[Azure] Add input metrics to the azure-eventhub input

[zmoog]

What does this PR do?

Add input metrics to keep track of the following data categories:

• messages
• events
• general information (processing time and decode errors)

Messages vs. Events

Messages are the raw data received from the event hub. Here's an example of a
message:

{
  "records": [
    {
      "time": "2019-12-17T13:43:44.4946995Z",
      "test": "this is some message"
    }
  ]
}

Events are the objects inside the records array. Here's an example of an event
from the above message:

{
  "time": "2019-12-17T13:43:44.4946995Z",
  "test": "this is some message"
}

Events contained in a message's records key are the actual logs from Azure; the input creates one document in Elasticsearch for each event.

This draft keeps track of the following conditions.

Messages

• received_messages_total: the number of messages received from the event hub.
• received_bytes_total: the number of bytes received from the event hub.
• sanitized_messages_total: the number of messages sanitized successfully (some Azure services send malformed JSON documents).
• processed_messages_total: the number of messages that were processed successfully.

Events:

• received_events_total: tracks the number of events received decoding messages.
• sent_events_total: the number of events sent successfully to the outlet.

General:

• processing_time: the time it takes to process a message.
• decode_errors_total: tracks the number of errors that occurred while decoding a message.

On generating the input ID

Since the azure-eventhub is an input v1, we hashed the configuration structure to generate the unique ID needed by the registry. This will be removed as we migrate this input from v1 to v2 input API.

Why is it important?

Input metrics are a great tool to inspect the input state for troubleshooting and support purposes.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• Related https://github.com/elastic/security-team/issues/6389

Use cases

Screenshots

Logs

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @zmoog? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-08-15T07:14:34.097+0000

• Duration: 76 min 17 sec

Test stats 🧪

Test	Results
Failed	0
Passed	3132
Skipped	176
Total	3308

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[andrewkroh]

Can you please update the asciidoc file for this input to have a table similar to the other inputs that now expose metrics.

[andrewkroh]

IIRC this only every returns false (e.g. !ok) upon shutdown to indicate that it's stopping. No other error states are conveyed this way. So I think you are correct here. We should just remove the commented line.

I think as a future improvement to the input metrics we should find a way to expose metrics from the pipeline client(s) associated to the input. This way we can associate the input with counters for drops and duplicates.

[zmoog]

I think as a future improvement to the input metrics we should find a way to expose metrics from the pipeline client(s) associated to the input. This way we can associate the input with counters for drops and duplicates.

Yep, I'll look into this in one of the next iterations. I have plans to migrate to input v2 and the new Event Hub SDK.

[zmoog]

Can you please update the asciidoc file for this input to have a table similar to the other inputs that now expose metrics.

Great, I missed this section; thanks for the heads up.

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b zmoog/azure-eventhub-input-metrics upstream/zmoog/azure-eventhub-input-metrics
git merge upstream/main
git push upstream zmoog/azure-eventhub-input-metrics

[girodav]

Great work! :)

[girodav]

NIT: I wonder if we should explain what "sanitized" refers to here. I don't think that the difference between "processed" and "sanitized" is straightforward for a user without context.