Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Elastic Agent] Enable configuring monitoring namespace #26439

Merged
merged 8 commits into from
Jun 29, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions x-pack/elastic-agent/CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -115,4 +115,5 @@
- Use `filestream` input for internal log collection. {pull}25660[25660]
- Enable agent to send custom headers to kibana/ES {pull}26275[26275]
- Set `agent.id` to the Fleet Agent ID in events published from inputs backed by Beats. {issue}21121[21121] {pull}26394[26394]
- Enable configuring monitoring namespace {issue}26439[26439]
- Communicate with Fleet Server over HTTP2. {pull}26474[26474]
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ func InjectMonitoring(agentInfo *info.AgentInfo, outputGroup string, rootAst *tr
transpiler.NewKey("logs", transpiler.NewBoolVal(true)),
transpiler.NewKey("metrics", transpiler.NewBoolVal(true)),
transpiler.NewKey("use_output", transpiler.NewStrVal("default")),
transpiler.NewKey("namespace", transpiler.NewStrVal("default")),
})

transpiler.Insert(rootAst, transpiler.NewKey("monitoring", monitoringNode), "settings")
Expand Down
33 changes: 17 additions & 16 deletions x-pack/elastic-agent/pkg/agent/operation/monitoring.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,11 +161,12 @@ func (o *Operator) generateMonitoringSteps(version, outputType string, output in
var steps []configrequest.Step
watchLogs := o.monitor.WatchLogs()
watchMetrics := o.monitor.WatchMetrics()
monitoringNamespace := o.monitor.MonitoringNamespace()

// generate only when monitoring is running (for config refresh) or
// state changes (turning on/off)
if watchLogs != o.isMonitoringLogs() || watchLogs {
fbConfig, any := o.getMonitoringFilebeatConfig(outputType, output)
fbConfig, any := o.getMonitoringFilebeatConfig(outputType, output, monitoringNamespace)
stepID := configrequest.StepRun
if !watchLogs || !any {
stepID = configrequest.StepRemove
Expand All @@ -182,7 +183,7 @@ func (o *Operator) generateMonitoringSteps(version, outputType string, output in
steps = append(steps, filebeatStep)
}
if watchMetrics != o.isMonitoringMetrics() || watchMetrics {
mbConfig, any := o.getMonitoringMetricbeatConfig(outputType, output)
mbConfig, any := o.getMonitoringMetricbeatConfig(outputType, output, monitoringNamespace)
stepID := configrequest.StepRun
if !watchMetrics || !any {
stepID = configrequest.StepRemove
Expand Down Expand Up @@ -215,12 +216,12 @@ func loadSpecFromSupported(processName string) program.Spec {
}
}

func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interface{}) (map[string]interface{}, bool) {
func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interface{}, monitoringNamespace string) (map[string]interface{}, bool) {
inputs := []interface{}{
map[string]interface{}{
"type": "filestream",
"parsers": []map[string]interface{}{
map[string]interface{}{
{
"ndjson": map[string]interface{}{
"overwrite_keys": true,
"message_key": "message",
Expand All @@ -233,15 +234,15 @@ func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interfa
filepath.Join(paths.Home(), "logs", "elastic-agent-watcher-json.log"),
filepath.Join(paths.Home(), "logs", "elastic-agent-watcher-json.log*"),
},
"index": "logs-elastic_agent-default",
"index": fmt.Sprintf("logs-elastic_agent-%s", monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "logs",
"dataset": "elastic_agent",
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -280,23 +281,23 @@ func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interfa
inputs = append(inputs, map[string]interface{}{
"type": "filestream",
"parsers": []map[string]interface{}{
map[string]interface{}{
{
"ndjson": map[string]interface{}{
"overwrite_keys": true,
"message_key": "message",
},
},
},
"paths": paths,
"index": fmt.Sprintf("logs-elastic_agent.%s-default", name),
"index": fmt.Sprintf("logs-elastic_agent.%s-%s", name, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "logs",
"dataset": fmt.Sprintf("elastic_agent.%s", name),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -345,7 +346,7 @@ func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interfa
return result, true
}

func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output interface{}) (map[string]interface{}, bool) {
func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output interface{}, monitoringNamespace string) (map[string]interface{}, bool) {
hosts := o.getMetricbeatEndpoints()
if len(hosts) == 0 {
return nil, false
Expand All @@ -359,15 +360,15 @@ func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output inter
"metricsets": []string{"stats", "state"},
"period": "10s",
"hosts": endpoints,
"index": fmt.Sprintf("metrics-elastic_agent.%s-default", name),
"index": fmt.Sprintf("metrics-elastic_agent.%s-%s", name, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "metrics",
"dataset": fmt.Sprintf("elastic_agent.%s", name),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -397,15 +398,15 @@ func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output inter
"period": "10s",
"path": "/stats",
"hosts": endpoints,
"index": fmt.Sprintf("metrics-elastic_agent.%s-default", fixedAgentName),
"index": fmt.Sprintf("metrics-elastic_agent.%s-%s", fixedAgentName, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "metrics",
"dataset": fmt.Sprintf("elastic_agent.%s", fixedAgentName),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -480,15 +481,15 @@ func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output inter
"period": "10s",
"path": "/stats",
"hosts": []string{beats.AgentPrefixedMonitoringEndpoint(o.config.DownloadConfig.OS(), o.config.MonitoringConfig.HTTP)},
"index": fmt.Sprintf("metrics-elastic_agent.%s-default", fixedAgentName),
"index": fmt.Sprintf("metrics-elastic_agent.%s-%s", fixedAgentName, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "metrics",
"dataset": fmt.Sprintf("elastic_agent.%s", fixedAgentName),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down
3 changes: 3 additions & 0 deletions x-pack/elastic-agent/pkg/agent/operation/monitoring_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,9 @@ func (b *testMonitor) Reload(cfg *config.Config) error { return nil }
// IsMonitoringEnabled returns true if monitoring is configured.
func (b *testMonitor) IsMonitoringEnabled() bool { return b.monitorLogs || b.monitorMetrics }

