Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Force ECS options in filebeat pipelines when filebeat version is over 7.0 and ES version is 6.7.X #10875

Merged
merged 5 commits into from
Feb 25, 2019
Merged

Force ECS options in filebeat pipelines when filebeat version is over 7.0 and ES version is 6.7.X #10875

merged 5 commits into from
Feb 25, 2019

Conversation

jsoriano
Copy link
Member

@jsoriano jsoriano commented Feb 21, 2019
edited by alvarolobato
Loading

When using the user_agent processor to ingest data from Filebeat 7.0
into Elasticsearch 6.X conflicts appear with ECS user_agent fields, this can
be solved by setting ecs: true when pipelines are being loaded into
Elasticsearch 6.7.0.

For minor versions where ecs option is not available, pipelines will fail
to load.

Fix #10655

@jsoriano jsoriano added module review Filebeat Filebeat ecs Team:Integrations Label for the Integrations team labels Feb 21, 2019
@jsoriano jsoriano self-assigned this Feb 21, 2019
@jsoriano jsoriano requested a review from a team as a code owner February 21, 2019 21:22
@jsoriano jsoriano mentioned this pull request Feb 21, 2019
Closed
andrewkroh
andrewkroh reviewed Feb 22, 2019
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this problem. And happy one year anniversary!

filebeat/fileset/pipelines.go Outdated Show resolved Hide resolved
filebeat/fileset/pipelines.go Outdated Show resolved Hide resolved
filebeat/fileset/pipelines.go Outdated Show resolved Hide resolved
filebeat/fileset/pipelines.go Outdated Show resolved Hide resolved
@jsoriano
Copy link
Member Author

@andrewkroh suggestions added. Thanks for the review!

@jsoriano jsoriano merged commit 34eaf57 into elastic:master Feb 25, 2019
@jsoriano jsoriano deleted the user-agent-ecs-bc branch February 25, 2019 10:00
jsoriano added a commit to jsoriano/beats that referenced this pull request Feb 25, 2019
@jsoriano
Force ECS options in filebeat pipelines when filebeat version is over…
ef7742f 
… 7.0 and ES version is 6.7.X (elastic#10875)

When using the `user_agent` processor to ingest data from Filebeat 7.0
into Elasticsearch 6.X conflicts appear with ECS user_agent fields, this can
be solved by setting `ecs: true` when pipelines are being loaded into
Elasticsearch 6.7.0.

For minor versions where `ecs` option is not available, pipelines will fail
to load.

Fix elastic#10655

(cherry picked from commit 34eaf57)
@jsoriano jsoriano mentioned this pull request Feb 25, 2019
Merged
jsoriano added a commit that referenced this pull request Feb 25, 2019
@jsoriano
Force ECS options in filebeat pipelines when filebeat version is over…
79c38b6 
… 7.0 and ES version is 6.7.X (#10875) (#10930)

When using the `user_agent` processor to ingest data from Filebeat 7.0
into Elasticsearch 6.X conflicts appear with ECS user_agent fields, this can
be solved by setting `ecs: true` when pipelines are being loaded into
Elasticsearch 6.7.0.

For minor versions where `ecs` option is not available, pipelines will fail
to load.

Fix #10655

(cherry picked from commit 34eaf57)
@ruflin
Copy link
Member

ruflin commented Mar 4, 2019

@jsoriano If someone upgrades Elasticsearch from 6.7 to 7.0 and keeps Filebeat 6.7, this means the user has to overwrite the ingest pipelines?

@ruflin
Copy link
Member

ruflin commented Mar 4, 2019

@jsoriano One more question: I can't see a backport label on this one. Should this also go into 7.0?

@jsoriano
Copy link
Member Author

jsoriano commented Mar 4, 2019

@jsoriano If someone upgrades Elasticsearch from 6.7 to 7.0 and keeps Filebeat 6.7, this means the user has to overwrite the ingest pipelines?

@ruflin I think this is only a problem if Filebeat 7.0 is used.

@jsoriano One more question: I can't see a backport label on this one. Should this also go into 7.0?

It was backported on #10930

@ruflin
Copy link
Member

ruflin commented Mar 4, 2019

FB version: Right, an we recommend to upgrade ES first so we should be good. Probably we should still leave a not about it somewhere.

Backport: 👍

@andrewkroh
Copy link
Member

andrewkroh commented Mar 20, 2019
edited
Loading

@jsoriano I believe this PR is also necessary in the 6.7 branch to allow all modules that use user_agent to work with Elasticsearch <=6.6. Additionally, we need to remove the ecs: false from the modules and let this PR dynamically add the ecs tag as necessary based on the version.

@tsg said he saw, "processor [user_agent] doesn't support one or more provided configuration parameters [ecs]" when using Filebeat 6.7 with ES 6.6.

jsoriano added a commit to jsoriano/beats that referenced this pull request Mar 21, 2019
@jsoriano
Remove ECS options in filebeat pipelines when not available
682a605 
Similar to elastic#10875, but removing ecs flags when using pipelines on
Elasticsearch versions below 6.7.0, that don't have them.
@jsoriano jsoriano mentioned this pull request Mar 21, 2019
Merged
jsoriano added a commit that referenced this pull request Mar 21, 2019
@jsoriano
Remove ECS options in filebeat pipelines when not available (#11362)
79800ae 
Similar to #10875, but removing ecs flags when using pipelines on
Elasticsearch versions below 6.7.0, that don't have them.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@jsoriano jsoriano

Labels
ecs Filebeat Filebeat module review Team:Integrations Label for the Integrations team v7.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsoriano @ruflin @andrewkroh