[8.19] (backport #9341) [beatreceiver] Enable telemetry for indexing errors on ES exporter - and test to ensure sensitive logs are not shipped

[mergify]

What does this PR do?

This PR was already reviewed/approved here #8988. The original had to be closed due to security reason.

This PR enables telemetry logs for failed input docs on ES exporter.

This PR also adds a test to ensure sensitive logs from ES exporter or elastic-owned components are not shipped by filestream-monitoring.

---

And for sensitive logs from ES exporter are also blocked. The reasoning follows

If a document is failed to index for any reason, ES exporter logs the document at debug level.

The format looks something like this

 {"log.level":"debug",
 "@timestamp":"2025-07-14T06:35:24.235Z",
 "message":"failed to index document; input may contain sensitive data",
 "input":"{\"create\":{\"_index\":\"logs-test-default\"}}\n{\"host\":{\"hostname\":\"Khushis-MacBook-Pro.local\",\...}\n", 
 "index":"logs-test-default",
 "error.type":"strict_dynamic_mapping_exception",
 "error.reason":"",
 "ecs.version":"1.6.0",
}

Since the input field above contains a json document and filestream-monitoring's ndjson parser does not recurseively parse JSON - we can be sure this field in never indexed.

This test explicity ensure this behavior is always true

This test is a follow up as part of the discussion here #8738 (comment)

Why is it important?

Checklist

• I have read and understood the pull request guidelines of this project.
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

How to test this PR locally

source ./env.sh; AGENT_VERSION=9.2.0 go test -tags integration -run TestSensitiveLogsESExporter ./testing/integration/ess -count=1 -v

Related issues

• Relates [beat_receivers] Redact or drop logs that could contain event data in the monitoring filestream instance #8846

---

This is an automatic backport of pull request #9341 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of eb098ec has failed:

On branch mergify/bp/8.19/pr-9341
Your branch is up to date with 'origin/8.19'.

You are currently cherry-picking commit eb098ec53.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   internal/pkg/otel/translate/otelconfig.go
	modified:   pkg/testing/fixture.go
	modified:   testing/integration/ess/beat_receivers_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   internal/pkg/otel/translate/otelconfig_test.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[mergify]

This pull request has not been merged yet. Could you please review and merge it @khushijain21? 🙏

[khushijain21]

This PR requires beats dependency to be bumped. #10524

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/8.19/pr-9341 upstream/mergify/bp/8.19/pr-9341
git merge upstream/8.19
git push upstream mergify/bp/8.19/pr-9341

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 6656302

Failed CI Steps

• Unit tests - Ubuntu 22.04 with requirefips build tag
• x86_64:sudo: fleet
• fips:arm64:sudo-true:fleet
• fips:arm64:sudo-true:fleet

History

• 💔 Build #28680 failed 9584999
• 💔 Build #28609 failed 1e70110
• 💔 Build #28590 failed 7e3d933
• 💔 Build #28204 failed e3d52cc

cc @khushijain21

[mergify]

This pull request has not been merged yet. Could you please review and merge it @khushijain21? 🙏