Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/cribl/_dev/build/docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@ The Cribl integration offers users a way to ingest logs from either of Cribl's E

1. Set **Cloud Id** for the Cloud destination or **Bulk API URLs** for the Elasticsearch destination to point to your Elastic cluster.

2. Set **Index or Data Stream** to `logs-cribl-default`.
2. Set **Index or Data Stream** to `logs-cribl-default` for log-type events and to `metrics-cribl-default` for metric-type events.
Comment thread
moxarth-rathod marked this conversation as resolved.
Outdated

3. **API key** should be a Base64 encoded Elastic API key, which you can create in Kibana by following the instructions under **Management** > **Stack Management** > **Security** > **API Keys**. If you are using an API key with “Restrict privileges”, be sure to review the Indices privileges to provide at least "auto_configure" and "write" permissions for the logs-* index, which you will be using for these Fleet integration data streams.
5 changes: 5 additions & 0 deletions packages/cribl/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.5.1"
changes:
- description: Fix handling of metric event type.
type: bugfix
link: https://github.com/elastic/integrations/pull/13930
- version: "0.5.0"
changes:
- description: Update Kibana constraint to support 9.0.0.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
description: Pipeline for rerouting metric streams from Cribl.
processors:
- set:
field: ecs.version
value: 8.11.0
- append:
field: tags
value: cribl
allow_duplicates: false
- rename:
field: _raw
target_field: message
ignore_missing: true
# removing id for metric type of event
- remove:
field: _id
tag: remove_id
ignore_missing: true
# The Cribl routing pipeline is managed by Kibana
# https://github.com/elastic/kibana/pull/176439
- pipeline:
name: 'cribl-routing-pipeline'
Comment thread
kgeller marked this conversation as resolved.
on_failure:
- set:
field: error.message
value: "{{{ _ingest.on_failure_message }}}"
12 changes: 12 additions & 0 deletions packages/cribl/data_stream/metrics/fields/base-fields.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
- name: data_stream.type
type: constant_keyword
description: Data stream type.
- name: data_stream.dataset
type: constant_keyword
description: Data stream dataset.
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: '@timestamp'
type: date
description: Event timestamp.
8 changes: 8 additions & 0 deletions packages/cribl/data_stream/metrics/manifest.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
title: "Metrics"
type: metrics
dataset: cribl
# This integration includes predefined rules that automatically route AWS service metrics to the respective integrations.
# Adding these permissions to ensure the agents have permissions to write data to `metrics-*-*`.
elasticsearch:
dynamic_dataset: true
dynamic_namespace: true
2 changes: 1 addition & 1 deletion packages/cribl/docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@ The Cribl integration offers users a way to ingest logs from either of Cribl's E

1. Set **Cloud Id** for the Cloud destination or **Bulk API URLs** for the Elasticsearch destination to point to your Elastic cluster.

2. Set **Index or Data Stream** to `logs-cribl-default`.
2. Set **Index or Data Stream** to `logs-cribl-default` for log-type events and to `metrics-cribl-default` for metric-type events.

3. **API key** should be a Base64 encoded Elastic API key, which you can create in Kibana by following the instructions under **Management** > **Stack Management** > **Security** > **API Keys**. If you are using an API key with “Restrict privileges”, be sure to review the Indices privileges to provide at least "auto_configure" and "write" permissions for the logs-* index, which you will be using for these Fleet integration data streams.
2 changes: 1 addition & 1 deletion packages/cribl/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.0.3
name: cribl
title: "Cribl"
version: "0.5.0"
version: "0.5.1"
description: Stream logs from Cribl into Elastic.
type: integration
categories:
Expand Down