Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Elastic Agent] Send Agent logs to elasticsearch #19811

Merged
merged 12 commits into from
Jul 14, 2020
Merged

[Elastic Agent] Send Agent logs to elasticsearch #19811

merged 12 commits into from
Jul 14, 2020

Conversation

blakerouse
Copy link
Contributor

What does this PR do?

Agent will now always log to ${path.data}/logs/elastic-agent-json.log no matter the settings from elastic-agent.yml (those still apply, for the user specified choice). With monitoring always on Filebeat will always be started and will send the logs from ${path.data}/logs/elastic-agent-json.log to elasticsearch.

The spawned filebeat and metricbeat now log to filebeat-json.log and metricbeat-json.log in JSON format and forward to elasticsearch.

Indexes:

  • Elastic Agent - logs-elastic.agent-default
  • Filebeat - {logs,metrics}-elastic.agent.filebeat-default
  • Metricbeat - {logs,metrics}-elastic.agent.metricbeat-default

Why is it important?

So all logs of the Elastic Agents on hosts are in elasticsearch so monitoring/troubleshooting of the Fleet is much easier.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 9, 2020
@blakerouse blakerouse self-assigned this Jul 9, 2020
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 9, 2020
@blakerouse blakerouse marked this pull request as ready for review July 9, 2020 19:32
@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@blakerouse blakerouse force-pushed the agent-logs-to-fleet branch from d53e7d2 to ae55a79 Compare July 9, 2020 19:33
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 9, 2020
edited by jenkins-beats-ci bot
Loading

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

Pipeline View Test View Changes Artifacts

Expand to view the summary

Build stats

  • Build Cause: [Pull request #19811 updated]

