Skip to content

Add support for Azure Spring Cloud logs #1355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Aug 5, 2021
Merged

Add support for Azure Spring Cloud logs #1355

merged 19 commits into from
Aug 5, 2021

Conversation

narph
Copy link
Contributor

@narph narph commented Jul 26, 2021
edited
Loading

  • Enhancement

PR description will be updated soon

What does this PR do?

Add support for Azure Spring Cloud logs

image

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Example:

 {
        "_index" : ".ds-logs-azure.springcloudlogs-default-2021.08.04-000001",
        "_type" : "_doc",
        "_id" : "B6R6EXsBdXPyPPk9OOPJ",
        "_score" : null,
        "_source" : {
          "agent" : {
            "hostname" : "docker-fleet-agent",
            "name" : "docker-fleet-agent",
            "id" : "dcb938c2-639e-4251-b63e-4e87d8d02cb9",
            "ephemeral_id" : "cf5e0780-ffa3-41b1-afb3-77231370a3b1",
            "type" : "filebeat",
            "version" : "7.14.0"
          },
          "log" : {
            "level" : "INFO"
          },
          "elastic_agent" : {
            "id" : "dcb938c2-639e-4251-b63e-4e87d8d02cb9",
            "version" : "7.14.0",
            "snapshot" : true
          },
          "message" : "Get config server actuator health status UP.",
          "azure-eventhub" : {
            "sequence_number" : 771,
            "consumer_group" : "$Default",
            "offset" : 600952,
            "eventhub" : "insights-logs-systemlogs",
            "enqueued_time" : "2021-08-04T14:04:21.559Z"
          },
          "tags" : [
            "azure-springcloudlogs"
          ],
          "cloud" : {
            "provider" : "azure"
          },
          "input" : {
            "type" : "azure-eventhub"
          },
          "@timestamp" : "2021-08-04T14:03:33.185Z",
          "ecs" : {
            "version" : "1.10.0"
          },
          "data_stream" : {
            "namespace" : "default",
            "type" : "logs",
            "dataset" : "azure.springcloudlogs"
          },
          "host" : {
            "hostname" : "docker-fleet-agent",
            "os" : {
              "kernel" : "4.19.128-microsoft-standard",
              "codename" : "Core",
              "name" : "CentOS Linux",
              "type" : "linux",
              "family" : "redhat",
              "version" : "7 (Core)",
              "platform" : "centos"
            },
            "containerized" : true,
            "ip" : [
              "192.168.0.7"
            ],
            "name" : "docker-fleet-agent",
            "id" : "78315c3233258f2dcd540ed749ab1701",
            "mac" : [
              "02:42:c0:a8:00:07"
            ],
            "architecture" : "x86_64"
          },
          "event" : {
            "agent_id_status" : "verified",
            "ingested" : "2021-08-04T14:03:47.784957800Z",
            "kind" : "event",
            "action" : "Microsoft.AppPlatform/Spring/SystemLogs",
            "dataset" : "azure.springcloudlogs"
          },
          "azure" : {
            "subscription_id" : "....",
            "springcloudlogs" : {
              "operation_name" : "Microsoft.AppPlatform/Spring/SystemLogs",
              "category" : "SystemLogs",
              "event_category" : "Administrative",
              "logtag" : "F",
              "properties" : {
                "stack" : null,
                "service_name" : "obssprincloud",
                "logger" : "com.microsoft.azure.spring.service.controller.DeploymentHealthCheckController",
                "thread" : "XNIO-1 task-1",
                "type" : "ConfigServer"
              }
            },
            "resource" : {
              "provider" : "MICROSOFT.APPPLATFORM/SPRING",
              "name" : "OBSSPRINCLOUD",
              "id" : "/SUBSCRIPTIONS/.../RESOURCEGROUPS/TESTM/PROVIDERS/MICROSOFT.APPPLATFORM/SPRING/OBSSPRINCLOUD",
              "group" : "TESTM"
            }
          }
        },
        "sort" : [
          1628085813185
        ]
      }

{
        "_index" : ".ds-logs-azure.springcloudlogs-default-2021.08.04-000001",
        "_type" : "_doc",
        "_id" : "XqWZEXsBdXPyPPk9OgOY",
        "_score" : null,
        "_source" : {
          "agent" : {
            "hostname" : "docker-fleet-agent",
            "name" : "docker-fleet-agent",
            "id" : "dcb938c2-639e-4251-b63e-4e87d8d02cb9",
            "type" : "filebeat",
            "ephemeral_id" : "cf5e0780-ffa3-41b1-afb3-77231370a3b1",
            "version" : "7.14.0"
          },
          "log" : {
            "level" : "Informational"
          },
          "elastic_agent" : {
            "id" : "dcb938c2-639e-4251-b63e-4e87d8d02cb9",
            "version" : "7.14.0",
            "snapshot" : true
          },
          "message" : "2021-08-04 14:37:03.902  INFO [thisissecond,,,] 1 --- [trap-executor-0] c.n.d.s.r.aws.ConfigClusterResolver      : Resolving eureka endpoints via configuration",
          "azure-eventhub" : {
            "sequence_number" : 157,
            "consumer_group" : "$Default",
            "offset" : 140536,
            "eventhub" : "insights-logs-applicationconsole",
            "enqueued_time" : "2021-08-04T14:38:13.477Z"
          },
          "tags" : [
            "azure-springcloudlogs"
          ],
          "geo" : {
            "name" : "westeurope"
          },
          "cloud" : {
            "provider" : "azure"
          },
          "input" : {
            "type" : "azure-eventhub"
          },
          "@timestamp" : "2021-08-04T14:37:03.903Z",
          "ecs" : {
            "version" : "1.10.0"
          },
          "data_stream" : {
            "namespace" : "default",
            "type" : "logs",
            "dataset" : "azure.springcloudlogs"
          },
          "host" : {
            "hostname" : "docker-fleet-agent",
            "os" : {
              "kernel" : "4.19.128-microsoft-standard",
              "codename" : "Core",
              "name" : "CentOS Linux",
              "family" : "redhat",
              "type" : "linux",
              "version" : "7 (Core)",
              "platform" : "centos"
            },
            "ip" : [
              "192.168.0.7"
            ],
            "containerized" : true,
            "name" : "docker-fleet-agent",
            "id" : "78315c3233258f2dcd540ed749ab1701",
            "mac" : [
              "02:42:c0:a8:00:07"
            ],
            "architecture" : "x86_64"
          },
          "event" : {
            "agent_id_status" : "verified",
            "ingested" : "2021-08-04T14:37:39.863775400Z",
            "kind" : "event",
            "action" : "Microsoft.AppPlatform/Spring/logs",
            "dataset" : "azure.springcloudlogs"
          },
          "azure" : {
            "subscription_id" : "...",
            "springcloudlogs" : {
              "operation_name" : "Microsoft.AppPlatform/Spring/logs",
              "log_format" : "RAW",
              "category" : "ApplicationConsole",
              "event_category" : "Administrative",
              "logtag" : "F",
              "properties" : {
                "app_name" : "thisissecond",
                "instance_name" : "thisissecond-default-12-696f9485f8-7m6l2",
                "stream" : "stdout",
                "service_name" : "obssprincloud",
                "service_id" : "99070c7524f14eaf970bbdf35f357772"
              }
            },
            "resource" : {
              "provider" : "MICROSOFT.APPPLATFORM/SPRING",
              "name" : "OBSSPRINCLOUD",
              "id" : "/SUBSCRIPTIONS/.../RESOURCEGROUPS/TESTM/PROVIDERS/MICROSOFT.APPPLATFORM/SPRING/OBSSPRINCLOUD",
              "group" : "TESTM"
            }
          }
        },
        "sort" : [
          1628087823903
        ]
      }

Screenshots

image

image

image

@narph narph self-assigned this Jul 26, 2021
@narph narph added the Integration:azure Azure Logs label Jul 26, 2021
@elasticmachine
Copy link

elasticmachine commented Jul 26, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-08-05T10:23:44.422+0000

  • Duration: 14 min 39 sec

  • Commit: aa8d637

Test stats 🧪

Test Results
Failed 0
Passed 72
Skipped 0
Total 72

Trends 🧪

Image of Build Times

Image of Tests

@narph
Copy link
Contributor Author

narph commented Aug 4, 2021
edited
Loading

@sorantis , @hemantmalik , I have added the logs format and dashboards in the description, let me know what you think

@hemantmalik
Copy link

Hey, @narph those are looking great. Thank you for sharing the update.

mtojek
mtojek reviewed Aug 5, 2021
View reviewed changes
packages/azure/data_stream/activitylogs/fields/ecs.yml Outdated
type: keyword
- name: ecs.version
external: ecs
description: ECS version
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you load an external field, you don't need to add descriptions here (I'm not sure if we have overriding feature implemented).

packages/azure/data_stream/activitylogs/fields/ecs.yml Outdated
external: ecs
- name: event
external: ecs
- name: host
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to mention all leaf-fields not just groups. We don't want to import definitions for all fields behind host, but just ones that are actually used. Unfortunately the tool can't figure it out on it's own.

packages/azure/data_stream/activitylogs/fields/ecs.yml
@@ -1,249 +1,28 @@
- description: IP address of the client.
name: client.ip
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fields defining client family is here: https://github.com/elastic/ecs/blob/master/generated/beats/fields.ecs.yml#L147

mtojek
mtojek approved these changes Aug 5, 2021
View reviewed changes
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one comment about the ecs.yml file. Otherwise it LGTM, please wait for the CI status.

packages/azure/data_stream/springcloudlogs/fields/ecs.yml Outdated
@@ -0,0 +1,27 @@
- name: ecs.version
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess you don't need this file now.

@narph narph merged commit fe65d14 into elastic:master Aug 5, 2021
@narph narph deleted the azure-spring branch August 5, 2021 10:38
@narph narph mentioned this pull request Aug 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mtojek mtojek mtojek approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@narph narph

Labels

Integration:azure Azure Logs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@narph @elasticmachine @hemantmalik @mtojek