-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Elastic Agent] Agent.id of running processes #21121
Comments
Pinging @elastic/ingest-management (Team:Ingest Management) |
@blakerouse @ruflin WDYT? |
For my part, I am ambivalent whether Agent, Beats, Endpoint all share the same ID or not. Endpoint reports |
@ph surprised they are all different, I would expect them to all be the same. |
I assume all |
Second thought: I wonder if we should even ship |
@ruflin @blakerouse So the fix would makes sure that all process send the Concerning Agent.id, Is this coming from the actual input in metricbeat/filebeat? |
Yes, I would already expect today that For |
What's important to me is that we still have the |
@blakerouse I believe that metrics/logs collected by the Elastic-Agent doesn't include that the agent id? |
I think this would be good to change the @ph @blakerouse What would it take to change this for Beats with Agent (not worrying about Endpoint here)? This was my thinking of the options:
|
Pinging @elastic/agent (Team:Agent) |
Not sure if that would really leak, it think this would take precedence? @michalpristas |
I would think the processor would overwrite the |
Then would you be OK if I went ahead with opening a PR to add in the processor to overwrite the |
@andrew Kroh ***@***.***> Yes that would be great!
…On Thu, Jun 17, 2021 at 10:08 AM Andrew Kroh ***@***.***> wrote:
Then would you be OK if I went ahead with opening a PR to add in the
processor to overwrite the agent.id value?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#21121 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAFAG5RQXDF2XUOB57MXLTTH6VPANCNFSM4RPGGCGA>
.
--
--
ph
|
This updates the inject_agent_info rule to set the `agent.id` field to the value of the Fleet Agent ID. Previously this value was only added to the `elastic_agent.id` field, and the `agent.id` field was a random UUID generated the first time a Beat process was run. And each Beat process would have its own UUID. This change affects metricbeat, filebeat, heartbeat, osquerybeat, and packetbeat (these are the Beats that have an integration with Agent today). Heartbeat's Agent spec was missing the `inject_agent_info` so I added it. Closes elastic#21121
This updates the inject_agent_info rule to set the `agent.id` field to the value of the Fleet Agent ID. Previously this value was only added to the `elastic_agent.id` field, and the `agent.id` field was a random UUID generated the first time a Beat process was run. And each Beat process would have its own UUID. This change affects metricbeat, filebeat, heartbeat, osquerybeat, and packetbeat (these are the Beats that have an integration with Agent today). Heartbeat's Agent spec was missing the `inject_agent_info` so I added it. Closes #21121
This updates the inject_agent_info rule to set the `agent.id` field to the value of the Fleet Agent ID. Previously this value was only added to the `elastic_agent.id` field, and the `agent.id` field was a random UUID generated the first time a Beat process was run. And each Beat process would have its own UUID. This change affects metricbeat, filebeat, heartbeat, osquerybeat, and packetbeat (these are the Beats that have an integration with Agent today). Heartbeat's Agent spec was missing the `inject_agent_info` so I added it. Closes #21121 (cherry picked from commit bb950bf)
This updates the inject_agent_info rule to set the `agent.id` field to the value of the Fleet Agent ID. Previously this value was only added to the `elastic_agent.id` field, and the `agent.id` field was a random UUID generated the first time a Beat process was run. And each Beat process would have its own UUID. This change affects metricbeat, filebeat, heartbeat, osquerybeat, and packetbeat (these are the Beats that have an integration with Agent today). Heartbeat's Agent spec was missing the `inject_agent_info` so I added it. Closes #21121 (cherry picked from commit bb950bf) Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
Agent with System and Endpoint integrations. All agent.id's were different for the same host.
Agent: bffe5cf9-2436-476e-b4cb-39c64235b866
Filebeat: 40154036-66e3-4b71-9505-54c5e6ca74aa
Metricbeat: b9e0d066-a255-4e31-9dfe-13b1419da034
Endpoint: 49ecf6c5-6e09-4a36-8fc5-8f8dbaa77649
I think we should have the same ID on everything so we can correlate events generated by the "Elastic Agent"
The text was updated successfully, but these errors were encountered: