-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Logs+] Add API to create application logs integration during on-boarding #159991
Comments
Pinging @elastic/infra-monitoring-ui (Team:Infra Monitoring UI) |
Open QuestionsIs the manifest content accurate?
Verification
DLM policy
|
Some quick notes:
|
@ruflin thanks for the feedback!
Sure, I just copied the package spec recommendation.
The current user would work, I guess. When we add a publishing workflow at some point that should probably ask for the "real" value.
Isn't this the package spec version? Wouldn't we only have to update it when we use new features from the package spec?
Do we copy it or refer to it? |
Yes, it is the package spec versions. You are right that we only have to update it when we use a new feature. At the same time it would be nice, if newer versions of Kibana always create the "current" versions of package spec.
Good question. So far in all integrations we refer to it. We should likely discuss if we should keep this. As soon as a user makes some modifications, we would copy. Eventually this is hopefully DLM and not ILM anymore which removes the problem. |
As far as I can tell, Kibana right now doesn't even know which package version it supports. @juliaElastic @jsoriano is there a mapping available to the code that represents the association between package spec and Kibana version? |
Given that the packages have to specify the Kibana version, I've added a |
This LGTM. With serverless, the Kibana version will become irrelevant and the package version will be important for compatibility. So we will need both to be up-to-date. For now, lets do it manually. @jsoriano or @juliaElastic might have ideas on how to keep it in sync. My assumption would be that somewhere in the package manager in Kibana / Fleet, the supported version will be coded in eventually because of the above change. |
I think that the custom logs input package (available since Kibana 8.8.0) already covers this. When you create a policy with a custom dataset, Fleet already creates a It also creates a It is true that this is not supported by current integration packages intended to be used as inputs. But I would rather consider this an area of improvement (I opened an issue about this #160775). Is this new API still neccesary if input packages already provide this functionality? |
Yes. The goal is to create a new integration. What currently happens with input packages is that the templates and pipelines are created, but I don't think belong then to an integration. In your example above, this would the foo integration. Also important, a Fleet policy is not part of our workflow. |
Ok, this is an important difference 👍 The use case is then for users that don't need (or want) to use neither Fleet nor pre-built integrations? It may be good in any case to have alignment between how Fleet creates the dataset-specific templates and pipelines and how this new API will do it.
Given that this is going to be more similar to an input package, should we use
What kind of integration names do we expect here? I wonder if there can be conflicts if this API is called for example with |
Correct, they build their own.
I think the opposite is true. Lets assume the nginx integration would not exist. The user would ship data to
It is a problem we will hit. Eventually we will need something like a "namespace" prefix or something for the integrations. To get started, I would ignore it. A user just can't create an integration with a name that is already installed. Ideally also Fleet would not install an integration that already exists locally ... |
## Summary Closes #159991 Fields that have been utilised to fulfil `basic` and `agent` fields can be easily amended if these are incorrect. Multiple datasets are supported, and these can contain more than one type. ## Testing A curl command similar to the following should allow you to hit the API (check the credentials etc): ``` curl -XPOST -u 'elastic:changeme' -H 'kbn-xsrf: something' -d '{ "integrationName": "web_custom_nginx", "datasets": [{"name": "access", "type": "logs"}, {"name": "error", "type": "metrics"}, {"name": "warning", "type":"logs"}] }' 'http://localhost:5601/<BASE_PATH>/api/fleet/epm/custom_integrations' ``` ## History / context - [Prototype learnings](#158552 (comment)) - [Prototype PR](#160003) ## Results / expectations API response (with installed assets): ![Screenshot 2023-07-05 at 16 56 33](https://github.com/elastic/kibana/assets/471693/fc4a0bab-7057-430a-8c03-18dd4ee17ab7) We see the custom integration in "installed integrations" (albeit with a verification warning): ![Screenshot 2023-07-05 at 16 57 14](https://github.com/elastic/kibana/assets/471693/0c9177d2-2871-490f-9b5c-f338e96484c4) We see the custom integration in Discover with the logs explorer profile: ![Screenshot 2023-07-05 at 16 58 20](https://github.com/elastic/kibana/assets/471693/30c556f2-9fcd-416e-8047-5976fc11ffa2) The assets are installed correctly: ![Screenshot 2023-07-05 at 16 59 06](https://github.com/elastic/kibana/assets/471693/abb82632-f619-4fc3-be93-dc6ce97abedd) ![Screenshot 2023-07-05 at 16 59 20](https://github.com/elastic/kibana/assets/471693/ca1c1da5-1e4b-422c-9edb-0f56e0ed3f98) ![Screenshot 2023-07-05 at 16 59 36](https://github.com/elastic/kibana/assets/471693/8bd60d7e-aebc-4833-b423-eba3336fb42c)
📓 Summary
Currently the log entries ingested after executing the "custom logs" on-boarding flow rely on the default
logs-*-*
templates shipped with Elasticsearch. That means the user can't customize the ingest pipeline or mapping for the specific dataset they're on-boarding. We want to provide an API that the workflow can use to create a integration for the newly on-boarded dataset.✔️ Acceptance criteria
fleet
plugin's conventions.integrationName: string
datasetType: 'logs' | 'metrics' | 'traces' | 'synthetics' | 'profiling'
datasetName: string
2.9.0
"Collect logs for the dataset {dataset}."
1.0.0
{"github": "$currentKibanaUser"}
"integration"
{"kibana.version": ">=$currentKibanaVersion"}
2.8.1
fields.yml
The text was updated successfully, but these errors were encountered: