Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace logfile input type with filestream type for container logs #2139

Merged
merged 4 commits into from
Nov 9, 2021
Merged

Replace logfile input type with filestream type for container logs #2139

merged 4 commits into from
Nov 9, 2021

Conversation

MichaelKatsoulis
Copy link
Contributor

@MichaelKatsoulis MichaelKatsoulis commented Nov 8, 2021
edited
Loading

What does this PR do?

This PR replaces logfile input type for collecting kubernetes container logs with Filestream type which brings many improvements.

With filestream input CRI parsing is also supported by default with the use of container parser

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Related issues

Screenshots

CRI logs parsed as plain text with logfile input
logfile input

CRI logs parsed correctly with filestream input and container parser
filestream input

@MichaelKatsoulis MichaelKatsoulis added enhancement New feature or request Team:Integrations Label for the Integrations team labels Nov 8, 2021
@elasticmachine
Copy link

Pinging @elastic/integrations (Team:Integrations)

@elasticmachine
Copy link

elasticmachine commented Nov 8, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-11-09T12:43:05.867+0000

  • Duration: 30 min 12 sec

  • Commit: 90086c2

Test stats 🧪

Test Results
Failed 0
Passed 114
Skipped 0
Total 114

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@mtojek mtojek requested a review from kvch November 8, 2021 15:55
mtojek
mtojek reviewed Nov 8, 2021
View reviewed changes
packages/kubernetes/changelog.yml Outdated
changes:
- description: Use filestream input for container_logs data stream
type: enhancement
link: https://github.com/elastic/integrations/pull/2041
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: wrong PR?

packages/kubernetes/data_stream/container_logs/manifest.yml
@@ -1,7 +1,7 @@
title: "Kubernetes container logs"
type: logs
streams:
- input: logfile
- input: filestream
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

out of curiosity: will filestreams be available in 7.16 or just in 8.0?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filestream is available since v7.10 in Filebeat, and since 7.13 in Agent.

kvch
kvch approved these changes Nov 9, 2021
View reviewed changes
packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs Outdated
symlinks: {{symlinks}}
prospector.scanner.symlinks: {{ symlinks }}
parsers:
- container:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: stream is set to all by default. You can rewrite the config to be shorter like this:

parsers:
- container: ~

@MichaelKatsoulis MichaelKatsoulis merged commit 2b68de7 into elastic:master Nov 9, 2021
@adammike
Copy link

adammike commented Nov 9, 2021

Are these automatically released to install from Kibana when they're merged? or is there a separate release process to wait for?

@MichaelKatsoulis MichaelKatsoulis mentioned this pull request Dec 21, 2021
Closed
@kaiyan-sheng kaiyan-sheng mentioned this pull request Jan 11, 2022
Open
67 tasks
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@MichaelKatsoulis
Replace logfile input type with filestream type for container logs (e…
d04f5a5 
…lastic#2139)

* Replace logfile input type with filestream type for container logs
@faec faec mentioned this pull request Apr 4, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtojek mtojek mtojek left review comments

@ChrsMark ChrsMark ChrsMark approved these changes

@kvch kvch kvch approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Team:Integrations Label for the Integrations team
Projects
None yet
Milestone
No milestone
6 participants
@MichaelKatsoulis @elasticmachine @adammike @kvch @ChrsMark @mtojek