-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cherry-pick #19719 to 7.x: Move O365audit input to v2 input API #19775
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
urso
added
[zube]: In Review
backport
Team:Services
(Deprecated) Label for the former Integrations-Services team
labels
Jul 9, 2020
botelastic
bot
added
the
needs_team
Indicates that the issue/PR needs a Team:* label
label
Jul 9, 2020
Pinging @elastic/integrations-services (Team:Services) |
botelastic
bot
removed
the
needs_team
Indicates that the issue/PR needs a Team:* label
label
Jul 9, 2020
adriansr
approved these changes
Jul 9, 2020
❕ Build Aborted
Expand to view the summary
Build stats
Test stats 🧪
Log outputExpand to view the last 100 lines of log output
|
(cherry picked from commit 03bedd7)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #19719 to 7.x branch. Original message:
What does this PR do?
Move o365audit input to use the v2 input API.
The change treats the tuple 'tenantID' and 'contentType' as the stream identifier. The cursor input package starts one go-routine per stream, ensuring that no two inputs can collect events for the same stream.
Not yet documented (not sure if we should): the cursor input manager adds a
id
setting to each input it manages. The ID settings can be configured manualy and will become part of the stream ID in the statestore. This allows users to configure 2 inputs collecting from the same streams.(Needs docs): The cursor input manager runs a go-routine in the background deleting old states no input or pending event (to be ACKed by outputs) is active for. Each entry in the store has a TTL. And entry is to be removed if there is no active input, all events for the stream have been acked, and
lastUpdateTimestamp + TTL < now
. The TTL is configured viaclean_timeout
. The defaultclean_timeout
is 30 minutes.The default clean_timeout can be configured by setting 'DefaultCleanTimeout' in the InputManager in the
Plugin
function.When the beat is restarted the cleanup will not delete entries yet. Instead the reference time for old entries is set to 'beatStartTimestamp'. After restart old entries that don't get picked up are deleted after
beatStartTimestamp + TTL < now
.Why is it important?
This enables the input to store the read positions in the statestore between restarts.
Checklist
- [ ] I have commented my code, particularly in hard-to-understand areas- [ ] I have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Author's Checklist
How to test this PR locally
@adriansr can you add details about required manual testing please?
Related issues