Skip to content

Duplicate system.process.cmdline field with process.command_line ECS field name #22325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Nov 3, 2020
Merged

Duplicate system.process.cmdline field with process.command_line ECS field name #22325

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3894a04
Use process.command_line ECS field name for system.process.cmdline field
kaiyan-sheng Oct 30, 2020
d652677
add field to ecs-migration.yml
kaiyan-sheng Oct 30, 2020
bcf09d4
add changelog
kaiyan-sheng Nov 2, 2020
dac430c
duplicate system.process.cmdline
kaiyan-sheng Nov 3, 2020
1f9a3bb
regenerate data.json for process metricset
kaiyan-sheng Nov 3, 2020
0e75081
update changelog
kaiyan-sheng Nov 3, 2020
a0a3134
update changelog
kaiyan-sheng Nov 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -778,6 +778,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Expand unsupported option from namespace to metrics in the azure module. {pull}21486[21486]
- Map cloud data filed `cloud.account.id` to azure subscription. {pull}21483[21483] {issue}21381[21381]
- Move s3_daily_storage and s3_request metricsets to use cloudwatch input. {pull}21703[21703]
- Replace system.process.cmdline field name with process.command_line ECS field name. {pull}22325[22325]

*Packetbeat*

Expand Down
5 changes: 5 additions & 0 deletions dev-tools/ecs-migration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1826,6 +1826,11 @@
alias: true
beat: metricbeat

- from: system.process.cmdline
to: process.command_line
alias: true
beat: metricbeat

- from: system.process.username
to: user.name
alias: true
Expand Down
5 changes: 2 additions & 3 deletions metricbeat/docs/fields.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41747,10 +41747,9 @@ alias to: process.pgid
*`system.process.cmdline`*::
+
--
The full command-line used to start the process, including the arguments separated by space.

type: alias

type: keyword
alias to: process.command_line

--

Expand Down
2 changes: 1 addition & 1 deletion metricbeat/module/system/fields.go
View file
Open in desktop

Large diffs are not rendered by default.

92 changes: 49 additions & 43 deletions metricbeat/module/system/process/_meta/data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,10 @@
},
"process": {
"args": [
"/usr/lib/systemd/systemd",
"--switched-root",
"--system",
"--deserialize",
"28"
"/sbin/init",
"splash"
],
"command_line": "/sbin/init splash",
"name": "systemd",
"pgid": 1,
"pid": 1,
Expand All @@ -32,8 +30,8 @@
"id": "init.scope",
"path": "/init.scope",
"total": {
"bytes": 7453696,
"ios": 548
"bytes": 573440,
"ios": 140
}
},
"cpu": {
Expand Down Expand Up @@ -68,21 +66,29 @@
"id": "init.scope",
"path": "/init.scope",
"percpu": {
"1": 3930656993407,
"2": 4025787490535,
"3": 4064460082910,
"4": 3387847262532
"1": 571119313,
"10": 282248474,
"11": 363773369,
"12": 855691122,
"2": 735154670,
"3": 458174215,
"4": 281192882,
"5": 563599363,
"6": 415888016,
"7": 396270851,
"8": 550242795,
"9": 419970811
},
"stats": {
"system": {
"ns": 4996000000000
"ns": 1700000000
},
"user": {
"ns": 10329380000000
"ns": 1920000000
}
},
"total": {
"ns": 15408751829384
"ns": 5893325881
}
},
"id": "init.scope",
Expand All @@ -94,9 +100,9 @@
"bytes": 9223372036854771712
},
"usage": {
"bytes": 9404416,
"bytes": 16871424,
"max": {
"bytes": 14987264
"bytes": 17829888
}
}
},
Expand All @@ -118,62 +124,62 @@
"bytes": 9223372036854771712
},
"usage": {
"bytes": 29437952,
"bytes": 21827584,
"max": {
"bytes": 70705152
"bytes": 30121984
}
}
},
"memsw": {
"failures": 0,
"limit": {
"bytes": 9223372036854771712
"bytes": 0
},
"usage": {
"bytes": 30392320,
"bytes": 0,
"max": {
"bytes": 70705152
"bytes": 0
}
}
},
"path": "/init.scope",
"stats": {
"active_anon": {
"bytes": 3444736
"bytes": 4055040
},
"active_file": {
"bytes": 10563584
"bytes": 405504
},
"cache": {
"bytes": 10752000
"bytes": 643072
},
"hierarchical_memory_limit": {
"bytes": 9223372036854771712
},
"hierarchical_memsw_limit": {
"bytes": 9223372036854771712
"bytes": 0
},
"inactive_anon": {
"bytes": 6197248
"bytes": 270336
},
"inactive_file": {
"bytes": 327680
"bytes": 0
},
"major_page_faults": 198,
"major_page_faults": 0,
"mapped_file": {
"bytes": 9867264
"bytes": 0
},
"page_faults": 3626304,
"pages_in": 1095732,
"pages_out": 1090806,
"page_faults": 117447,
"pages_in": 52008,
"pages_out": 50851,
"rss": {
"bytes": 9592832
"bytes": 4009984
},
"rss_huge": {
"bytes": 0
},
"swap": {
"bytes": 675840
"bytes": 0
},
"unevictable": {
"bytes": 0
Expand All @@ -182,24 +188,24 @@
},
"path": "/init.scope"
},
"cmdline": "/usr/lib/systemd/systemd --switched-root --system --deserialize 28",
"cmdline": "/sbin/init splash",
"cpu": {
"start_time": "2020-08-27T01:05:16.000Z",
"start_time": "2020-11-03T17:55:56.000Z",
"total": {
"norm": {
"pct": 0.0056
"pct": 0
},
"pct": 0.0222,
"value": 15389060
"pct": 0,
"value": 5580
}
},
"memory": {
"rss": {
"bytes": 12853248,
"pct": 0.0008
"bytes": 13414400,
"pct": 0.0004
},
"share": 7118848,
"size": 176881664
"share": 8531968,
"size": 173076480
},
"state": "sleeping"
}
Expand Down
8 changes: 3 additions & 5 deletions metricbeat/module/system/process/_meta/fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,9 @@
path: process.pgid
migration: true
- name: cmdline
type: keyword
description: >
The full command-line used to start the process, including the
arguments separated by space.
ignore_above: 2048
type: alias
path: process.command_line
migration: true
- name: username
type: alias
path: user.name
Expand Down
5 changes: 5 additions & 0 deletions metricbeat/module/system/process/process.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,11 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error {
},
}

// Duplicate system.process.cmdline with ECS name process.command_line
if v, ok := proc["cmdline"]; ok {
rootFields.Put("process.command_line", v)
}

if cwd := getAndRemove(proc, "cwd"); cwd != nil {
rootFields.Put("process.working_directory", cwd)
}
Expand Down
3 changes: 2 additions & 1 deletion metricbeat/module/system/test_system.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -458,7 +458,7 @@ def test_process(self):

self.assertCountEqual(SYSTEM_PROCESS_FIELDS, process.keys())

self.assertTrue(found_cmdline, "cmdline not found in any process events")
self.assertTrue(found_cmdline, "cmdline not found in any process events")

@unittest.skipUnless(re.match("(?i)linux|darwin|freebsd", sys.platform), "os")
def test_process_unix(self):
Expand Down Expand Up @@ -544,6 +544,7 @@ def test_process_metricbeat(self):

assert re.match("(?i)metricbeat.test(.exe)?", output["process.name"])
assert re.match("(?i).*metricbeat.test(.exe)? -systemTest", output["system.process.cmdline"])
assert re.match("(?i).*metricbeat.test(.exe)? -systemTest", output["process.command_line"])
assert isinstance(output["system.process.state"], six.string_types)
assert isinstance(output["system.process.cpu.start_time"], six.string_types)
self.check_username(output["user.name"])
Expand Down
2 changes: 1 addition & 1 deletion metricbeat/tests/system/test_processors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ def test_dropevent_with_complex_condition(self):
}],
processors=[{
"drop_event": {
"when.not": "contains.system.process.cmdline: metricbeat.test",
"when.not": "contains.process.command_line: metricbeat.test",
},
}]
)
Expand Down