  • Reason: Aborted from #5

  • Start Time: 2020-07-14T13:05:32.556+0000

  • Duration: 34 min 32 sec

  • Commit: e6a6c37

Test stats 🧪

Test Results
Failed 0
Passed 1078
Skipped 143
Total 1221

Steps errors

Expand to view the steps failures

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Duration: 2 min 23 sec

    • Start Time: 2020-07-14T13:36:05.328+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-07-14T13:36:47.228Z] + FILE=libbeat/build/coverage/full.cov
[2020-07-14T13:36:47.228Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-07-14T13:36:47.228Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-14T13:36:47.228Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-07-14T13:36:47.228Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-14T13:36:47.228Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-07-14T13:36:47.228Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-14T13:36:47.228Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-07-14T13:36:47.228Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-14T13:36:47.228Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-07-14T13:36:47.676Z] Failed in branch Metricbeat x-pack
[2020-07-14T13:38:27.461Z] curl: (7) Failed to connect to codecov.io port 443: Connection timed out
[2020-07-14T13:38:28.002Z] ERROR: script returned exit code 7
[2020-07-14T13:38:28.002Z] Retrying
[2020-07-14T13:38:29.604Z] + curl -sSLo codecov https://codecov.io/bash
[2020-07-14T13:38:29.604Z] + FILE=auditbeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f auditbeat/build/coverage/full.cov ]
[2020-07-14T13:38:29.604Z] + FILE=filebeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f filebeat/build/coverage/full.cov ]
[2020-07-14T13:38:29.604Z] + FILE=heartbeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f heartbeat/build/coverage/full.cov ]
[2020-07-14T13:38:29.604Z] + FILE=libbeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-07-14T13:38:29.604Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-07-14T13:38:29.604Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-07-14T13:38:29.604Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-07-14T13:38:29.604Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-14T13:38:29.604Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-07-14T13:38:31.523Z] Stage "Libbeat crosscompile" skipped due to earlier failure(s)
[2020-07-14T13:38:31.727Z] Stage "Libbeat stress-tests" skipped due to earlier failure(s)
[2020-07-14T13:38:32.429Z] Failed in branch Libbeat
[2020-07-14T13:38:32.730Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats
[2020-07-14T13:38:34.662Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-14T13:38:35.144Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Lint
[2020-07-14T13:38:35.840Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-07-14T13:38:36.168Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Winlogbeat-oss
[2020-07-14T13:38:36.448Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-07-14T13:38:36.835Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Filebeat-oss
[2020-07-14T13:38:37.208Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Auditbeat-oss-Linux
[2020-07-14T13:38:37.668Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Libbeat-oss
[2020-07-14T13:38:38.003Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Libbeat-x-pack
[2020-07-14T13:38:38.369Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-07-14T13:38:38.881Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Packetbeat-oss
[2020-07-14T13:38:39.149Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Journalbeat-oss
[2020-07-14T13:38:39.732Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Heartbeat-oss
[2020-07-14T13:38:40.038Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-07-14T13:38:40.267Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-14T13:38:40.582Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Metricbeat-Python-integration-tests
[2020-07-14T13:38:40.873Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-07-14T13:38:41.154Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-07-14T13:38:41.356Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-07-14T13:38:41.697Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Dockerlogbeat
[2020-07-14T13:38:42.142Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests
[2020-07-14T13:38:42.309Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-14T13:38:42.485Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-07-14T13:38:42.660Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats/Filebeat-Windows
[2020-07-14T13:38:43.272Z] + cat
[2020-07-14T13:38:43.272Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-14T13:38:43.272Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-14T13:38:49.928Z] runbld>>> runbld started
[2020-07-14T13:38:49.928Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-14T13:38:51.841Z] runbld>>> The following profiles matched the job 'Beats/beats/PR-19811' in order of occurrence in the config (last value wins).
[2020-07-14T13:38:53.408Z] runbld>>> Debug logging enabled.
[2020-07-14T13:38:53.408Z] runbld>>> Storing result
[2020-07-14T13:38:53.408Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-14T13:38:53.408Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200714133852-01A0C16B
[2020-07-14T13:38:53.408Z] runbld>>> Adding system facts.
[2020-07-14T13:38:54.393Z] runbld>>> Adding vcs info for the latest commit:  ba99bf6249b897c5945e99c697b304f0295e678a
[2020-07-14T13:38:54.393Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-14T13:38:54.393Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-14T13:38:54.393Z] Processing JUnit reports with runbld...
[2020-07-14T13:38:54.393Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-14T13:38:54.654Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-14T13:38:54.654Z] runbld>>> DURATION: 20ms
[2020-07-14T13:38:54.654Z] runbld>>> STDOUT: 40 bytes
[2020-07-14T13:38:54.654Z] runbld>>> STDERR: 49 bytes
[2020-07-14T13:38:54.654Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-14T13:38:54.654Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats
[2020-07-14T13:38:55.593Z] runbld>>> Storing build metadata: 
[2020-07-14T13:38:55.593Z] runbld>>> Adding test report.
[2020-07-14T13:38:55.593Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-19811/src/github.com/elastic/beats
[2020-07-14T13:38:56.534Z] runbld>>> Found 6 test output files
[2020-07-14T13:38:56.793Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 1221 Skipped: 134
[2020-07-14T13:38:57.053Z] runbld>>> Storing result
[2020-07-14T13:38:57.053Z] runbld>>> FAILURES: 0
[2020-07-14T13:38:57.313Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-14T13:38:57.313Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200714133852-01A0C16B
[2020-07-14T13:38:57.313Z] runbld>>> Email notification disabled by environment variable.
[2020-07-14T13:38:57.313Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-14T13:39:04.072Z] Running on worker-395930 in /var/lib/jenkins/workspace/Beats_beats_PR-19811
[2020-07-14T13:39:04.172Z] [INFO] getVaultSecret: Getting secrets
[2020-07-14T13:39:04.261Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-14T13:39:06.406Z] + chmod 755 generate-build-data.sh
[2020-07-14T13:39:06.406Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19811/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19811/runs/4 ABORTED 2012318
[2020-07-14T13:39:06.406Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19811/runs/4/steps/?limit=10000 -o steps-info.json
[2020-07-14T13:39:07.856Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19811/runs/4/tests/?status=FAILED -o tests-errors.json
[2020-07-14T13:39:09.315Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19811/runs/4/log/ -o pipeline-log.txt

michalpristas
michalpristas approved these changes Jul 13, 2020
View reviewed changes
Copy link
Contributor

