Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Heartbeat event format #4091

Merged
merged 1 commit into from
Apr 28, 2017
Merged

Heartbeat event format #4091

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ https://github.com/elastic/beats/compare/v5.1.1...master[Check the HEAD diff]
- Add Icinga module. {pull}3904[3904]

*Heartbeat*
- Event format and field naming changes in Heartbeat and sample Dashboard. {pull}4091[4091]

*Metricbeat*
- Linux cgroup metrics are now enabled by default for the system process
Expand Down
335 changes: 243 additions & 92 deletions heartbeat/_meta/fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,132 +1,283 @@
- key: common
title: "Common monitoring fields"
title: "Common Heartbeat Monitor"
description:
fields:
- name: type
type: keyword
required: true
description: >
The monitor type.

- name: monitor
type: keyword
type: group
description: >
Monitor job name.
Common monitor fields.

- name: scheme
type: keyword
description: >
Address url scheme. For example `tcp`, `ssl`, `http`, and `https`.
fields:
- name: type
type: keyword
description: >
The monitor type.

- name: host
type: keyword
description: >
Hostname of service being monitored. Can be missing, if service is
monitored by IP.
- name: name
type: keyword
description: >
The monitors configured name

- name: port
type: integer
description: >
Service port number.
- name: id
type: keyword
description: >
The monitors full job ID as used by heartbeat.

- name: url
type: text
description: >
Service url used by monitor.
- name: duration
type: group
description: total monitoring test duration
fields:
- name: us
type: long
description: Duration in microseconds

- name: ip
type: ip
description: >
IP of service being monitored. If service is monitored by hostname,
the `ip` field contains the resolved ip address for the current host.
- name: scheme
type: keyword
description: >
Address url scheme. For example `tcp`, `tls`, `http`, and `https`.

- name: duration
type: group
description: total monitoring test duration
fields:
- name: us
type: long
description: Duration in microseconds
- name: host
type: keyword
description: >
Hostname of service being monitored. Can be missing, if service is
monitored by IP.

- name: resolve_rtt
type: group
description: Duration required to resolve an IP from hostname.
fields:
- name: us
type: long
description: Duration in microseconds
- name: ip
type: ip
description: >
IP of service being monitored. If service is monitored by hostname,
the `ip` field contains the resolved ip address for the current host.

- name: icmp_rtt
type: group
description: ICMP Echo Request and Reply round trip time
fields:
- name: us
type: long
description: Duration in microseconds
- name: status
required: true
type: keyword
description: >
Indicator if monitor could validate the service to be available.

- name: tcp_connect_rtt
- key: resolve
title: "Host Lookup"
description:
fields:
- name: resolve
type: group
description: >
Duration required to establish a TCP connection based on already
available IP address.
Host lookup fields.
fields:
- name: us
type: long
description: Duration in microseconds
- name: host
type: keyword
description: >
Hostname of service being monitored.

- name: ip
type: ip
description: >
IP address found for the given host.

- name: socks5_connect_rtt
- name: rtt
type: group
description: Duration required to resolve an IP from hostname.
fields:
- name: us
type: long
description: Duration in microseconds

- key: icmp
title: "ICMP"
description:
fields:
- name: icmp
type: group
description: >
Time required to establish a connection via SOCKS5 to endpoint based on available
connection to SOCKS5 proxy.
IP ping fields.
fields:
- name: us
type: long
description: Duration in microseconds
- name: requests
type: integer
description: >
Number if ICMP EchoRequests send.

- name: tls_handshake_rtt
- name: rtt
type: group
description: ICMP Echo Request and Reply round trip time
fields:
- name: us
type: long
description: Duration in microseconds

- key: tcp
title: "TCP Layer"
description:
fields:
- name: tcp
type: group
description: >
Time required to finish TLS handshake based on already available network
connection.
TCP network layer related fields.
fields:
- name: us
type: long
description: Duration in microseconds
- name: port
type: integer
description: >
Service port number.

- name: rtt
type: group
description: >
TCP layer round trip times.
fields:
- name: connect
type: group
description: >
Duration required to establish a TCP connection based on already
available IP address.
fields:
- name: us
type: long
description: Duration in microseconds

- name: validate
type: group
description: >
Duration of validation step based on existing TCP connection.
fields:
- name: us
type: long
description: Duration in microseconds

- name: http_rtt
- key: socks5
title: "SOCKS5 Proxy"
description:
fields:
- name: socks5
type: group
description: >
Time required between sending the HTTP request and first by from HTTP
response being read. Duration based on already available network connection.
SOCKS5 proxy related fields:
fields:
- name: us
type: long
description: Duration in microseconds
- name: rtt
type: group
description: >
TLS layer round trip times.
fields:
- name: connect
type: group
description: >
Time required to establish a connection via SOCKS5 to endpoint
based on available connection to SOCKS5 proxy.
fields:
- name: us
type: long
description: Duration in microseconds


- name: validate_rtt
- key: tls
title: "TLS Encryption Layer"
description:
fields:
- name: tls
type: group
description: >
Time required for validating the connection if connection checks are configured.
TLS layer related fields.
fields:
- name: us
type: long
description: Duration in microseconds
- name: rtt
type: group
description: >
TLS layer round trip times.
fields:
- name: handshake
type: group
description: >
Time required to finish TLS handshake based on already available network
connection.
fields:
- name: us
type: long
description: Duration in microseconds

- name: response
- key: http
title: "HTTP Monitor"
description:
fields:
- name: http
type: group
description: >
Service response parameters.

HTTP related fields.
fields:
- name: status
type: integer
- name: url
type: text
description: >
Response status code.
Service url used by monitor.

- name: up
required: true
type: boolean
description: >
Boolean indicator if monitor could validate the service to be available.
- name: response
type: group
description: >
Service response parameters.
fields:
- name: status
type: integer
description: >
Response status code.
- name: rtt
type: group
description: >
HTTP layer round trip times.
fields:
- name: validate
type: group
description: |
Duration between first byte of HTTP request being written and
response being processed by validator. Duration based on already
available network connection.

Note: if validator is not reading body or only a prefix, this
number does not fully represent the total time needed
to read the body.
fields:
- name: us
type: long
description: Duration in microseconds

- name: validate_body
type: group
description: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normally we use a >. I assume | also works?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, oversight from my side. in YAML one can use >, >- or |.

>: folded-style. Replace newlines with space. Multiple blank lines are replaced with newline (or space in some implementations)
|: literal block. Keeps newlines and blank lines.

I wanted to enforce the newline (or better blank line?) before "Note:" in the hopes of the asciidoc putting the note in a separate new line. That's why I used |.

If I remember correctly >- replaces a blank line (\n\n) by one newline (\n).

Duration of validator required to read and validate the response
body.

Note: if validator is not reading body or only a prefix, this
number does not fully represent the total time needed
to read the body.
fields:
- name: us
type: long
description: Duration in microseconds

- name: write_request
type: group
description:
Duration of sending the complete HTTP request. Duration based on
already available network connection.
fields:
- name: us
type: long
description: Duration in microseconds

- name: response_header
type: group
description:
Time required between sending the start of sending the HTTP
request and first by from HTTP response being read. Duration
based on already available network connection.
fields:
- name: us
type: long
description: Duration in microseconds

- name: total
type: group
description: |
Duration required to process the HTTP transaction. Starts with
the initial TCP connection attempt. Ends with after validator
did check the response.

Note: if validator is not reading body or only a prefix, this
number does not fully represent the total time needed.
fields:
- name: us
type: long
description: Duration in microseconds
Loading