-
Notifications
You must be signed in to change notification settings - Fork 19
Conversation
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
if config.Console != nil && config.Console.Enabled { | ||
return output.NewConsole(queue) | ||
} | ||
if config.Elasticsearch != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason we're just checking for != nil
? I'm imagining a scenario where someone sets output.elasticsearch.enabled: false
and it still starts up or something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason was that the Beats config structures didn't have an Enabled
, and if we add one the shipper doesn't have a way to default its value to true
the way Beats does. But new outputs will be coming soon so I guess we need to handle this anyway -- I added an enabled flag (which must now be explicitly specified in the config), and revised this check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably not for this PR, but it would be nice to get ES started from Docker and add to the integration test.
} | ||
|
||
count := len(data) | ||
failed := data[:0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
failed := data[:0] | |
failed := make([]*messages.Event, count) |
nit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added the other one but I think this one makes sense as-is, there's no need to preallocate anything especially a full-length buffer since this array will usually (knock on wood 😜) be empty
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added the other one but I think this one makes sense as-is, there's no need to preallocate anything especially a full-length buffer since this array will usually (knock on wood 😜) be empty
The slice is pre-allocating, that was part of why I proposed the change, the make is a little more declarative.
See https://go.dev/play/p/JXwF_bFUYgE
And of course I screwed up in the suggestion, it should be make([]*messages.Event, 0, len(data))
I forgot the 0 for the length. If we really expect failed to be empty we could do a make with len & cap set to 0.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, could you elaborate on how an allocation is happening? As I understand it, failed := data[:0]
creates a slice but doesn't allocate anything new, it just references the existing array data
-- it should cause no heap allocations unless append
is called, which creates a new underlying array if needed. I've seen this pattern used as a short way to create an auxiliary list that will often be empty, specifically because it avoids the allocation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, could you elaborate on how an allocation is happening?
🤦 your right, nevermind.
// | ||
// Due to parser simply stepping through the input buffer, almost no additional | ||
// allocations are required. | ||
type jsonReader struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we have any unit tests for jsonReader
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we do not :-/
// Config specifies all configurable parameters for the Elasticsearch output. | ||
// Currently these are identical to the parameters in the Beats Elasticsearch | ||
// output, however this is subject to change as we approach official release. | ||
type Config struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably want some unit tests for the config validation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The config validation is sparse and like in Beats we have no reliable way to evaluate whether a config is valid. For example, other than the baseline validation inherited from the network config, the the ES output validation only checks that at most one of (apikey) and (username+password) are specified. There are many other ways to produce invalid configurations, but we only check them implicitly when the fields are used by the ES client.
All that said, I can still add a test that at least invokes what we have.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One thing we could look at to get an idea of what the "core" Elasticsearch client settings under agent are is the Endpoint security ES client. It is written to support only the configuration that can be provided from an agent policy's output settings. It can be found here (private repository). It doesn't have any of the historical configuration that standalone Beats have accumulated.
This will mostly be the minimum set of parameters specified in the Fleet documentation https://www.elastic.co/guide/en/fleet/current/fleet-settings.html#output-settings. Note that users can put whatever they want in the "Advanced YAML configuration" block, but the UI doesn't validate anything and there is no guarantee that every process running under agent supports them. We likely need to clarify the backwards compatibility guarantees for Advanced YAML configuration, but I am reasonably confident that it is mostly used to specify workers
and bulk_max_size
for Beats.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still going through this, but I found at least two features I think we can drop.
+1 to Lee's suggestion to get an integration test using Docker up, but we can do that as a follow up task.
Since automated tests will come later, what are the steps to test this manually? Are there example Beat+Shipper configs you can share?
The config I've been testing with is:
|
Co-authored-by: Lee E Hinman <57081003+leehinman@users.noreply.github.com>
This pull request is now in conflicts. Could you fix it? 🙏
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll need to get issues created for all the follow work we need to do, but this is good as a starting point. Thanks!
Port of the Elasticsearch output from Beats to the shipper.
Currently it accepts a Beats-style configuration tree, creates an ES client, reads batches from the queue, and sends them to the fixed
elastic-agent-shipper
index in the target cluster.This pass does not include:
Because this code has been uprooted from a completely different setting, much of it is nonfunctional. However, the intent is eventually to fully support the same configurations as the original, so rather than delete all these fields and functions I have left most of them either commented out or idle, so that (vast and trunkless) they can remind us of the work that is still ahead and where it needs to go.