Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[journald] Create custom journald input package #1739

Merged
merged 3 commits into from
Oct 5, 2021
Merged

[journald] Create custom journald input package #1739

merged 3 commits into from
Oct 5, 2021

Conversation

andrewkroh
Copy link
Member

What does this PR do?

Create a generic package for ingesting journald logs.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Screenshots

Screen Shot 2021-09-16 at 2 29 14 PM

Screen Shot 2021-09-16 at 2 28 34 PM

@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Sep 16, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-10-05T17:25:03.514+0000

  • Duration: 15 min 43 sec

  • Commit: 9c9bb7e

Test stats 🧪

Test Results
Failed 0
Passed 3
Skipped 0
Total 3

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@andrewkroh
Create custom journald input package
fda35ef 
Create a generic package for ingesting journald logs.
leehinman
leehinman approved these changes Sep 29, 2021
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR# needs update.

packages/journald/data_stream/log/fields/input.yml Outdated Show resolved Hide resolved
packages/journald/data_stream/log/fields/input.yml Outdated
description: >
The name of the originating host (from journald).

- name: host.id
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ECS field, move to ecs.yml?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason I defined them here is because I wanted to overwrite the description with its journald specific meaning. Ideally I would be able to use something like this to give clear indication that the fields type is governed by ECS, but that I'm giving it a tailored description to the use case.

- name: host.hostname
  external: ecs
  description: >
    The name of the originating host (from journald).

- name: host.id
  external: ecs
  description: >
    The machine ID of the originating host (from `machine-id`).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did move them over to ecs.yml with an external: ecs.

packages/journald/changelog.yml Outdated Show resolved Hide resolved
@andrewkroh
Copy link
Member Author

This is waiting on a new Agent build containing elastic/beats#28160.

@andrewkroh
Copy link
Member Author

/test

1 similar comment
@andrewkroh
Copy link
Member Author

/test

@andrewkroh andrewkroh merged commit d0dcc58 into elastic:master Oct 5, 2021
v1v added a commit to v1v/integrations that referenced this pull request Oct 6, 2021
@v1v
Merge branch 'feature/refactor-to-support-windows-integrations' of gi…
ed4fc3f 
…thub.com:v1v/integrations into feature/refactor-to-support-windows-integrations

* 'feature/refactor-to-support-windows-integrations' of github.com:v1v/integrations: (200 commits)
  [CI] Draft for windows system tests
  [journald] Create custom journald input package (elastic#1739)
  [Microsoft_DHCP] New package replacing old RSA2ELK DHCP package (elastic#1793)
  Fix contains check for forwarded tag (elastic#1861)
  [google_workspace] Fix contains check for forwarded tag (elastic#1819)
  Fix contains check for forwarded tag (elastic#1805)
  Fix contains check for forwarded tag (elastic#1815)
  Fix contains check for forwarded tag (elastic#1816)
  Fix contains check for forwarded tag (elastic#1817)
  Fix contains check for forwarded tag (elastic#1818)
  Fix contains check for forwarded tag (elastic#1820)
  Fix contains check for forwarded tag (elastic#1821)
  Fix contains check for forwarded tag (elastic#1822)
  Fix contains check for forwarded tag (elastic#1823)
  Fix contains check for forwarded tag (elastic#1824)
  Fix contains check for forwarded tag (elastic#1825)
  Fix contains check for forwarded tag (elastic#1826)
  Fix contains check for forwarded tag (elastic#1827)
  Fix contains check for forwarded tag (elastic#1828)
  Fix contains check for forwarded tag (elastic#1829)
  ...
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@andrewkroh
[journald] Create custom journald input package (elastic#1739)
d9e91c0 
Create a generic package for ingesting journald logs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Integration:journald journald input integration New Integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andrewkroh @elasticmachine @leehinman