Fix grok processors

[HiDAl]

The Elasticsearch made a behavioral change to the grok processor
(PR elastic/elasticsearch#92586), where in case a field matches more than
once, the processor will return a list of values. This change was
introduced in 8.7. Some of the filebeats pipelines were built over the
assumption that only the first match would be returned.

In the case of IIS, the source.address is repeated in the second part, by
which only the first match will be used, so, it's safe to remove the
second source.address

In the case of MySQL, according to their documentation:

• the Schema is defined always at the
  beginning of the log, right after the "Thread_id:", so it's safe to
  remove the second mysql.schema
• thread_id is more tricky, because it can be matched from different
  places, in this case, the potential matches are stored in 3 temporary
  fields, and then a new script processor does the job of using the
  correct temporary field and then removing it.

What does this PR do?

Why is it important?

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

[botelastic]

This pull request doesn't have a Team:<team> label.

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @HiDAl? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

💔 Tests Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-05-02T09:25:56.574+0000

• Duration: 66 min 31 sec

Test stats 🧪

Test	Results
Failed	13
Passed	27522
Skipped	2140
Total	29675

Test errors

Expand to view the tests failures

> Show only the first 10 test failures

Build&Test / filebeat-pythonIntegTest / test_fileset_file_096_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 assert 0 > 0
 +  where 0 = len([]) 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_096_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_096_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/percona-ubuntu-5.7.19-innodb.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_096_mysql302/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
>       assert len(objects) > 0
E       assert 0 > 0
E        +  where 0 = len([])

tests/system/test_modules.py:228: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_097_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': 'c724e4d2-f862-4fbc-8506-71a0003c8745', 'version': '8.9.0'}, 'temp': {'duration': 4.071491}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-debian-5.7.17.log'}, 'offset': 0, 'flags': ['multiline']}, 'source': {'ip': '1.1.1.1', 'domain': 'apphost'}, 'message': '# User@Host: apphost[apphost] @ apphost [1.1.1.1]  Id: 10997316\n# Query_time: 4.071491  Lock_time: 0.000212 Rows_sent: 1000  Rows_examined: 1489615\nSET timestamp=1493370459;\nSELECT mcu.mcu_guid, mcu.cus_guid, mcu.mcu_url, mcu.mcu_crawlelements, mcu.mcu_order, GROUP_CONCAT(mca.mca_guid SEPARATOR ";") as mca_guid\n                    FROM kat_mailcustomerurl mcu, kat_customer cus, kat_mailcampaign mca\n                    WHERE cus.cus_guid = mcu.cus_guid\n                        AND cus.pro_code = \'CYB\'\n                        AND cus.cus_offline = 0\n                        AND mca.cus_guid = cus.cus_guid\n                        AND (mcu.mcu_date IS NULL OR mcu.mcu_date < CURDATE())\n                        AND mcu.mcu_crawlelements IS NOT NULL\n                    GROUP BY mcu.mcu_guid\n                    ORDER BY mcu.mcu_order ASC\n                    LIMIT 1000;', 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:30.456303810Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 10997316, 'slowlog': {'lock_time': {'sec': 0.000212}, 'rows_sent': 1000, 'rows_examined': 1489615, 'query': 'SELECT mcu.mcu_guid, mcu.cus_guid, mcu.mcu_url, mcu.mcu_crawlelements, mcu.mcu_order, GROUP_CONCAT(mca.mca_guid SEPARATOR ";") as mca_guid\n                    FROM kat_mailcustomerurl mcu, kat_customer cus, kat_mailcampaign mca\n                    WHERE cus.cus_guid = mcu.cus_guid\n                        AND cus.pro_code = \'CYB\'\n                        AND cus.cus_offline = 0\n                        AND mca.cus_guid = cus.cus_guid\n                        AND (mcu.mcu_date IS NULL OR mcu.mcu_date < CURDATE())\n                        AND mcu.mcu_crawlelements IS NOT NULL\n                    GROUP BY mcu.mcu_guid\n                    ORDER BY mcu.mcu_order ASC\n                    LIMIT 1000;', 'current_user': 'apphost', 'timestamp': 1493370459}}, 'event': {'ingested': '2023-05-02T10:24:31.475163954Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'apphost'}}.
   The related error message is: cannot access method/field [schema_1] from a null def reference
assert 'error' not in {'@timestamp': '2023-05-02T10:24:30.456303810Z', 'agent': {'ephemeral_id': 'c724e4d2-f862-4fbc-8506-71a0003c8745', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...} 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_097_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_097_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-debian-5.7.17.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_097_mysql491/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
        assert len(objects) > 0
        for obj in objects:
            assert obj["event"]["module"] == module, "expected event.module={} but got {}".format(
                module, obj["event"]["module"])
    
