[Logstash] Add CEL native data collection, and dashboards for Pipeline and Pipeline Details

packages/logstash/_dev/build/docs/README.md

@@ -6,6 +6,15 @@ The `logstash` package collects metrics and logs of Logstash.
 
 The `logstash` package works with Logstash 8.5.0 and later
 
+## Technical Preview note
+
+This Logstash package also includes a technical preview of Logstash data collection and dashboards
+native to elastic agent. The technical preview includes enhanced data collection, and a number of dashboards, which include additional insight into running pipelines.
+
+Note that this feature is not intended for use with the Stack Monitoring UI inside Kibana,
+and is included as a technical preview. Existing implementations wishing to continue using the Stack Monitoring UI should uncheck the technical preview option, and continue to use `Metrics (Stack Monitoring)`. Those users who wish to use the technical preview should uncheck `Metrics (Stack Monitoring)` and check `Metrics (Technical Preview)`
+
+
 ## Logs
 
 Logstash package supports the plain text format and the JSON format. Also, two types of 
@@ -79,3 +88,45 @@ Logstash metric related data streams works with Logstash 7.3.0 and later.
 ### Node
 
 {{event "node"}}
+
+
+## Metrics (Technical Preview)
+
+This Logstash package also includes a technical preview of Logstash data collection and dashboards
+native to elastic agent. The technical preview includes enhanced data collection, and a number of dashboards, which include additional insight into running pipelines.
+
+Note that this feature is not intended for use with the Stack Monitoring UI inside Kibana,
+and is included as a technical preview. Existing implementations wishing to continue using the Stack Monitoring UI should uncheck the technical preview option, and continue to use `Metrics (Stack Monitoring)`. Those users who wish to use the technical preview should uncheck `Metrics (Stack Monitoring)` and check `Metrics (Technical Preview)`
+
+### Fields and Sample Event
+
+#### Node
+
+This is the `node` dataset, which drives the Node dashboard pages.
+
+#### Example
+
+{{fields "node_cel"}}
+
+{{event "node_cel"}}
+
+#### Pipeline
+
+This is the `pipeline` dataset, which drives the Pipeline dashboard pages.
+
+#### Example
+
+{{fields "pipeline"}}
+
+{{event "pipeline"}}
+
+#### Plugin
+
+This is the `plugin` dataset, which drives the Pipeline detail dashboard pages. Note that this dataset may produce many documents for logstash instances using a large number of pipelines and/or plugins within those pipelines. For those instances, we recommend reviewing the
+pipeline collection period, and setting it to an appropriate value.
+
+#### Example
+
+{{fields "plugins"}}
+
+{{event "plugins"}}

packages/logstash/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.3.4"
+  changes:
+    - description: Introduce Logstash pipelines plugin retrieval and dashboards
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/7704
 - version: "2.3.3"
   changes:
     - description: Introduce Logstash node dashboards into integration package

packages/logstash/data_stream/node_cel/_dev/test/system/test-default-config.yml

@@ -0,0 +1,6 @@
+type: cel
+dataset: logstash.node
+vars:
+  url:
+    - "http://{{Hostname}}:9600"
+data_stream: ~

packages/logstash/data_stream/node_cel/agent/stream/cel.yml.hbs

@@ -0,0 +1,54 @@
+config_version: "2"
+interval: {{period}}
+resource.url: "{{url}}/_node/stats?graph=true"
+{{#if resource_ssl}}
+resource.ssl:
+  {{resource_ssl}}
+{{/if}}
+
+{{#if username}}
+auth.basic.user: {{escape_string username}}
+{{/if}}
+{{#if password}}
+auth.basic.password: {{escape_string password}}
+{{/if}}
+
+redact:
+  fields: ~
+
+program: |
+  get(state.url)
+  .as(resp, bytes(resp.Body)
+  .decode_json().as(body,
+    {"logstash":{"node":{"stats":{
+             "events":body.events,
+             "jvm":{
+                "uptime_in_millis":body.jvm.uptime_in_millis,
+                "mem":body.jvm['mem'].drop("pools"),
+                "threads":body.jvm.threads
+              },
+             "queue":body.queue,
+             "reloads":body.reloads,
+             "process":body.process,
+             "os":{
+              "cpu":body.process.cpu,
+              "cgroup":has(body.os.group) ? body.os.cgroup : {},
+             },
+             "logstash":{
+               "ephemeral_id":body.ephemeral_id,
+               "host":body.host,
+               "http_address":body.http_address,
+               "name":body.name,
+               "pipeline":body.pipeline,
+               "pipelines":body.pipelines.map(pipeline, pipeline != '.monitoring-logstash', [pipeline]).flatten(),
+               "snapshot":body.snapshot,
+               "status":body.status,
+               "uuid":body.id,
+               "version":body.version,
+              }
+          }}
+        }})
+  )
+  .as(eve, {
+    "events":[eve]
+  })

packages/logstash/data_stream/node_cel/fields/agent.yml

@@ -0,0 +1,74 @@
+- name: cloud
+  type: group
+  fields:
+    - name: account.id
+      external: ecs
+    - name: availability_zone
+      external: ecs
+    - name: instance.id
+      external: ecs
+    - name: instance.name
+      external: ecs
+    - name: machine.type
+      external: ecs
+    - name: provider
+      external: ecs
+    - name: region
+      external: ecs
+    - name: project.id
+      external: ecs
+    - name: image.id
+      type: keyword
+      description: Image ID for the cloud instance.
+- name: container
+  type: group
+  fields:
+    - name: id
+      external: ecs
+    - name: image.name
+      external: ecs
+    - name: labels
+      external: ecs
+    - name: name
+      external: ecs
+- name: host
+  type: group
+  fields:
+    - name: architecture
+      external: ecs
+    - name: domain
+      external: ecs
+    - name: hostname
+      external: ecs
+    - name: id
+      external: ecs
+    - name: ip
+      external: ecs
+    - name: mac
+      external: ecs
+    - name: name
+      external: ecs
+    - name: os.family
+      external: ecs
+    - name: os.kernel
+      external: ecs
+    - name: os.name
+      external: ecs
+    - name: os.platform
+      external: ecs
+    - name: os.version
+      external: ecs
+    - name: type
+      external: ecs
+    - name: containerized
+      type: boolean
+      description: >
+        If the host is a container.
+    - name: os.build
+      type: keyword
+      description: >
+        OS build information.
+    - name: os.codename
+      type: keyword
+      description: >
+        OS codename, if any.

packages/logstash/data_stream/node_cel/fields/base-fields.yml

@@ -0,0 +1,9 @@
+- name: data_stream.type
+  external: ecs
+- name: data_stream.dataset
+  external: ecs
+- name: data_stream.namespace
+  external: ecs
+- name: service.hostname
+  type: keyword
+  description: Hostname of the service

packages/logstash/data_stream/node_cel/fields/ecs.yml

@@ -0,0 +1,24 @@
+- name: '@timestamp'
+  external: ecs
+- name: service.id
+  external: ecs
+- name: service.type
+  external: ecs
+- name: service.version
+  external: ecs
+- name: service.address
+  external: ecs
+- name: service.name
+  external: ecs
+- name: process.pid
+  external: ecs
+- name: ecs.version
+  external: ecs
+- name: event.dataset
+  external: ecs
+- name: event.duration
+  external: ecs
+- name: event.module
+  external: ecs
+- name: error.message
+  external: ecs