Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Filestream input in elastic agent. #24820

Merged
merged 2 commits into from
Apr 1, 2021
Merged

Add support for Filestream input in elastic agent. #24820

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
10e8b78
Add support for Filestream input in elastic agent.
ph Mar 29, 2021
5877a51
Changelog
ph Mar 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions x-pack/elastic-agent/CHANGELOG.next.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
- Improve log on failure of Endpoint Security installation. {pull}24429[24429]
- Verify communication to Kibana before updating Fleet client. {pull}24489[24489]
- Fix nil pointer when null is generated as list item. {issue}23734[23734]
- Add support for filestream input. {pull}24820[24820]

==== New features

Expand Down
2 changes: 1 addition & 1 deletion x-pack/elastic-agent/pkg/agent/program/supported.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions x-pack/elastic-agent/spec/filebeat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ rules:
- udp
- unix
- winlog
- filestream
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to expose it as filestream, or event/filestream via the mapper?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I don't have a preference, event/filestream seems like a good idea? @mostlyjason @ruflin ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No strong preference on my end. Main downside of the prefix is that it is more cumbersome to type and harder to remember?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No preference for me

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like us to maintain some kind of consistency for input names that are available via Agent. Unfortunately Filebeat input naming is not really consistent with the other Beats and even within Filebeat. As the input is not GA input I'm okay to keep it named filestream.

We already have event/log and the logfile inputs, each translating to logs. We will eventually replace logs with filestream. The filestream input is not 100% bc, that is we will also have to think about migration.

Copy link
Contributor Author

@ph ph Mar 31, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with the proposal @urso, can you give a final review on this PR?


- filter_values:
selector: inputs
Expand Down