            # All modules must include a set processor that adds the time that
            # the event was ingested to Elasticsearch
            assert "ingested" in obj["event"], "missing event.ingested timestamp"
    
>           assert "error" not in obj, "not error expected but got: {}.\n The related error message is: {}".format(
                obj, obj["error"].get("message"))
E           AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': 'c724e4d2-f862-4fbc-8506-71a0003c8745', 'version': '8.9.0'}, 'temp': {'duration': 4.071491}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-debian-5.7.17.log'}, 'offset': 0, 'flags': ['multiline']}, 'source': {'ip': '1.1.1.1', 'domain': 'apphost'}, 'message': '# User@Host: apphost[apphost] @ apphost [1.1.1.1]  Id: 10997316\n# Query_time: 4.071491  Lock_time: 0.000212 Rows_sent: 1000  Rows_examined: 1489615\nSET timestamp=1493370459;\nSELECT mcu.mcu_guid, mcu.cus_guid, mcu.mcu_url, mcu.mcu_crawlelements, mcu.mcu_order, GROUP_CONCAT(mca.mca_guid SEPARATOR ";") as mca_guid\n                    FROM kat_mailcustomerurl mcu, kat_customer cus, kat_mailcampaign mca\n                    WHERE cus.cus_guid = mcu.cus_guid\n                        AND cus.pro_code = \'CYB\'\n                        AND cus.cus_offline = 0\n                        AND mca.cus_guid = cus.cus_guid\n                        AND (mcu.mcu_date IS NULL OR mcu.mcu_date < CURDATE())\n                        AND mcu.mcu_crawlelements IS NOT NULL\n                    GROUP BY mcu.mcu_guid\n                    ORDER BY mcu.mcu_order ASC\n                    LIMIT 1000;', 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:30.456303810Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 10997316, 'slowlog': {'lock_time': {'sec': 0.000212}, 'rows_sent': 1000, 'rows_examined': 1489615, 'query': 'SELECT mcu.mcu_guid, mcu.cus_guid, mcu.mcu_url, mcu.mcu_crawlelements, mcu.mcu_order, GROUP_CONCAT(mca.mca_guid SEPARATOR ";") as mca_guid\n                    FROM kat_mailcustomerurl mcu, kat_customer cus, kat_mailcampaign mca\n                    WHERE cus.cus_guid = mcu.cus_guid\n                        AND cus.pro_code = \'CYB\'\n                        AND cus.cus_offline = 0\n                        AND mca.cus_guid = cus.cus_guid\n                        AND (mcu.mcu_date IS NULL OR mcu.mcu_date < CURDATE())\n                        AND mcu.mcu_crawlelements IS NOT NULL\n                    GROUP BY mcu.mcu_guid\n                    ORDER BY mcu.mcu_order ASC\n                    LIMIT 1000;', 'current_user': 'apphost', 'timestamp': 1493370459}}, 'event': {'ingested': '2023-05-02T10:24:31.475163954Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'apphost'}}.
E              The related error message is: cannot access method/field [schema_1] from a null def reference
E           assert 'error' not in {'@timestamp': '2023-05-02T10:24:30.456303810Z', 'agent': {'ephemeral_id': 'c724e4d2-f862-4fbc-8506-71a0003c8745', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...}

tests/system/test_modules.py:237: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_098_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 assert 0 > 0
 +  where 0 = len([]) 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_098_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_098_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/percona-ubuntu-5.7.19.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_098_mysql264/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
>       assert len(objects) > 0
E       assert 0 > 0
E        +  where 0 = len([])

