forked from elastic/beats
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Minor Journalbeat fixes and additions (elastic#8973)
### Refactoring of option `seek` Previously, the option was string, so deciding which seeker function has to be called used string comparisons. I added `SeekMode` so the mode can be an `iota` and provided its own `Unpack` function. This also takes care of validating the user configured value. ### Field renaming I renamed `custom.*` prefix to `journald.custom.*`, so users know where those custom fields are coming from. ### Dashboard It is a minimal dashboard with a few predefined searches. When modules are available to parse messages coming from journald, it is going to be possible create prettier visualizations. ### Skip last event when `seek` is set to `tail` Previously, if `seek` was set to `tail`, the last event in the journal was read. Now this last event is skipped to avoid duplication. ### Unstoppable Journalbeat (haha) If the output was unreachable Journalbeat got stuck when it retried to connect to the output. As the Beat never stops trying, it never returned from the last `client.Publish` call. Thus, `publishAll` function never stopped, because it never received any signal from the `done` channel of the input. The client of each input is closed during `Stop` of each input. ### Registry file path Previously, Journalbeat put its registry file under `/registry` when installed from deb package. From now the registry file resides under the folder specified by `-path.data`. (cherry picked from commit 7fee516)
- Loading branch information
Showing
11 changed files
with
250 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
169 changes: 169 additions & 0 deletions
169
journalbeat/_meta/kibana/6/dashboard/Journalbeat-overview.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,169 @@ | ||
{ | ||
"objects": [ | ||
{ | ||
"attributes": { | ||
"columns": [ | ||
"@timestamp", | ||
"host.name", | ||
"message" | ||
], | ||
"description": "", | ||
"hits": 0, | ||
"kibanaSavedObjectMeta": { | ||
"searchSourceJSON": { | ||
"filter": [], | ||
"highlightAll": true, | ||
"index": "journalbeat-*", | ||
"query": { | ||
"language": "lucene", | ||
"query": "process.name:systemd" | ||
}, | ||
"version": true | ||
} | ||
}, | ||
"sort": [ | ||
"@timestamp", | ||
"desc" | ||
], | ||
"title": "[Journalbeat] Systemd messages", | ||
"version": 1 | ||
}, | ||
"id": "aa003e90-e2b9-11e8-9f52-734e93de180d", | ||
"type": "search", | ||
"updated_at": "2018-11-07T18:19:28.377Z", | ||
"version": 1 | ||
}, | ||
{ | ||
"attributes": { | ||
"columns": [ | ||
"@timestamp", | ||
"host.name", | ||
"journald.kernel.subsystem", | ||
"message" | ||
], | ||
"description": "", | ||
"hits": 0, | ||
"kibanaSavedObjectMeta": { | ||
"searchSourceJSON": { | ||
"filter": [], | ||
"highlightAll": true, | ||
"index": "journalbeat-*", | ||
"query": { | ||
"language": "lucene", | ||
"query": "syslog.facility:0 AND syslog.priority:\u003c4" | ||
}, | ||
"version": true | ||
} | ||
}, | ||
"sort": [ | ||
"_score", | ||
"desc" | ||
], | ||
"title": "[Journalbeat] Kernel errors", | ||
"version": 1 | ||
}, | ||
"id": "5db75310-e2ba-11e8-9f52-734e93de180d", | ||
"type": "search", | ||
"updated_at": "2018-11-07T18:24:29.889Z", | ||
"version": 1 | ||
}, | ||
{ | ||
"attributes": { | ||
"columns": [ | ||
"@timestamp", | ||
"host.name", | ||
"process.name", | ||
"message" | ||
], | ||
"description": "", | ||
"hits": 0, | ||
"kibanaSavedObjectMeta": { | ||
"searchSourceJSON": { | ||
"filter": [], | ||
"highlightAll": true, | ||
"index": "journalbeat-*", | ||
"query": { | ||
"language": "lucene", | ||
"query": "syslog.facility:4" | ||
}, | ||
"version": true | ||
} | ||
}, | ||
"sort": [ | ||
"_score", | ||
"desc" | ||
], | ||
"title": "[Journalbeat] Login authorization", | ||
"version": 1 | ||
}, | ||
"id": "82408120-e2ba-11e8-9f52-734e93de180d", | ||
"type": "search", | ||
"updated_at": "2018-11-07T18:26:05.348Z", | ||
"version": 2 | ||
}, | ||
{ | ||
"attributes": { | ||
"columns": [ | ||
"@timestamp", | ||
"host.name", | ||
"journald.kernel.subsystem", | ||
"journald.kernel.device_node_path", | ||
"message" | ||
], | ||
"description": "", | ||
"hits": 0, | ||
"kibanaSavedObjectMeta": { | ||
"searchSourceJSON": { | ||
"filter": [], | ||
"highlightAll": true, | ||
"index": "journalbeat-*", | ||
"query": { | ||
"language": "lucene", | ||
"query": "journald.kernel.subsystem:usb OR journald.kernel.subsystem:hid" | ||
}, | ||
"version": true | ||
} | ||
}, | ||
"sort": [ | ||
"_score", | ||
"desc" | ||
], | ||
"title": "[Journalbeat] USB and HID messages", | ||
"version": 1 | ||
}, | ||
"id": "f0232670-e2ba-11e8-9f52-734e93de180d", | ||
"type": "search", | ||
"updated_at": "2018-11-07T18:28:35.543Z", | ||
"version": 1 | ||
}, | ||
{ | ||
"attributes": { | ||
"description": "", | ||
"hits": 0, | ||
"kibanaSavedObjectMeta": { | ||
"searchSourceJSON": { | ||
"filter": [], | ||
"query": { | ||
"language": "lucene", | ||
"query": "" | ||
} | ||
} | ||
}, | ||
"optionsJSON": { | ||
"darkTheme": false, | ||
"hidePanelTitles": false, | ||
"useMargins": true | ||
}, | ||
"panelsJSON": null, | ||
"timeRestore": false, | ||
"title": "[Journalbeat] Overview", | ||
"version": 1 | ||
}, | ||
"id": "f2de4440-e2b9-11e8-9f52-734e93de180d", | ||
"type": "dashboard", | ||
"updated_at": "2018-11-07T18:30:18.083Z", | ||
"version": 2 | ||
} | ||
], | ||
"version": "7.0.0-alpha1-SNAPSHOT" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.