Skip to content

Commit

Permalink
[Elastic Agent] Enable configuring monitoring namespace (#26439) (#26555
Browse files Browse the repository at this point in the history
)

[Elastic Agent] Enable configuring monitoring namespace (#26439)
  • Loading branch information
michalpristas authored Jun 29, 2021
1 parent 6b970c7 commit 8e0c1a1
Show file tree
Hide file tree
Showing 16 changed files with 594 additions and 16 deletions.
1 change: 1 addition & 0 deletions x-pack/elastic-agent/CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -116,4 +116,5 @@
- Use `filestream` input for internal log collection. {pull}25660[25660]
- Enable agent to send custom headers to kibana/ES {pull}26275[26275]
- Set `agent.id` to the Fleet Agent ID in events published from inputs backed by Beats. {issue}21121[21121] {pull}26394[26394]
- Enable configuring monitoring namespace {issue}26439[26439]
- Communicate with Fleet Server over HTTP2. {pull}26474[26474]
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ func InjectMonitoring(agentInfo *info.AgentInfo, outputGroup string, rootAst *tr
transpiler.NewKey("logs", transpiler.NewBoolVal(true)),
transpiler.NewKey("metrics", transpiler.NewBoolVal(true)),
transpiler.NewKey("use_output", transpiler.NewStrVal("default")),
transpiler.NewKey("namespace", transpiler.NewStrVal("default")),
})

transpiler.Insert(rootAst, transpiler.NewKey("monitoring", monitoringNode), "settings")
Expand Down
33 changes: 17 additions & 16 deletions x-pack/elastic-agent/pkg/agent/operation/monitoring.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,11 +161,12 @@ func (o *Operator) generateMonitoringSteps(version, outputType string, output in
var steps []configrequest.Step
watchLogs := o.monitor.WatchLogs()
watchMetrics := o.monitor.WatchMetrics()
monitoringNamespace := o.monitor.MonitoringNamespace()

// generate only when monitoring is running (for config refresh) or
// state changes (turning on/off)
if watchLogs != o.isMonitoringLogs() || watchLogs {
fbConfig, any := o.getMonitoringFilebeatConfig(outputType, output)
fbConfig, any := o.getMonitoringFilebeatConfig(outputType, output, monitoringNamespace)
stepID := configrequest.StepRun
if !watchLogs || !any {
stepID = configrequest.StepRemove
Expand All @@ -182,7 +183,7 @@ func (o *Operator) generateMonitoringSteps(version, outputType string, output in
steps = append(steps, filebeatStep)
}
if watchMetrics != o.isMonitoringMetrics() || watchMetrics {
mbConfig, any := o.getMonitoringMetricbeatConfig(outputType, output)
mbConfig, any := o.getMonitoringMetricbeatConfig(outputType, output, monitoringNamespace)
stepID := configrequest.StepRun
if !watchMetrics || !any {
stepID = configrequest.StepRemove
Expand Down Expand Up @@ -215,12 +216,12 @@ func loadSpecFromSupported(processName string) program.Spec {
}
}

func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interface{}) (map[string]interface{}, bool) {
func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interface{}, monitoringNamespace string) (map[string]interface{}, bool) {
inputs := []interface{}{
map[string]interface{}{
"type": "filestream",
"parsers": []map[string]interface{}{
map[string]interface{}{
{
"ndjson": map[string]interface{}{
"overwrite_keys": true,
"message_key": "message",
Expand All @@ -233,15 +234,15 @@ func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interfa
filepath.Join(paths.Home(), "logs", "elastic-agent-watcher-json.log"),
filepath.Join(paths.Home(), "logs", "elastic-agent-watcher-json.log*"),
},
"index": "logs-elastic_agent-default",
"index": fmt.Sprintf("logs-elastic_agent-%s", monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "logs",
"dataset": "elastic_agent",
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -280,23 +281,23 @@ func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interfa
inputs = append(inputs, map[string]interface{}{
"type": "filestream",
"parsers": []map[string]interface{}{
map[string]interface{}{
{
"ndjson": map[string]interface{}{
"overwrite_keys": true,
"message_key": "message",
},
},
},
"paths": paths,
"index": fmt.Sprintf("logs-elastic_agent.%s-default", name),
"index": fmt.Sprintf("logs-elastic_agent.%s-%s", name, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "logs",
"dataset": fmt.Sprintf("elastic_agent.%s", name),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -345,7 +346,7 @@ func (o *Operator) getMonitoringFilebeatConfig(outputType string, output interfa
return result, true
}

func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output interface{}) (map[string]interface{}, bool) {
func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output interface{}, monitoringNamespace string) (map[string]interface{}, bool) {
hosts := o.getMetricbeatEndpoints()
if len(hosts) == 0 {
return nil, false
Expand All @@ -359,15 +360,15 @@ func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output inter
"metricsets": []string{"stats", "state"},
"period": "10s",
"hosts": endpoints,
"index": fmt.Sprintf("metrics-elastic_agent.%s-default", name),
"index": fmt.Sprintf("metrics-elastic_agent.%s-%s", name, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "metrics",
"dataset": fmt.Sprintf("elastic_agent.%s", name),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -397,15 +398,15 @@ func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output inter
"period": "10s",
"path": "/stats",
"hosts": endpoints,
"index": fmt.Sprintf("metrics-elastic_agent.%s-default", fixedAgentName),
"index": fmt.Sprintf("metrics-elastic_agent.%s-%s", fixedAgentName, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "metrics",
"dataset": fmt.Sprintf("elastic_agent.%s", fixedAgentName),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down Expand Up @@ -480,15 +481,15 @@ func (o *Operator) getMonitoringMetricbeatConfig(outputType string, output inter
"period": "10s",
"path": "/stats",
"hosts": []string{beats.AgentPrefixedMonitoringEndpoint(o.config.DownloadConfig.OS(), o.config.MonitoringConfig.HTTP)},
"index": fmt.Sprintf("metrics-elastic_agent.%s-default", fixedAgentName),
"index": fmt.Sprintf("metrics-elastic_agent.%s-%s", fixedAgentName, monitoringNamespace),
"processors": []map[string]interface{}{
{
"add_fields": map[string]interface{}{
"target": "data_stream",
"fields": map[string]interface{}{
"type": "metrics",
"dataset": fmt.Sprintf("elastic_agent.%s", fixedAgentName),
"namespace": "default",
"namespace": monitoringNamespace,
},
},
},
Expand Down
3 changes: 3 additions & 0 deletions x-pack/elastic-agent/pkg/agent/operation/monitoring_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,9 @@ func (b *testMonitor) Reload(cfg *config.Config) error { return nil }
// IsMonitoringEnabled returns true if monitoring is configured.
func (b *testMonitor) IsMonitoringEnabled() bool { return b.monitorLogs || b.monitorMetrics }

// MonitoringNamespace returns monitoring namespace configured.
func (b *testMonitor) MonitoringNamespace() string { return "default" }

// WatchLogs return true if monitoring is configured and monitoring logs is enabled.
func (b *testMonitor) WatchLogs() bool { return b.monitorLogs }

Expand Down
4 changes: 4 additions & 0 deletions x-pack/elastic-agent/pkg/agent/program/program_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,10 @@ func TestConfiguration(t *testing.T) {
empty bool
err bool
}{
"namespace": {
programs: []string{"filebeat", "fleet-server", "heartbeat", "metricbeat", "endpoint", "packetbeat"},
expected: 6,
},
"single_config": {
programs: []string{"filebeat", "fleet-server", "heartbeat", "metricbeat", "endpoint", "packetbeat"},
expected: 6,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
fleet:
enabled: true
access_api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw
protocol: https
hosts: [ localhost:5601 ]
timeout: 30s
agent:
id: fleet-agent-id
logging.level: error
host:
id: host-agent-id

output:
elasticsearch:
hosts:
- "127.0.0.1:9200"
- "127.0.0.1:9300"
namespace: test_namespace
username: elastic
password: changeme
api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSowb0kQ0HWoA
ca_sha256: 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=

inputs:
- id: endpoint-id
type: endpoint
name: endpoint-1
enabled: true
package:
name: endpoint
version: 0.3.0
data_stream:
namespace: default
artifact_manifest:
schema_version: v22
manifest_version: v21
artifacts:
- endpoint-allowlist-windows:
sha256: 1234
size: 2
url: /relative/path/to/endpoint-allowlist-windows
- endpoint-allowlist-macos:
sha256: 1234
size: 2
url: /relative/path/to/endpoint-allowlist-macos
- endpoint-allowlist-linux:
sha256: 1234
size: 2
url: /relative/path/to/endpoint-allowlist-linux
policy:
linux:
advanced:
free-form: free-form-value
indices:
network: logs-endpoint.events.network-default
file: logs-endpoint.events.file-default
process: logs-endpoint.events.process-default
metadata: metrics-endpoint.metadata-default
policy: metrics-endpoint.policy-default
telemetry: metrics-endpoint.telemetry-default
logging:
file: info
stdout: debug
events:
process: true
file: true
network: true
windows:
malware:
mode: prevent
advanced:
free-form: free-form-value
indices:
network: logs-endpoint.events.network-default
file: logs-endpoint.events.file-default
registry: logs-endpoint.events.registry-default
process: logs-endpoint.events.process-default
driver: logs-endpoint.events.driver-default
library: logs-endpoint.events.library-default
alerts: logs-endpoint.alerts-default
metadata: metrics-endpoint.metadata-default
policy: metrics-endpoint.policy-default
telemetry: metrics-endpoint.telemetry-default
logging:
file: info
stdout: debug
events:
registry: true
process: true
security: true
file: true
dns: false
dll_and_driver_load: false
network: true
mac:
malware:
mode: prevent
advanced:
free-form: free-form-value
indices:
network: logs-endpoint.events.network-default
file: logs-endpoint.events.file-default
process: logs-endpoint.events.process-default
alerts: logs-endpoint.alerts-default
metadata: metrics-endpoint.metadata-default
policy: metrics-endpoint.policy-default
telemetry: metrics-endpoint.telemetry-default
logging:
file: info
stdout: debug
events:
process: true
file: true
network: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
filebeat:
inputs:
- type: log
paths:
- /var/log/hello1.log
- /var/log/hello2.log
index: logs-generic-default
vars:
var: value
processors:
- add_fields:
target: "data_stream"
fields:
type: logs
dataset: generic
namespace: default
- add_fields:
target: "event"
fields:
dataset: generic
- add_fields:
target: "elastic_agent"
fields:
id: agent-id
version: 8.0.0
snapshot: false
- add_fields:
target: "agent"
fields:
id: agent-id
- type: log
paths:
- /var/log/hello3.log
- /var/log/hello4.log
index: testtype-generic-default
vars:
var: value
processors:
- add_fields:
target: "data_stream"
fields:
type: testtype
dataset: generic
namespace: default
- add_fields:
target: "event"
fields:
dataset: generic
- add_fields:
target: "elastic_agent"
fields:
id: agent-id
version: 8.0.0
snapshot: false
- add_fields:
target: "agent"
fields:
id: agent-id
output:
elasticsearch:
hosts:
- 127.0.0.1:9200
- 127.0.0.1:9300
namespace: test_namespace
username: elastic
password: changeme
api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSowb0kQ0HWoA
ca_sha256: 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
fleet:
agent:
id: fleet-agent-id
logging.level: error
host:
id: host-agent-id

output:
elasticsearch:
hosts: [ 127.0.0.1:9200, 127.0.0.1:9300 ]
username: fleet
password: fleetpassword

inputs:
- id: fleet-server-id
type: fleet-server
Loading

0 comments on commit 8e0c1a1

Please sign in to comment.