diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index 2324ccaf873c..5900950e7dfc 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -92,3 +92,4 @@ - Will retry to enroll if the server return a 429. {pull}19918[19811] - Allow to specify what artifacts to embed at build times {pull}20019[20019] - Add --staging option to enroll command {pull}20026[20026] +- Add `event.dataset` to all events {pull}20076[20076] diff --git a/x-pack/elastic-agent/pkg/agent/operation/monitoring.go b/x-pack/elastic-agent/pkg/agent/operation/monitoring.go index bf03f4f34a5f..62372cc3f543 100644 --- a/x-pack/elastic-agent/pkg/agent/operation/monitoring.go +++ b/x-pack/elastic-agent/pkg/agent/operation/monitoring.go @@ -198,6 +198,14 @@ func (o *Operator) getMonitoringFilebeatConfig(output interface{}) (map[string]i }, }, }, + { + "add_fields": map[string]interface{}{ + "target": "event", + "fields": map[string]interface{}{ + "dataset": "elastic.agent", + }, + }, + }, }, }, } @@ -224,6 +232,14 @@ func (o *Operator) getMonitoringFilebeatConfig(output interface{}) (map[string]i }, }, }, + { + "add_fields": map[string]interface{}{ + "target": "event", + "fields": map[string]interface{}{ + "dataset": fmt.Sprintf("elastic.agent.%s", name), + }, + }, + }, }, }) } @@ -266,6 +282,14 @@ func (o *Operator) getMonitoringMetricbeatConfig(output interface{}) (map[string }, }, }, + { + "add_fields": map[string]interface{}{ + "target": "event", + "fields": map[string]interface{}{ + "dataset": fmt.Sprintf("elastic.agent.%s", name), + }, + }, + }, }, }) } diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml index 31e7b27eafde..15f6b71a9531 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml @@ -12,6 +12,10 @@ filebeat: type: logs name: generic namespace: default + - add_fields: + target: "event" + fields: + dataset: generic output: elasticsearch: hosts: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml index 97b9e529bc6e..c2e8c0d26ec0 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml @@ -12,6 +12,10 @@ filebeat: type: logs name: generic namespace: default + - add_fields: + target: "event" + fields: + dataset: generic output: elasticsearch: enabled: true diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml index 080303e6d199..1da1c701d81c 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml @@ -13,6 +13,10 @@ filebeat: type: logs name: generic namespace: default + - add_fields: + target: "event" + fields: + dataset: generic output: elasticsearch: hosts: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml index 25b7af4e40a3..0fb1a4356b55 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml @@ -14,6 +14,10 @@ filebeat: type: logs name: generic namespace: default + - add_fields: + target: "event" + fields: + dataset: generic - type: log paths: - /var/log/hello3.log @@ -28,6 +32,10 @@ filebeat: type: testtype name: generic namespace: default + - add_fields: + target: "event" + fields: + dataset: generic output: elasticsearch: hosts: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml index 2e5e070dfb16..67a3815e4a76 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml @@ -11,6 +11,10 @@ metricbeat: type: metrics name: docker.status namespace: default + - add_fields: + target: "event" + fields: + dataset: docker.status - module: docker metricsets: [info] index: metrics-generic-default @@ -22,6 +26,10 @@ metricbeat: type: metrics name: generic namespace: default + - add_fields: + target: "event" + fields: + dataset: generic - module: apache metricsets: [info] index: metrics-generic-testing @@ -36,6 +44,10 @@ metricbeat: type: metrics name: generic namespace: testing + - add_fields: + target: "event" + fields: + dataset: generic output: elasticsearch: diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/rules.go b/x-pack/elastic-agent/pkg/agent/transpiler/rules.go index 69dd59a459f8..fe98386a150c 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/rules.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/rules.go @@ -639,9 +639,16 @@ func (r *InjectStreamProcessorRule) Apply(ast *AST) error { &Key{name: "namespace", value: &StrVal{value: namespace}}, &Key{name: "name", value: &StrVal{value: dataset}}, }}}) - addFieldsMap := &Dict{value: []Node{&Key{"add_fields", processorMap}}} processorsList.value = mergeStrategy(r.OnConflict).InjectItem(processorsList.value, addFieldsMap) + + processorMap = &Dict{value: make([]Node, 0)} + processorMap.value = append(processorMap.value, &Key{name: "target", value: &StrVal{value: "event"}}) + processorMap.value = append(processorMap.value, &Key{name: "fields", value: &Dict{value: []Node{ + &Key{name: "dataset", value: &StrVal{value: dataset}}, + }}}) + addFieldsMap = &Dict{value: []Node{&Key{"add_fields", processorMap}}} + processorsList.value = mergeStrategy(r.OnConflict).InjectItem(processorsList.value, addFieldsMap) } }