Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts #41188

Merged
merged 7 commits into from
Oct 15, 2024
Merged

[Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts #41188

merged 7 commits into from
Oct 15, 2024

Conversation

Kavindu-Dodan
Copy link
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Oct 9, 2024
edited by kaiyan-sheng
Loading

Proposed commit message

PR adds support to Cloudwatch logs from source linked accounts. This is implemented by using existing configuration log_group_arn and mapping it to LogGroupIdentifier of FilterLogEvents API [1]

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Note for reviewers

You could review commit by commit for better understanding of the changes

How to test this PR locally

This require a linked cloudwatch account. If already has one, then,

  • Push logs to a newly created log group OR use an already existing log group in a source account
    • Note - you may use data-gen Go program to generate and push logs to your log group (using output CLOUDWATCH_LOG) [2]
  • Configure filebeat cloudwatch input with log group ARN to log_group_arn
  • Run filebeat and observe filebeat logs in Kibana discover

Related issues

Addresses: #36642
And makes #36645 PR obsolete
closes #37681

Next step

Utilize includeLinkedAccounts when dealing with prefixes. To be done in a dedicated PR.

[1] - https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
[1] - https://github.com/Kavindu-Dodan/data-gen

@Kavindu-Dodan Kavindu-Dodan requested review from a team as code owners October 9, 2024 19:03
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 9, 2024
@Kavindu-Dodan Kavindu-Dodan added the Team:obs-ds-hosted-services Label for the Observability Hosted Services team label Oct 9, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 9, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

@mergify Mergify
Copy link
Contributor

mergify bot commented Oct 9, 2024

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Oct 9, 2024
@elastic elastic deleted a comment from mergify bot Oct 9, 2024
@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Oct 10, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@pierrehilbert pierrehilbert requested a review from faec October 10, 2024 07:18
belimawr
belimawr reviewed Oct 10, 2024
View reviewed changes
Copy link
Contributor

@belimawr belimawr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are just a couple of small things to fix:

CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
@Kavindu-Dodan
use LogGroupIdentifier fiter instead of LogGroupName and related para…
dfd2e81 
…meter, field renaming

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
configuration parsing to support arn & linked accounts
15d3e9d 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
document the ARN usage
34325bb 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
add changelog entry
3d22e98 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
code review changes
e280d23 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/filebeat-support-linked-accounts branch from 90fb3d5 to e280d23 Compare October 10, 2024 14:29
@Kavindu-Dodan
Copy link
Contributor Author

@kaiyan-sheng @belimawr thanks for the reviews, I added proposed changes with my latest commit :) appreciate another look

@Kavindu-Dodan
code review change - fix typo
e8f2ef9 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Oct 10, 2024
Closed
@Kavindu-Dodan
Copy link
Contributor Author

@belimawr appreciate another review from you :)

@Kavindu-Dodan Kavindu-Dodan mentioned this pull request Oct 11, 2024
Merged
6 tasks
@mergify Mergify
Copy link
Contributor

mergify bot commented Oct 14, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/filebeat-support-linked-accounts upstream/feat/filebeat-support-linked-accounts
git merge upstream/main
git push upstream feat/filebeat-support-linked-accounts

@Kavindu-Dodan Kavindu-Dodan merged commit 42f2d41 into elastic:main Oct 15, 2024
22 checks passed
mergify bot pushed a commit that referenced this pull request Oct 15, 2024
@Kavindu-Dodan @mergify
[Filebeat] [AWS] Add support to source AWS cloudwatch logs from linke…
ae4ae95 
…d accounts (#41188)

* use LogGroupIdentifier fiter instead of LogGroupName and related parameter, field renaming

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* configuration parsing to support arn & linked accounts

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* document the ARN usage

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review changes

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review change - fix typo

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

---------

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
(cherry picked from commit 42f2d41)
@mergify mergify bot mentioned this pull request Oct 15, 2024
Merged
6 tasks
Kavindu-Dodan added a commit that referenced this pull request Oct 15, 2024
@mergify @Kavindu-Dodan
[8.x](backport #41188) [Filebeat] [AWS] Add support to source AWS clo…
048a8ea 
…udwatch logs from linked accounts (#41240)

* [Filebeat] [AWS] Add support to source AWS cloudwatch logs from linked accounts (#41188)

* use LogGroupIdentifier fiter instead of LogGroupName and related parameter, field renaming

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* configuration parsing to support arn & linked accounts

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* document the ARN usage

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review changes

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

* code review change - fix typo

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

---------

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
(cherry picked from commit 42f2d41)

* fix backport commit

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>

---------

Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
Co-authored-by: Kavindu Dodanduwa <Kavindu-Dodan@users.noreply.github.com>
Co-authored-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@mergify mergify bot mentioned this pull request Oct 15, 2024
Merged
6 tasks
This was referenced Oct 15, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanhettich stefanhettich stefanhettich left review comments

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

@belimawr belimawr belimawr approved these changes

@leehinman leehinman Awaiting requested review from leehinman leehinman is a code owner automatically assigned from elastic/elastic-agent-data-plane

@faec faec Awaiting requested review from faec

Assignees

@Kavindu-Dodan Kavindu-Dodan

Labels
backport-8.x Automated backport to the 8.x branch with mergify enhancement Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[AWS] Requests include loggroups from linked accounts
6 participants
@Kavindu-Dodan @elasticmachine @belimawr @stefanhettich @kaiyan-sheng @pierrehilbert