@michalpristas michalpristas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM maybe another look for logger part from @urso would be handy

urso
urso reviewed Jul 13, 2020
View reviewed changes
x-pack/elastic-agent/pkg/core/logger/logger.go Outdated
}

encoder := zapcore.NewJSONEncoder(ecszap.ECSCompatibleEncoderConfig(logp.JSONEncoderConfig()))
return ecszap.WrapCore(zapcore.NewCore(encoder, rotator, logp.DebugLevel.ZapLevel())), nil
Copy link

@urso urso Jul 13, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we could have reduced some of the plumbing by exporting logp.createLogOutput only and split configure into configure log output and configure logging with output. The zapcore.Core is basically the output here. The core that is produced here coulbe be build via CreateLogOutput(agentConfig).

Allowing us to pass a separate output (zapcore.Core) to logp.Configure might allow us in the future to change how logging will be configured in other products, but still work with existing code in Beats that requires logp to function as is (e.g. for agent or collector).

Splitting can also be interesting for testing, as we could allow tests to configure a Core that logs to the active *testing.T. This might be helpful when investigating test failures.

@blakerouse
Copy link
Contributor Author

@urso I am trying to make as little change as possible, don't want to cause a big refactor on FF day. I have added a ConfigureWithOutputs see if that is good enough for now.

@blakerouse
Copy link
Contributor Author

@urso Added comment.

urso
urso reviewed Jul 14, 2020
View reviewed changes
libbeat/logp/core.go Outdated Show resolved Hide resolved
@blakerouse blakerouse merged commit 2297636 into elastic:master Jul 14, 2020
@blakerouse blakerouse deleted the agent-logs-to-fleet branch July 14, 2020 14:54
@blakerouse blakerouse mentioned this pull request Jul 14, 2020
Merged
4 tasks
blakerouse added a commit to blakerouse/beats that referenced this pull request Jul 14, 2020
@blakerouse
[Elastic Agent] Send Agent logs to elasticsearch (elastic#19811)
2487ad3 
* Work on logging twice.

* Work on agent logging to fleet.

* Commit example index strategy.

* More work on logging to ES.

* Revert change to release/version.go

* Fix indexes for metricbeat sidecars.

* Add to changelog.

* Fix fmt.

* Don't expose zapLevel, add ConfigureWithOutputs.

* Update comment.

* Update comment.

(cherry picked from commit 2297636)
blakerouse added a commit that referenced this pull request Jul 14, 2020
@blakerouse
[Elastic Agent] Send Agent logs to elasticsearch (#19811) (#19898)
f06e890 
* Work on logging twice.

* Work on agent logging to fleet.

* Commit example index strategy.

* More work on logging to ES.

* Revert change to release/version.go

* Fix indexes for metricbeat sidecars.

* Add to changelog.

* Fix fmt.

* Don't expose zapLevel, add ConfigureWithOutputs.

* Update comment.

* Update comment.

(cherry picked from commit 2297636)
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@blakerouse @melchiormoulin
[Elastic Agent] Send Agent logs to elasticsearch (elastic#19811)
b77c9b1 
* Work on logging twice.

* Work on agent logging to fleet.

* Commit example index strategy.

* More work on logging to ES.

* Revert change to release/version.go

* Fix indexes for metricbeat sidecars.

* Add to changelog.

* Fix fmt.

* Don't expose zapLevel, add ConfigureWithOutputs.

* Update comment.

* Update comment.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalpristas michalpristas michalpristas approved these changes

@urso urso urso approved these changes

Assignees

@blakerouse blakerouse

Labels
v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@blakerouse @elasticmachine @urso @michalpristas