Add logging.with_fields to beatreceiver config
#42961
Conversation
botelastic
bot
added
the
needs_team
|
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
There was a problem hiding this comment.
I had already a PR to bump elastic-agent-libs as part of a fix to all active branches at #42804.
If you do not mind, I would like to include the update to libs in that PR, in that case you might have to wait in order to merge this.
khushijain21
added
the
Team:Elastic-Agent-Data-Plane
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
botelastic
bot
removed
the
needs_team
| @@ -346,6 +346,14 @@ func NewBeatReceiver(settings Settings, receiverConfig map[string]interface{}, u | |||
| return nil, fmt.Errorf("error unpacking beats logging config: %w\n%v", err, b.Config.Logging) | |||
| } | |||
|
|
|||
| if logpConfig.WithFields != nil { | |||
| var fields = []zapcore.Field{} | |||
| for key, value := range logpConfig.WithFields { | |||
There was a problem hiding this comment.
You should be able to write a test that ensures setting this produces logs with the expected fields. There are several system tests that run a beat and inspect the log files you could look at.
There was a problem hiding this comment.
Since this is restricted to beatreceivers - will use the existing tests in elastic-agent to ensure this setting.
Related PR on elastic-agent: elastic/elastic-agent#7062
There was a problem hiding this comment.
This is a Beats specific change in beat.go, it doesn't make sense to me to test it in agent because a PR in agent could never break this.
Agent will rely on this feature, but the elastic agent repository shouldn't be responsible for testing that it works on its own.
One way to think about this is a series of contracts that must be upheld:
- Beat logs include arbitrary custom fields with
logging.with_fieldsis set. You can specifically test that thecomponentfields can be injected here. - That agent sets the
logging.with_fieldsconfiguration of each beat receiver when its own log level changes.
Those two things tested independently should guarantee this works properly.
khushijain21
changed the title
logging.with_fields to beat configlogging.with_fields to beatreceiver config
pierrehilbert
added
Team:obs-ds-hosted-services
|
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform) |
|
Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services) |
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
|
Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform) |
|
This pull request is now in conflicts. Could you fix it? 🙏 |
|
/test |
|
/test |
| @@ -348,6 +348,14 @@ func NewBeatReceiver(settings Settings, receiverConfig map[string]interface{}, u | |||
| return nil, fmt.Errorf("error unpacking beats logging config: %w\n%v", err, b.Config.Logging) | |||
| } | |||
|
|
|||
| if logpConfig.WithFields != nil { | |||
| var fields = []zapcore.Field{} | |||
There was a problem hiding this comment.
I agree this works, but I'm wondering why logp.ConfigureWithCore isn't doing this? It is the logp config that has the option, I would just expect it to happen there, much like the selectors get set there.
There was a problem hiding this comment.
My bad, you are right. I will raise close this and open a separate PR on elastic-agent-libs. Thank you for pointing this
|
Closed this in favor of elastic/elastic-agent-libs#290 |
Proposed commit message
It adds
with_fieldsconfig to logging section of the beatreceiver - which allows for additional structured context to the logs emitted by beat processFor https://github.com/elastic/ingest-dev/issues/5139
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues