------------------------------------
XML: /go/src/github.com/elastic/beats/filebeat/build/TEST-system.xml
[error] 15.34% test_ml.Test.test_ml_setup_0: 92.3972s
[success] 11.59% test_autodiscover.TestAutodiscover.test_docker: 69.8451s
[error] 9.97% test_ml.Test.test_ml_setup_1: 60.0760s
[error] 9.97% test_ml.Test.test_ml_setup_2: 60.0727s
[error] 9.97% test_ml.Test.test_ml_setup_3: 60.0460s
[success] 1.56% test_registrar.Test.test_restart_state: 9.4150s

@ruflin
Copy link
Contributor

ruflin commented Dec 20, 2018

It seems something changed on master in ML, ignore them for now: #9718

@webmat
Copy link
Contributor Author

webmat commented Dec 20, 2018

@ruflin I'll wait for this fix to the ML tests to be in and rebase, since my PRs are specifically Filebeat modules. I want the full test run.

However can you give the changes one last look and approve the PR?

Copy link
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. No need to wait on the ml change, it does not affect this build. But it seems like you already rebased.

"input.type": "log",
"log.offset": 0
"log.level": "information",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably also standardise these in ECS so it's always "INFO". Nothing todo here, just a general comment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes there's already been a comprehensive discussion on normalizing log levels here elastic/ecs#129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants