Add Cloud Foundry Processor #16621
Merged
Add Cloud Foundry Processor #16621
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@elasticmachine run elasticsearch-ci/docs |
2 similar comments
|
@elasticmachine run elasticsearch-ci/docs |
|
@elasticmachine run elasticsearch-ci/docs |
exekias
added
enhancement
Team:Platforms
exekias
suggested changes
Feb 27, 2020
x-pack/libbeat/processors/add_cloudfoundry_metadata/_meta/fields.yml
Outdated
Show resolved
Hide resolved
x-pack/libbeat/processors/add_cloudfoundry_metadata/add_cloudfoundry_metadata.go
Outdated
Show resolved
Hide resolved
| The `add_cloudfoundry_metadata` processor annotates each event with relevant metadata | ||
| from Cloud Foundry applications. The events are annotated with Cloud Foundry metadata, | ||
| only if the event contains a reference to a Cloud Foundry application and the configured | ||
| Cloud Foundry client is able to retrieve information for the application. |
There was a problem hiding this comment.
It would be nice to explicitly explain what field (cf.app.id) is used for correlation. So people wanting to do their own enrichment have everything they need.
There was a problem hiding this comment.
Okay will add, it will become cloudfoundry.app.id. Should a field be added to the config to adjust this field path? Don't think its a requirement, but easy to add, might be have a use case?
There was a problem hiding this comment.
We have done this in the past, ie:
. That said, I'm fine with having a more opinionated behavior here. Nowadays people can use the rename processor to adjust the doc before enriching (this wasn't possible in the past).
…ds. Fix changelog, and update asciidoc to reference the field that is read for application ID.
blakerouse
force-pushed
the
cloudfoundry-processor
branch
from
b28cb48
to
18bcca6
Compare
|
@exekias It's ready for another look! |
exekias
approved these changes
Feb 27, 2020
| The `add_cloudfoundry_metadata` processor annotates each event with relevant metadata | ||
| from Cloud Foundry applications. The events are annotated with Cloud Foundry metadata, | ||
| only if the event contains a reference to a Cloud Foundry application and the configured | ||
| Cloud Foundry client is able to retrieve information for the application. |
There was a problem hiding this comment.
We have done this in the past, ie:
. That said, I'm fine with having a more opinionated behavior here. Nowadays people can use the rename processor to adjust the doc before enriching (this wasn't possible in the past).
blakerouse
added a commit
to blakerouse/beats
that referenced
this pull request
Feb 27, 2020
* Add the cloudfoundry metadata processor. * Fix testing and documentation. * Add changelog entry. * Run mage fmt. * Fix docs. * Update asciidoc to set role=xpack and experimental. * Switch from cf to cloudfoundry for event key. Improve some event fields. Fix changelog, and update asciidoc to reference the field that is read for application ID. * Update fields.yml from cf to cloudfoundry. (cherry picked from commit 1e0c818)
4 tasks
blakerouse
added a commit
that referenced
this pull request
Feb 27, 2020
* Add Cloud Foundry Processor (#16621) * Add the cloudfoundry metadata processor. * Fix testing and documentation. * Add changelog entry. * Run mage fmt. * Fix docs. * Update asciidoc to set role=xpack and experimental. * Switch from cf to cloudfoundry for event key. Improve some event fields. Fix changelog, and update asciidoc to reference the field that is read for application ID. * Update fields.yml from cf to cloudfoundry. (cherry picked from commit 1e0c818) * Fix changelog.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds a
add_cloudfoundry_metadataprocessor that adds application metadata to an event with a Cloud Foundry application ID.Why is it important?
To provide more context on the application for the event. Processor allows this to easily be shared between both metricbeat and filebeat.
Checklist
I have made corresponding change to the default configuration filesAuthor's Checklist
How to test this PR locally
With a running cloud foundry us the following filebeat configuration:
Related issues
Use cases
Screenshots
Logs