Fix for the filebeat spec file picking up packetbeat inputs (#700)

* Reproduce filebeat picking up packetbeat inputs * Filebeat: filter inputs as first input transform. Move input filtering to be the first input transformation that occurs in the filebeat spec file. Fixes #427. * Update changelog.
elastic · Jul 14, 2022 · 4dcc16b · 4dcc16b
1 parent 0560b46
commit 4dcc16b
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 29 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -193,3 +193,4 @@
 - Add `@metadata.input_id` and `@metadata.stream_id` when applying the inject stream processor {pull}527[527]
 - Add liveness endpoint, allow fleet-gateway component to report degraded state, add update time and messages to status output. {issue}390[390] {pull}569[569]
 - Redact sensitive information on diagnostics collect command. {issue}[241] {pull}[566]
+- Fix incorrectly creating a filebeat redis input when a policy contains a packetbeat redis input. {issue}[427] {pull}[700]
diff --git a/internal/pkg/agent/program/supported.go b/internal/pkg/agent/program/supported.go
diff --git a/internal/pkg/agent/program/testdata/single_config-packetbeat.yml b/internal/pkg/agent/program/testdata/single_config-packetbeat.yml
@@ -23,6 +23,13 @@ inputs:
     data_stream:
       dataset: packet.icmp
       type: logs
+  - id: packet-network_traffic.redis-387bdc6a-0acb-4ef2-9552-c21e524a2d21
+    type: redis
+    data_stream:
+      dataset: network_traffic.redis
+      type: logs
+    ports:
+      - 6379
 output:
   elasticsearch:
     hosts:

diff --git a/internal/pkg/agent/program/testdata/single_config.yml b/internal/pkg/agent/program/testdata/single_config.yml
@@ -104,6 +104,13 @@ inputs:
       data_stream:
         dataset: packet.icmp
         type: logs
+    - id: packet-network_traffic.redis-387bdc6a-0acb-4ef2-9552-c21e524a2d21
+      type: redis
+      data_stream:
+        dataset: network_traffic.redis
+        type: logs
+      ports:
+        - 6379
 - id: endpoint-id
   type: endpoint
   name: endpoint-1

diff --git a/internal/spec/filebeat.yml b/internal/spec/filebeat.yml
@@ -19,6 +19,44 @@ rules:
     on_conflict: insert_after
     type: logs
 
+# Input filtering needs to happen before any other input transformations.
+# See https://github.com/elastic/elastic-agent/issues/427.
+- filter_values:
+    selector: inputs
+    key: type
+    values:
+    - aws-cloudwatch
+    - aws-s3
+    - azure-eventhub
+    - cloudfoundry
+    - container
+    - docker
+    - event/file
+    - event/stdin
+    - event/tcp
+    - event/udp
+    - filestream
+    - gcp-pubsub
+    - http_endpoint
+    - httpjson
+    - journald
+    - kafka
+    - log
+    - log/docker
+    - log/redis_slowlog
+    - log/syslog
+    - logfile
+    - mqtt
+    - netflow
+    - o365audit
+    - redis
+    - stdin
+    - syslog
+    - tcp
+    - udp
+    - unix
+    - winlog
+
 - map:
     path: inputs
     rules:
@@ -63,34 +101,6 @@ rules:
     - remove_key:
         key: data_stream.dataset
 
-- filter_values:
-    selector: inputs
-    key: type
-    values:
-    - aws-cloudwatch
-    - aws-s3
-    - azure-eventhub
-    - cloudfoundry
-    - container
-    - docker
-    - gcp-pubsub
-    - http_endpoint
-    - httpjson
-    - journald
-    - kafka
-    - log
-    - mqtt
-    - netflow
-    - o365audit
-    - redis
-    - stdin
-    - syslog
-    - tcp
-    - udp
-    - unix
-    - winlog
-    - filestream
-
 - filter_values:
     selector: inputs
     key: enabled