-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix system module with both filesets enabled #41381
base: main
Are you sure you want to change the base?
Fix system module with both filesets enabled #41381
Conversation
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
0765233
to
0501772
Compare
0501772
to
59b7cb6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see the linter change nor the comment for the journald stdout, did you forgot to push?
This pull request is now in conflicts. Could you fix it? 🙏
|
984d3c6
to
59974d2
Compare
The system module did not define an ID at the root of the config, that made the V2 input loader only start the first journald input it saw because they both ended up with the same identifier (type, ID and path). This is fixed by defining an ID at the root of the configuration templates. The journald input now also adds the `input_id` key to its loggers and a non-fatal error is now logged at debug level. The system-logs input is now marked as experimental instead of stable.
Fix lint warnings by moving toJournalConfig to input_linux.go
Fix TestSystemLogsCanUseLogInput and move it to a file without the linux build constraint so it can run on all OSes supported by the system integration.
59974d2
to
d25f496
Compare
Proposed commit message
The system module did not define an ID at the root of the config, that made the V2 input loader only start the first journald input it saw because they both ended up with the same identifier (type, ID and path). This is fixed by defining an ID at the root of the configuration templates.
The journald input now also adds the
input_id
key to its loggers and a non-fatal error is now logged at debug level.The system-logs input is now marked as experimental instead of stable.
Fix lint warnings by moving
toJournalConfig
toinput_linux.go
Move TestSystemLogsCanUseLogInput to a file without the
linux build constraint so it can run on all OSes supported by the
system integration.
Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files[ ] I have added an entry inCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.## Disruptive User Impact## Author's ChecklistHow to test this PR locally
Run Filebeat with the following
filebeat.yml
andmodules.d/system.yml
(adjust credentials/addresses as necessary)filebeat.yml
modules.d/system.yml
Go to Discover in Kibana, filter by
tags: from-journald
Look at
fileset.name
from the events, make sureauth
andsyslog
are thereRelated issues
## Use cases## Screenshots## Logs