Cherry-pick #22526 to 7.x: [Elastic Agent] Enable log shipping of endpoint-security by Elastic Agent #22547
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…gent (elastic#22526) * Refactor to pass program.Spec around so custom log paths can be defined in a program spec. * Fix code. * Fix formatting. * Add changelog. * Fixes from code review. (cherry picked from commit 4c2c647)
botelastic
bot
added
the
needs_team
|
Pinging @elastic/ingest-management (Team:Ingest Management) |
botelastic
bot
removed
the
needs_team
💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
|
michalpristas
approved these changes
Nov 16, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #22526 to 7.x branch. Original message:
What does this PR do?
Starts shipping the logs of endpoint-security to elasticsearch.
This also refactors the code some to pass the
program.Specaround instead of needing to keep checking for it from the SupportedMap. This is how the code path determines the path for the endpoint-security log paths.Why is it important?
So all log information from an Elastic Agent running endpoint-security can be observed.
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration filesCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.How to test this PR locally
Build the Elastic Agent with endpoint-security manually placed in the download folder. Enable Endpoint Security in Fleet and notice that all the Endpoint Security logs show up with
event.dataset: elastic_agent.endpoint-securityRelated issues