WIP Test independent agents - DO NOT MERGE

[mrodm]

Proposed commit message

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• Relates Add ability to deploy custom elastic-agents on different OS or runtimes elastic-package#787

[elasticmachine]

🚀 Benchmarks report

Package bluecoat 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
director	32258.06	11494.25	-20763.81 (-64.37%)	💔

Package carbonblack_edr 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
log	1381.22	986.19	-395.03 (-28.6%)	💔

Package cisco_ftd 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
log	213.4	173.31	-40.09 (-18.79%)	💔

Package cisco_ios 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
log	1013.17	312.89	-700.28 (-69.12%)	💔

Package cylance 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
protect	28571.43	21739.13	-6832.3 (-23.91%)	💔

Package f5 👍(0) 💚(0) 💔(2)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
bigipafm	40000	25641.03	-14358.97 (-35.9%)	💔
bigipapm	41666.67	28571.43	-13095.24 (-31.43%)	💔

Package fortinet_forticlient 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
log	22222.22	15384.62	-6837.6 (-30.77%)	💔

Package fortinet_fortiedr 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
log	1138.95	584.11	-554.84 (-48.72%)	💔

Package modsecurity 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
auditlog	539.37	454.13	-85.24 (-15.8%)	💔

Package pulse_connect_secure 👍(0) 💚(0) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
log	3508.77	2309.47	-1199.3 (-34.18%)	💔

To see the full report comment with /test benchmark fullreport

[mrodm]

Several packages are failing due to connection refused when connecting to the elastic-agent. For instance, sophos package:

{"level":"debug","ts":"2024-04-23T16:26:55.209Z","caller":"output/util.go:28","msg":"Connecting...","address":"elastic-agent:9549"}
Error: dial tcp 192.168.64.2:9549: connect: connection refused

Checked with different versions of docker (24.0.7 and 24.0.9) and it failed with the same error as above.

Testing sophos package with other Elastic stack versions, 8.7.1 and 8.8.0, tests are finished successfully.

Packages failing in the latest builds set the following Kibana versions (used to start the Elastic stack version):

Package	Kibana version
udp	^8.2.1
tomcat	7.14.1 || ^8.0.0
thycotic_ss	^8.5.0
sql_input	^8.8.0
sophos	^8.6.1
snort	^7.16.0 || ^8.0.0
oracle_weblogic	^8.12.0
kibana	^8.10.1
couchbase	^8.8.0
cef	^8.6.1
bluecoat	^7.14.1 || ^8.8.0
fortinet_fortigate	^8.3.0
cyberark_pta	^7.17.0 || ^8.8.0

[mrodm]

oracle_weblogic has a different behaviour when doing requests from the Elastic stack agent or using independent agents:

• Elastic stack agent:

  elastic-agent@docker-fleet-agent:~$ time curl -s "http://elastic-package-service-wlsadmin-1:8005/jolokia/read/com.bea:Name=ThreadPoolRuntime,ServerRuntime=*,Type=ThreadPoolRuntime/PendingUserRequestCount,HoggingThreadCount,SharedCapacityForWorkManagers,StandbyThreadCount,ExecuteThreadTotalCount,OverloadRejectedRequestsCount,QueueLength,Throughput,ExecuteThreadIdleCount,CompletedRequestCount,StuckThreadCount?ignoreErrors=true&canonicalNaming=false" > /dev/null
  
  real	0m0.014s
  user	0m0.005s
  sys	0m0.005s
  

• Independent agent:

  elastic-agent@agent-oracle_weblogic-threadpool-84946:~$ time curl -s "http://elastic-package-service-wlsadmin-1:8005/jolokia/read/com.bea:Name=ThreadPoolRuntime,ServerRuntime=*,Type=ThreadPoolRuntime/PendingUserRequestCount,HoggingThreadCount,SharedCapacityForWorkManagers,StandbyThreadCount,ExecuteThreadTotalCount,OverloadRejectedRequestsCount,QueueLength,Throughput,ExecuteThreadIdleCount,CompletedRequestCount,StuckThreadCount?ignoreErrors=true&canonicalNaming=false" > /dev/null
  
  real	0m10.021s
  user	0m0.004s
  sys	0m0.007s
  

[mrodm]

Issues solved in most of the packages were solved by this PR elastic/elastic-package#1799

sql_input package failures are also hapenning in main branch using the Elastic Agent from the stack.

Pending to check oracle_weblogic package failures:

• Checking upgrading docker daemon to 26.1.0 docker version.
  • [Buildkite] Upgrade docker daemon to 26.1.0 version #9710
  • [Buildkite] Upgrade docker daemon elastic-package#1802
  • Requires updating nginx package configuration file in testing too: [nginx] Update test nginx configuration file to listen in ipv6 too  #9720

[mrodm]

/test

[mrodm]

/test

[mrodm]

test integrations

[elasticmachine]

💔 Build Failed

• Buildkite Build
• Commit: b17d764

Failed CI Steps

• Check integrations cloudflare
• Check integrations fim
• Check integrations sentinel_one_cloud_funnel
• Check integrations sql_input
• Check integrations universal_profiling_agent

History

• 💔 Build #11256 failed 55805a1
• 💔 Build #11102 failed 814547b
• 💔 Build #11051 failed 814547b
• 💔 Build #10979 failed 05c3368

cc @mrodm

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube