Skip to content

[8.x](backport #41354) Add the missing process.name field to System module, Syslog fileset #41397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
belimawr merged 1 commit into from
Oct 23, 2024
Merged

[8.x](backport #41354) Add the missing process.name field to System module, Syslog fileset #41397

belimawr merged 1 commit into from
Oct 23, 2024

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Oct 23, 2024
edited by zube bot
Loading

Proposed commit message

This PR adds the missing process.name field to System module, Syslog fileset

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

## Disruptive User Impact

## Author's Checklist

How to test this PR locally

  1. Make sure you're testing on a system where system logs are sent to Journald. The Debian 12 Vagrant VM from Beats is a good option.
  2. Package Filebeat (adjust for your system/platform). If you don't package it, dashboards won't be loaded 
    DEV=true SNAPSHOT=true EXTERNAL=true PACKAGES="tar.gz" PLATFORMS=linux/amd64 mage -v package
  3. Extract it, enable the system module 
    ./filebeat modules enable system
  4. Edit filebeat/modules.d/system.yml to enable the syslog fileset and ensure Journald input will be used 
    - module: system
  syslog:
    enabled: true
    var.use_journald: true
  5. Edit filebeat.yml with your ES and Kibana credentials 
    filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
  reload.period: 1s

setup.template:
  settings:
    index.number_of_shards: 1

setup.kibana:
  host: "http://kibana:5601"
  username: admin
  password: testing
  ssl.verification_mode: none

output.elasticsearch:
  hosts: ["http://elasticsearch:9200"]
  preset: latency
  protocol: "http"

  username: admin
  password: testing
  ssl.verification_mode: none
  6. Run the setup command 
    ./filebeat setup --modules system
  7. Start Filebeat
  8. Ensure the events contain process.name and the [Filebeat System] Syslog dashboard ECS contains data. You might have to adjust the time window

Related issues

## Use cases
## Screenshots
## Logs

This is an automatic backport of pull request #41354 done by [Mergify](https://mergify.com).

@belimawr @mergify
Setprocess.name on syslog journald (#41354)
662bb72 
This PR adds the missing process.name field to System module, Syslog fileset

(cherry picked from commit d2796da)
@mergify mergify bot requested a review from a team as a code owner October 23, 2024 13:05
@mergify mergify bot added the backport label Oct 23, 2024
@mergify mergify bot requested review from khushijain21 and mauri870 and removed request for a team October 23, 2024 13:05
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 23, 2024
@belimawr belimawr enabled auto-merge (squash) October 23, 2024 13:23
@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Oct 23, 2024
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 23, 2024

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 23, 2024
@belimawr belimawr merged commit dadccd2 into 8.x Oct 23, 2024
@belimawr belimawr deleted the mergify/bp/8.x/pr-41354 branch October 23, 2024 14:48
@khushijain21 khushijain21 mentioned this pull request Jun 23, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@belimawr belimawr belimawr approved these changes

@mauri870 mauri870 Awaiting requested review from mauri870 mauri870 was automatically assigned from elastic/elastic-agent-data-plane

@khushijain21 khushijain21 Awaiting requested review from khushijain21 khushijain21 was automatically assigned from elastic/elastic-agent-data-plane

Assignees

@belimawr belimawr

Labels

backport Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@elasticmachine @belimawr @pierrehilbert