[Fleet] Enable log introspections#14390
Conversation
|
#14558 was merged in master and I've rebased the fleet branch with the commit. |
michalpristas
force-pushed
the
feat-fleet-logintro
branch
from
15121d2 to
5ee8c78
Compare
|
Issues on CI doesn't seems related to the changes in this PR. |
|
no it's not related this is timing issue, this test fails on |
ph
left a comment
ph
left a comment
There was a problem hiding this comment.
The strategy looks good, could we add a few more tests concerning the injection and the addition to the operator?
| return result | ||
| } | ||
|
|
||
| func (o *Operator) handleStopSidecar(s configrequest.Step) error { |
There was a problem hiding this comment.
NIT: you can also use a named return so you don't have to initialize the variable.
| func (o *Operator) handleStopSidecar(s configrequest.Step) error { | |
| func (o *Operator) handleStopSidecar(s configrequest.Step) result error { |
|
|
||
| outputIface, found := config[outputKey] | ||
| if !found { | ||
| o.logger.Errorf("operator.getMonitoringSteps: monitoring configuration not found for sidecar: %v", config) |
There was a problem hiding this comment.
I think this can leak credentials in the log?
There was a problem hiding this comment.
very good catch
|
|
||
| output, found := outputMap["elasticsearch"] | ||
| if !found { | ||
| o.logger.Error("operator.getMonitoringSteps: monitoring is missing an elasticsearch configuration from output: %v", outputMap) |
| ) | ||
|
|
||
| func emitter(log *logger.Logger, router *router) emitterFunc { | ||
| type decoratorFunc = func(*transpiler.AST, []program.Program) ([]program.Program, error) |
There was a problem hiding this comment.
I like the idea of the decorators.
| } | ||
|
|
||
| steps = append(steps, metricbeatStep) | ||
| } |
There was a problem hiding this comment.
I wonder if we should extract the "making of the step into two distinct method" so we can test them in isolation.
|
|
||
| // NewMonitor creates a beats monitor. | ||
| func NewMonitor(process, pipelineID string, downloadConfig *artifact.Config, monitorLogs, monitorMetrics bool) *Monitor { | ||
| var monitoringEndpoint, loggingPath string |
There was a problem hiding this comment.
LoggingPath is per pipeline id + process, Correct?
There was a problem hiding this comment.
path is common for multiple processes, in same directory there are multiple files e.g metricbeat, metricbeat.1... filebeat...name based on process
| } | ||
|
|
||
| return append(args, appendix...) | ||
| } |
There was a problem hiding this comment.
++ for using arguments here for beats, we might have to refactor that in to support endpoint, I hope they adopt the beats way here but I don't know the plan.
|
|
||
| const ( | ||
| // args: pipeline name, application name | ||
| logFileFormat = "/var/log/%s/%s" |
There was a problem hiding this comment.
In the above case is the first %s the process? I think we should encapsulate all the logs under an elastic-agent directory.
| logFileFormatWin = "%s\\logs\\%s\\%s" | ||
|
|
||
| // args: pipeline name, application name | ||
| mbEndpointFileFormat = "unix:///var/run/fleet/%s/%s/%s.sock" |
|
|
||
| // so far we support only beats monitoring | ||
| return beats.NewMonitor(process, pipelineID, downloadConfig, monitorLogs, monitorMetrics) | ||
| } |
There was a problem hiding this comment.
Oh I see what you did here, this will work for endpoint too :)
There was a problem hiding this comment.
with agent we will either create a new monitor and modify this factory or they will support beats interface and we do nothing. but this allow us to do both
Let's create an issue to prioritize it. |
|
OK, code LGTM, I need to actually test/try this. One thing we didn't consider is how we will monitor the Agent itself? Should we run the processes in a special streams? |
|
if agent is connected to fleet we have a checkin api which contains subset of logs/events. log-wise we dont monitor so far. simplest way would be to create a sidecar for an agent or agent sending it directly. which i guess is related to your latest issue |
|
Yes, we don't, lets create an issue to track it but having a sidecar to monitor the agents seems what we should do. in the end it's just matter of deciding in which streams the sidecards are created and inject the appropriate configuration. |
|
@michalpristas code LGTM, can we rebase? I've created a conflict because of multiples outputs sorry about that. :( |
|
this solution creates a monitoring for each output, so streams using output A are monitored by one set of sidecars which then sends logs to output A, another option would be to create
cc @ph |
|
@michalpristas let's merge this as is and do a followup PR, but we will need to actually be able to specify the outputs using |
|
@ph yes you can just configure one monitoring per policy |
|
i made the change to support |
4 participants
Enables log introspection by introducing monitoring component into application
Flow
FLEET_MONITORINGprogram is injected intoASTwithFLEET_MONITORINGis appended as a last step of configuration changeFLEET_MONITORINGand start/stop respective beats to monitor monitorable beatshttp.enabledwithhostspecified targeting unix socketFixes: #14437
Fixes #14452