Skip to content

[9.1] (backport #9341) [beatreceiver] Enable telemetry for indexing errors on ES exporter - and test to ensure sensitive logs are not shipped#10376

Merged
khushijain21 merged 6 commits into9.1from
mergify/bp/9.1/pr-9341
Oct 29, 2025
Merged

[9.1] (backport #9341) [beatreceiver] Enable telemetry for indexing errors on ES exporter - and test to ensure sensitive logs are not shipped#10376
khushijain21 merged 6 commits into9.1from
mergify/bp/9.1/pr-9341

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Oct 7, 2025

What does this PR do?

This PR was already reviewed/approved here #8988. The original had to be closed due to security reason.

This PR enables telemetry logs for failed input docs on ES exporter.

This PR also adds a test to ensure sensitive logs from ES exporter or elastic-owned components are not shipped by filestream-monitoring.

And for sensitive logs from ES exporter are also blocked. The reasoning follows

If a document is failed to index for any reason, ES exporter logs the document at debug level.

The format looks something like this

 {"log.level":"debug",
 "@timestamp":"2025-07-14T06:35:24.235Z",
 "message":"failed to index document; input may contain sensitive data",
 "input":"{\"create\":{\"_index\":\"logs-test-default\"}}\n{\"host\":{\"hostname\":\"Khushis-MacBook-Pro.local\",\...}\n", 
 "index":"logs-test-default",
 "error.type":"strict_dynamic_mapping_exception",
 "error.reason":"",
 "ecs.version":"1.6.0",
}

Since the input field above contains a json document and filestream-monitoring's ndjson parser does not recurseively parse JSON - we can be sure this field in never indexed.

This test explicity ensure this behavior is always true

This test is a follow up as part of the discussion here #8738 (comment)

Why is it important?

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • I have added an integration test or an E2E test

How to test this PR locally

source ./env.sh; AGENT_VERSION=9.2.0 go test -tags integration -run TestSensitiveLogsESExporter ./testing/integration/ess -count=1 -v

Related issues

This is an automatic backport of pull request #9341 done by [Mergify](https://mergify.com).

@khushijain21 @mergify
[beatreceiver] Enable telemetry for indexing errors on ES exporter - …
46300d2 
…and test to ensure sensitive logs are not shipped (#9341)

* [beatreceiver] Enable telemetry for indexing errors on ES exporter - and test to ensure sensitive logs are not shipped

* remove extra line

(cherry picked from commit eb098ec)

# Conflicts:
#	internal/pkg/otel/translate/otelconfig_test.go
#	testing/integration/ess/beat_receivers_test.go
@mergify mergify bot added backport conflicts There is a conflict in the backported pull request labels Oct 7, 2025
@mergify mergify bot requested a review from a team as a code owner October 7, 2025 10:37
@mergify mergify bot added the conflicts There is a conflict in the backported pull request label Oct 7, 2025
@mergify mergify bot removed the request for review from a team October 7, 2025 10:37
@mergify mergify bot added the backport label Oct 7, 2025
@mergify mergify bot requested review from straistaru and ycombinator October 7, 2025 10:37
@mergify
Copy link
Contributor Author

mergify bot commented Oct 7, 2025

Cherry-pick of eb098ec has failed:

On branch mergify/bp/9.1/pr-9341
Your branch is up to date with 'origin/9.1'.

You are currently cherry-picking commit eb098ec53.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   internal/pkg/otel/translate/otelconfig.go
	modified:   pkg/testing/fixture.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   internal/pkg/otel/translate/otelconfig_test.go
	both modified:   testing/integration/ess/beat_receivers_test.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@github-actions github-actions bot added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team skip-changelog labels Oct 7, 2025
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 7, 2025

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@khushijain21 khushijain21 enabled auto-merge (squash) October 7, 2025 11:17
@khushijain21 khushijain21 disabled auto-merge October 7, 2025 11:17
@khushijain21 khushijain21 enabled auto-merge (squash) October 7, 2025 11:17
khushijain21
khushijain21 previously approved these changes Oct 7, 2025
View reviewed changes
@mergify
Copy link
Contributor Author

mergify bot commented Oct 13, 2025

This pull request has not been merged yet. Could you please review and merge it @khushijain21? 🙏

1 similar comment
@mergify
Copy link
Contributor Author

mergify bot commented Oct 20, 2025

This pull request has not been merged yet. Could you please review and merge it @khushijain21? 🙏

khushijain21
khushijain21 previously approved these changes Oct 22, 2025
View reviewed changes
@ycombinator ycombinator force-pushed the mergify/bp/9.1/pr-9341 branch from 8802f6e to 462dd7d Compare October 24, 2025 16:18
@mergify
Copy link
Contributor Author

mergify bot commented Oct 27, 2025

This pull request has not been merged yet. Could you please review and merge it @khushijain21? 🙏

@ebeahan
Copy link
Member

ebeahan commented Oct 28, 2025

Is this backport waiting on other dependencies to go into 9.1? Else what's the status?

@khushijain21 khushijain21 force-pushed the mergify/bp/9.1/pr-9341 branch from 462dd7d to dd05322 Compare October 29, 2025 09:01
@khushijain21 khushijain21 merged commit 616fd51 into 9.1 Oct 29, 2025
21 checks passed
@khushijain21 khushijain21 deleted the mergify/bp/9.1/pr-9341 branch October 29, 2025 11:34
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 29, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

History

cc @khushijain21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@khushijain21 khushijain21 khushijain21 approved these changes

@ycombinator ycombinator Awaiting requested review from ycombinator ycombinator is a code owner automatically assigned from elastic/elastic-agent-control-plane

@straistaru straistaru Awaiting requested review from straistaru straistaru is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@khushijain21 khushijain21

Labels

backport conflicts There is a conflict in the backported pull request skip-changelog Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticmachine @ebeahan @khushijain21