// MonitoringNamespace returns monitoring namespace configured.
func (b *testMonitor) MonitoringNamespace() string { return "default" }

// WatchLogs return true if monitoring is configured and monitoring logs is enabled.
func (b *testMonitor) WatchLogs() bool { return b.monitorLogs }

Expand Down
4 changes: 4 additions & 0 deletions x-pack/elastic-agent/pkg/agent/program/program_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,10 @@ func TestConfiguration(t *testing.T) {
empty bool
err bool
}{
"namespace": {
programs: []string{"filebeat", "fleet-server", "heartbeat", "metricbeat", "endpoint", "packetbeat"},
expected: 6,
},
"single_config": {
programs: []string{"filebeat", "fleet-server", "heartbeat", "metricbeat", "endpoint", "packetbeat"},
expected: 6,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
fleet:
enabled: true
access_api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw
protocol: https
hosts: [ localhost:5601 ]
timeout: 30s
agent:
id: fleet-agent-id
logging.level: error
host:
id: host-agent-id

output:
elasticsearch:
hosts:
- "127.0.0.1:9200"
- "127.0.0.1:9300"
namespace: test_namespace
username: elastic
password: changeme
api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSowb0kQ0HWoA
ca_sha256: 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=

inputs:
- id: endpoint-id
type: endpoint
name: endpoint-1
enabled: true
package:
name: endpoint
version: 0.3.0
data_stream:
namespace: default
artifact_manifest:
schema_version: v22
manifest_version: v21
artifacts:
- endpoint-allowlist-windows:
sha256: 1234
size: 2
url: /relative/path/to/endpoint-allowlist-windows
- endpoint-allowlist-macos:
sha256: 1234
size: 2
url: /relative/path/to/endpoint-allowlist-macos
- endpoint-allowlist-linux:
sha256: 1234
size: 2
url: /relative/path/to/endpoint-allowlist-linux
policy:
linux:
advanced:
free-form: free-form-value
indices:
network: logs-endpoint.events.network-default
file: logs-endpoint.events.file-default
process: logs-endpoint.events.process-default
metadata: metrics-endpoint.metadata-default
policy: metrics-endpoint.policy-default
telemetry: metrics-endpoint.telemetry-default
logging:
file: info
stdout: debug
events:
process: true
file: true
network: true
windows:
malware:
mode: prevent
advanced:
free-form: free-form-value
indices:
network: logs-endpoint.events.network-default
file: logs-endpoint.events.file-default
registry: logs-endpoint.events.registry-default
process: logs-endpoint.events.process-default
driver: logs-endpoint.events.driver-default
library: logs-endpoint.events.library-default
alerts: logs-endpoint.alerts-default
metadata: metrics-endpoint.metadata-default
policy: metrics-endpoint.policy-default
telemetry: metrics-endpoint.telemetry-default
logging:
file: info
stdout: debug
events:
registry: true
process: true
security: true
file: true
dns: false
dll_and_driver_load: false
network: true
mac:
malware:
mode: prevent
advanced:
free-form: free-form-value
indices:
network: logs-endpoint.events.network-default
file: logs-endpoint.events.file-default
process: logs-endpoint.events.process-default
alerts: logs-endpoint.alerts-default
metadata: metrics-endpoint.metadata-default
policy: metrics-endpoint.policy-default
telemetry: metrics-endpoint.telemetry-default
logging:
file: info
stdout: debug
events:
process: true
file: true
network: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
filebeat:
inputs:
- type: log
paths:
- /var/log/hello1.log
- /var/log/hello2.log
index: logs-generic-default
vars:
var: value
processors:
- add_fields:
target: "data_stream"
fields:
type: logs
dataset: generic
namespace: default
- add_fields:
target: "event"
fields:
dataset: generic
- add_fields:
target: "elastic_agent"
fields:
id: agent-id
version: 8.0.0
snapshot: false
- add_fields:
target: "agent"
fields:
id: agent-id
- type: log
paths:
- /var/log/hello3.log
- /var/log/hello4.log
index: testtype-generic-default
vars:
var: value
processors:
- add_fields:
target: "data_stream"
fields:
type: testtype
dataset: generic
namespace: default
- add_fields:
target: "event"
fields:
dataset: generic
- add_fields:
target: "elastic_agent"
fields:
id: agent-id
version: 8.0.0
snapshot: false
- add_fields:
target: "agent"
fields:
id: agent-id
output:
elasticsearch:
hosts:
- 127.0.0.1:9200
- 127.0.0.1:9300
namespace: test_namespace
username: elastic
password: changeme
api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSowb0kQ0HWoA
ca_sha256: 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
fleet:
agent:
id: fleet-agent-id
logging.level: error
host:
id: host-agent-id

output:
elasticsearch:
hosts: [ 127.0.0.1:9200, 127.0.0.1:9300 ]
username: fleet
password: fleetpassword

inputs:
- id: fleet-server-id
type: fleet-server
Loading