Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Add new index to fleet for artifacts being served out of fleet-server #92860

Merged
merged 2 commits into from
Feb 25, 2021
Merged

[Fleet] Add new index to fleet for artifacts being served out of fleet-server #92860

merged 2 commits into from
Feb 25, 2021

Conversation

paul-tavares
Copy link
Contributor

Summary

  • Add a new index - .fleet-artifacts - that will store user generated kibana artifacts for download by (initially) Endpoint integration via fleet-server.

Testing Notes:

  • you will need to run Fleet with xpack.fleet.agents.fleetServerEnabled: true
  • Once running, you can check that the index was created with the expected fields. From the Dev tools in kibana:
GET .fleet-artifacts
Click to see expected Response 
{
  ".fleet-artifacts_1" : {
    "aliases" : {
      ".fleet-artifacts" : { }
    },
    "mappings" : {
      "dynamic" : "false",
      "_meta" : {
        "migrationHash" : "e968c1b6e058b7da69f00075d8ffbd49341734cf"
      },
      "properties" : {
        "body" : {
          "type" : "binary"
        },
        "compressionAlgorithm" : {
          "type" : "keyword",
          "index" : false
        },
        "created" : {
          "type" : "date",
          "index" : false
        },
        "decodedSha256" : {
          "type" : "keyword",
          "index" : false
        },
        "decodedSize" : {
          "type" : "long",
          "index" : false
        },
        "encodedSha256" : {
          "type" : "keyword"
        },
        "encodedSize" : {
          "type" : "long",
          "index" : false
        },
        "encryptionAlgorithm" : {
          "type" : "keyword",
          "index" : false
        },
        "identifier" : {
          "type" : "keyword"
        },
        "packageName" : {
          "type" : "keyword"
        },
        "type" : {
          "type" : "keyword"
        }
      }
    },
    "settings" : {
      "index" : {
        "routing" : {
          "allocation" : {
            "include" : {
              "_tier_preference" : "data_content"
            }
          }
        },
        "number_of_shards" : "1",
        "provided_name" : ".fleet-artifacts_1",
        "creation_date" : "1614274012110",
        "number_of_replicas" : "1",
        "uuid" : "a5gQ2zH9QDKS21OIVKTq5A",
        "version" : {
          "created" : "8000099"
        }
      }
    }
  }
}

Closes #92820

Checklist

@paul-tavares paul-tavares added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.13.0 labels Feb 25, 2021
@paul-tavares paul-tavares requested a review from a team as a code owner February 25, 2021 17:29
@paul-tavares paul-tavares self-assigned this Feb 25, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

scunningham
scunningham approved these changes Feb 25, 2021
View reviewed changes
Copy link

@scunningham scunningham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks ok to me

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 367.6KB 367.6KB +19.0B

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @paul-tavares

nchaulet
nchaulet approved these changes Feb 25, 2021
View reviewed changes
Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@paul-tavares paul-tavares merged commit cb60584 into elastic:master Feb 25, 2021
@paul-tavares paul-tavares deleted the task/fleet-92820-add-artifacts-index branch February 25, 2021 21:42
@paul-tavares paul-tavares mentioned this pull request Feb 25, 2021
Merged
paul-tavares added a commit that referenced this pull request Feb 25, 2021
@paul-tavares
[Fleet] Add new index to fleet for artifacts being served out of flee…
8f072aa 
…t-server (#92860) (#92920)

* Added index definition for artifacts
gmmorris added a commit to gmmorris/kibana that referenced this pull request Feb 26, 2021
@gmmorris
Merge branch 'task-manager/docs-monitoring' of github.com:gmmorris/ki…
b56cc35 
…bana into task-manager/docs-monitoring

* 'task-manager/docs-monitoring' of github.com:gmmorris/kibana: (40 commits)
  [Security Solution][Case][Bug] Improve case logging (elastic#91924)
  [Alerts][Doc] Added README documentation for alerts plugin status and framework health checks configuration options. (elastic#92761)
  Add warning for EQL and Threshold rules if exception list contains value list items (elastic#92914)
  [Security Solution][Case] Fix subcases bugs on detections and case view (elastic#91836)
  [APM] Always allow access to Profiling via URL (elastic#92889)
  [Vega] Allow image loading without CORS policy by changing the default to crossOrigin=null (elastic#91991)
  skip flaky suite (elastic#92114)
  [APM] Fix for default fields in correlations view (elastic#91868) (elastic#92090)
  chore(NA): bump bazelisk to v1.7.5 (elastic#92905)
  [Maps] fix selecting EMS basemap does not populate input (elastic#92711)
  API docs (elastic#92827)
  [kbn/test] add import/export support to KbnClient (elastic#92526)
  Test fix management scripted field filter functional test and unskip it  (elastic#92756)
  [App Search] Create Curation view/functionality (elastic#92560)
  [Reporting/Discover] include the document's entire set of fields (elastic#92730)
  [Fleet] Add new index to fleet for artifacts being served out of fleet-server (elastic#92860)
  [Alerts][Doc] Added README documentation for API key invalidation configuration options. (elastic#92757)
  [Discover][docs] Add search for relevance (elastic#90611)
  [Alerts][Docs] Extended README.md and the user docs with the licensing information. (elastic#92564)
  [7.12][Telemetry] Security telemetry allowlist fix. (elastic#92850)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevinlog kevinlog kevinlog approved these changes

@nchaulet nchaulet nchaulet approved these changes

@scunningham scunningham scunningham approved these changes

Assignees

@paul-tavares paul-tavares

Labels
release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team:Fleet Team label for Observability Data Collection Fleet team v7.13.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Fleet] Add new system index in support of user generated kibana artifacts
6 participants
@paul-tavares @elasticmachine @kibanamachine @scunningham @nchaulet @kevinlog