tests/system/test_modules.py:228: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_099_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': '18d7215d-b928-48b4-ab64-36492fb6b132', 'version': '8.9.0'}, 'temp': {'duration': 2.746607}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log'}, 'offset': 244, 'flags': ['multiline']}, 'source': {'domain': 'localhost'}, 'fileset': {'name': 'slowlog'}, 'message': "# User@Host: root[root] @ localhost []  Id:   182\n# Schema: employees  Last_errno: 0  Killed: 0\n# Query_time: 2.746607  Lock_time: 0.000138  Rows_sent: 10  Rows_examined: 3145718  Rows_affected: 0\n# Bytes_sent: 312\nuse employees;\nSET timestamp=1553444561;\nSELECT last_name, MAX(salary) AS salary FROM employees     INNER JOIN salaries ON employees.emp_no = salaries.emp_no     GROUP BY last_name     ORDER BY salary DESC     LIMIT 10;\n/usr/sbin/mysqld, Version: 8.0.15-5 (Percona Server (GPL), Release '5', Revision 'f8a9e99'). started with:\nTcp port: 0  Unix socket: /var/run/mysqld/mysqld.sock\nTime                 Id Command    Argument", 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:35.720904013Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 182, 'slowlog': {'schema': 'employees', 'lock_time': {'sec': 0.000138}, 'rows_affected': 0, 'rows_sent': 10, 'rows_examined': 3145718, 'query': "SELECT last_name, MAX(salary) AS salary FROM employees     INNER JOIN salaries ON employees.emp_no = salaries.emp_no     GROUP BY last_name     ORDER BY salary DESC     LIMIT 10;\n/usr/sbin/mysqld, Version: 8.0.15-5 (Percona Server (GPL), Release '5', Revision 'f8a9e99'). started with:\nTcp port: 0  Unix socket: /var/run/mysqld/mysqld.sock\nTime                 Id Command    Argument", 'last_errno': 0, 'killed': 0, 'bytes_sent': 312, 'current_user': 'root', 'timestamp': 1553444561}}, 'event': {'ingested': '2023-05-02T10:24:36.741974347Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
   The related error message is: cannot access method/field [schema_1] from a null def reference
assert 'error' not in {'@timestamp': '2023-05-02T10:24:35.720904013Z', 'agent': {'ephemeral_id': '18d7215d-b928-48b4-ab64-36492fb6b132', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...} 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_099_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_099_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_099_mysql122/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
        assert len(objects) > 0
        for obj in objects:
            assert obj["event"]["module"] == module, "expected event.module={} but got {}".format(
                module, obj["event"]["module"])
    
            # All modules must include a set processor that adds the time that
            # the event was ingested to Elasticsearch
            assert "ingested" in obj["event"], "missing event.ingested timestamp"
    
>           assert "error" not in obj, "not error expected but got: {}.\n The related error message is: {}".format(
                obj, obj["error"].get("message"))
E           AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': '18d7215d-b928-48b4-ab64-36492fb6b132', 'version': '8.9.0'}, 'temp': {'duration': 2.746607}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/percona-ubuntu-8.0.15.log'}, 'offset': 244, 'flags': ['multiline']}, 'source': {'domain': 'localhost'}, 'fileset': {'name': 'slowlog'}, 'message': "# User@Host: root[root] @ localhost []  Id:   182\n# Schema: employees  Last_errno: 0  Killed: 0\n# Query_time: 2.746607  Lock_time: 0.000138  Rows_sent: 10  Rows_examined: 3145718  Rows_affected: 0\n# Bytes_sent: 312\nuse employees;\nSET timestamp=1553444561;\nSELECT last_name, MAX(salary) AS salary FROM employees     INNER JOIN salaries ON employees.emp_no = salaries.emp_no     GROUP BY last_name     ORDER BY salary DESC     LIMIT 10;\n/usr/sbin/mysqld, Version: 8.0.15-5 (Percona Server (GPL), Release '5', Revision 'f8a9e99'). started with:\nTcp port: 0  Unix socket: /var/run/mysqld/mysqld.sock\nTime                 Id Command    Argument", 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:35.720904013Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 182, 'slowlog': {'schema': 'employees', 'lock_time': {'sec': 0.000138}, 'rows_affected': 0, 'rows_sent': 10, 'rows_examined': 3145718, 'query': "SELECT last_name, MAX(salary) AS salary FROM employees     INNER JOIN salaries ON employees.emp_no = salaries.emp_no     GROUP BY last_name     ORDER BY salary DESC     LIMIT 10;\n/usr/sbin/mysqld, Version: 8.0.15-5 (Percona Server (GPL), Release '5', Revision 'f8a9e99'). started with:\nTcp port: 0  Unix socket: /var/run/mysqld/mysqld.sock\nTime                 Id Command    Argument", 'last_errno': 0, 'killed': 0, 'bytes_sent': 312, 'current_user': 'root', 'timestamp': 1553444561}}, 'event': {'ingested': '2023-05-02T10:24:36.741974347Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
E              The related error message is: cannot access method/field [schema_1] from a null def reference
E           assert 'error' not in {'@timestamp': '2023-05-02T10:24:35.720904013Z', 'agent': {'ephemeral_id': '18d7215d-b928-48b4-ab64-36492fb6b132', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...}

tests/system/test_modules.py:237: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_100_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 assert 0 > 0
 +  where 0 = len([]) 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_100_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_100_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mariadb-10.2.12.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_100_mysql973/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
>       assert len(objects) > 0
E       assert 0 > 0
E        +  where 0 = len([])

tests/system/test_modules.py:228: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_101_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': 'aebc6c34-67d1-40c3-a645-54d2504dcc0d', 'version': '8.9.0'}, 'temp': {'duration': 15.000223}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-5.7.22.log'}, 'offset': 41, 'flags': ['multiline']}, 'source': {'ip': '218.76.8.37'}, 'fileset': {'name': 'slowlog'}, 'message': '# User@Host: root[root] @  [218.76.8.37]  Id:  7234\n# Query_time: 15.000223  Lock_time: 0.000000 Rows_sent: 1  Rows_examined: 0\nSET timestamp=1533630467;\nselect sleep(15);', 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:41.075085618Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 7234, 'slowlog': {'lock_time': {'sec': 0.0}, 'rows_sent': 1, 'rows_examined': 0, 'query': 'select sleep(15);', 'current_user': 'root', 'timestamp': 1533630467}}, 'event': {'ingested': '2023-05-02T10:24:42.092525861Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
   The related error message is: cannot access method/field [schema_1] from a null def reference
assert 'error' not in {'@timestamp': '2023-05-02T10:24:41.075085618Z', 'agent': {'ephemeral_id': 'aebc6c34-67d1-40c3-a645-54d2504dcc0d', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...} 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_101_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_101_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-5.7.22.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_101_mysql520/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
        assert len(objects) > 0
        for obj in objects:
            assert obj["event"]["module"] == module, "expected event.module={} but got {}".format(
                module, obj["event"]["module"])
    
            # All modules must include a set processor that adds the time that
            # the event was ingested to Elasticsearch
            assert "ingested" in obj["event"], "missing event.ingested timestamp"
    
>           assert "error" not in obj, "not error expected but got: {}.\n The related error message is: {}".format(
                obj, obj["error"].get("message"))
E           AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': 'aebc6c34-67d1-40c3-a645-54d2504dcc0d', 'version': '8.9.0'}, 'temp': {'duration': 15.000223}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-5.7.22.log'}, 'offset': 41, 'flags': ['multiline']}, 'source': {'ip': '218.76.8.37'}, 'fileset': {'name': 'slowlog'}, 'message': '# User@Host: root[root] @  [218.76.8.37]  Id:  7234\n# Query_time: 15.000223  Lock_time: 0.000000 Rows_sent: 1  Rows_examined: 0\nSET timestamp=1533630467;\nselect sleep(15);', 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:41.075085618Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 7234, 'slowlog': {'lock_time': {'sec': 0.0}, 'rows_sent': 1, 'rows_examined': 0, 'query': 'select sleep(15);', 'current_user': 'root', 'timestamp': 1533630467}}, 'event': {'ingested': '2023-05-02T10:24:42.092525861Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
E              The related error message is: cannot access method/field [schema_1] from a null def reference
E           assert 'error' not in {'@timestamp': '2023-05-02T10:24:41.075085618Z', 'agent': {'ephemeral_id': 'aebc6c34-67d1-40c3-a645-54d2504dcc0d', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...}

tests/system/test_modules.py:237: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_102_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': '316f3a6f-4ecc-4b72-8e91-647595ab234d', 'version': '8.9.0'}, 'temp': {'duration': 0.000153}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-ubuntu-5.5.53.log'}, 'offset': 206, 'flags': ['multiline']}, 'source': {'domain': 'localhost'}, 'message': "# User@Host: debian-sys-maint[debian-sys-maint] @ localhost []\n# Query_time: 0.000153  Lock_time: 0.000061 Rows_sent: 1  Rows_examined: 5\nSET timestamp=1481294279;\nSELECT count(*) FROM mysql.user WHERE user='root' and password='';", 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [thread_id_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:43.792724133Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'slowlog': {'lock_time': {'sec': 6.1e-05}, 'rows_sent': 1, 'rows_examined': 5, 'query': "SELECT count(*) FROM mysql.user WHERE user='root' and password='';", 'current_user': 'debian-sys-maint', 'timestamp': 1481294279}}, 'event': {'ingested': '2023-05-02T10:24:44.815401548Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'debian-sys-maint'}}.
   The related error message is: cannot access method/field [thread_id_1] from a null def reference
assert 'error' not in {'@timestamp': '2023-05-02T10:24:43.792724133Z', 'agent': {'ephemeral_id': '316f3a6f-4ecc-4b72-8e91-647595ab234d', 'id...{'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [thread_id_1] from a null def reference'}, ...} 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_102_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_102_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-ubuntu-5.5.53.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_102_mysql883/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
        assert len(objects) > 0
        for obj in objects:
            assert obj["event"]["module"] == module, "expected event.module={} but got {}".format(
                module, obj["event"]["module"])
    
            # All modules must include a set processor that adds the time that
            # the event was ingested to Elasticsearch
            assert "ingested" in obj["event"], "missing event.ingested timestamp"
    
>           assert "error" not in obj, "not error expected but got: {}.\n The related error message is: {}".format(
                obj, obj["error"].get("message"))
E           AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': '316f3a6f-4ecc-4b72-8e91-647595ab234d', 'version': '8.9.0'}, 'temp': {'duration': 0.000153}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-ubuntu-5.5.53.log'}, 'offset': 206, 'flags': ['multiline']}, 'source': {'domain': 'localhost'}, 'message': "# User@Host: debian-sys-maint[debian-sys-maint] @ localhost []\n# Query_time: 0.000153  Lock_time: 0.000061 Rows_sent: 1  Rows_examined: 5\nSET timestamp=1481294279;\nSELECT count(*) FROM mysql.user WHERE user='root' and password='';", 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [thread_id_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:43.792724133Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'slowlog': {'lock_time': {'sec': 6.1e-05}, 'rows_sent': 1, 'rows_examined': 5, 'query': "SELECT count(*) FROM mysql.user WHERE user='root' and password='';", 'current_user': 'debian-sys-maint', 'timestamp': 1481294279}}, 'event': {'ingested': '2023-05-02T10:24:44.815401548Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'debian-sys-maint'}}.
E              The related error message is: cannot access method/field [thread_id_1] from a null def reference
E           assert 'error' not in {'@timestamp': '2023-05-02T10:24:43.792724133Z', 'agent': {'ephemeral_id': '316f3a6f-4ecc-4b72-8e91-647595ab234d', 'id...{'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [thread_id_1] from a null def reference'}, ...}

tests/system/test_modules.py:237: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_103_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'ephemeral_id': 'd1f3b549-90f8-4ca6-b0df-d9792c14b858', 'type': 'filebeat', 'version': '8.9.0'}, 'temp': {'duration': 0.0001}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-debian-5.7.19.log'}, 'offset': 0, 'flags': ['multiline']}, 'source': {'ip': '172.17.0.11'}, 'message': '# User@Host: root[root] @  [172.17.0.11]  Id:     5\n# Query_time: 0.000100  Lock_time: 0.000033 Rows_sent: 101  Rows_examined: 101\nSET timestamp=1524768632;\nSELECT intcol1,charcol1 FROM t1;', 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:46.512224172Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 5, 'slowlog': {'lock_time': {'sec': 3.3e-05}, 'rows_sent': 101, 'rows_examined': 101, 'query': 'SELECT intcol1,charcol1 FROM t1;', 'current_user': 'root', 'timestamp': 1524768632}}, 'event': {'ingested': '2023-05-02T10:24:47.532619717Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
   The related error message is: cannot access method/field [schema_1] from a null def reference
assert 'error' not in {'@timestamp': '2023-05-02T10:24:46.512224172Z', 'agent': {'ephemeral_id': 'd1f3b549-90f8-4ca6-b0df-d9792c14b858', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...} 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_103_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_103_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-debian-5.7.19.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_103_mysql607/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
        assert len(objects) > 0
        for obj in objects:
            assert obj["event"]["module"] == module, "expected event.module={} but got {}".format(
                module, obj["event"]["module"])
    
            # All modules must include a set processor that adds the time that
            # the event was ingested to Elasticsearch
            assert "ingested" in obj["event"], "missing event.ingested timestamp"
    
>           assert "error" not in obj, "not error expected but got: {}.\n The related error message is: {}".format(
                obj, obj["error"].get("message"))
E           AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'ephemeral_id': 'd1f3b549-90f8-4ca6-b0df-d9792c14b858', 'type': 'filebeat', 'version': '8.9.0'}, 'temp': {'duration': 0.0001}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-debian-5.7.19.log'}, 'offset': 0, 'flags': ['multiline']}, 'source': {'ip': '172.17.0.11'}, 'message': '# User@Host: root[root] @  [172.17.0.11]  Id:     5\n# Query_time: 0.000100  Lock_time: 0.000033 Rows_sent: 101  Rows_examined: 101\nSET timestamp=1524768632;\nSELECT intcol1,charcol1 FROM t1;', 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:46.512224172Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 5, 'slowlog': {'lock_time': {'sec': 3.3e-05}, 'rows_sent': 101, 'rows_examined': 101, 'query': 'SELECT intcol1,charcol1 FROM t1;', 'current_user': 'root', 'timestamp': 1524768632}}, 'event': {'ingested': '2023-05-02T10:24:47.532619717Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
E              The related error message is: cannot access method/field [schema_1] from a null def reference
E           assert 'error' not in {'@timestamp': '2023-05-02T10:24:46.512224172Z', 'agent': {'ephemeral_id': 'd1f3b549-90f8-4ca6-b0df-d9792c14b858', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...}

tests/system/test_modules.py:237: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_104_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 assert 0 > 0
 +  where 0 = len([]) 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_104_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_104_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mariadb-10.1.21.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_104_mysql484/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
>       assert len(objects) > 0
E       assert 0 > 0
E        +  where 0 = len([])

tests/system/test_modules.py:228: AssertionError 

Build&Test / filebeat-pythonIntegTest / test_fileset_file_105_mysql – filebeat.tests.system.test_modules.Test

Expand to view the error details

 AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': '2a5d7a58-ce84-44bc-a3f9-3653845b0426', 'version': '8.9.0'}, 'temp': {'duration': 11.004467}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-darwin-brew-5.7.10.log'}, 'offset': 210, 'flags': ['multiline']}, 'source': {'domain': 'localhost'}, 'message': '# User@Host: root[root] @ localhost []  Id:     2\n# Query_time: 11.004467  Lock_time: 0.000000 Rows_sent: 1  Rows_examined: 0\nSET timestamp=1481543656;\nselect sleep(11);', 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:51.850257044Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 2, 'slowlog': {'lock_time': {'sec': 0.0}, 'rows_sent': 1, 'rows_examined': 0, 'query': 'select sleep(11);', 'current_user': 'root', 'timestamp': 1481543656}}, 'event': {'ingested': '2023-05-02T10:24:52.868791840Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
   The related error message is: cannot access method/field [schema_1] from a null def reference
assert 'error' not in {'@timestamp': '2023-05-02T10:24:51.850257044Z', 'agent': {'ephemeral_id': '2a5d7a58-ce84-44bc-a3f9-3653845b0426', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...} 

Expand to view the stacktrace

 a = (<test_modules.Test testMethod=test_fileset_file_105_mysql>,)

    @wraps(func)
    def standalone_func(*a):
>       return func(*(a + p.args), **p.kwargs)

../../../../../python-env/build/ve/linux/lib/python3.10/site-packages/parameterized/parameterized.py:518: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/system/test_modules.py:150: in test_fileset_file
    self.run_on_file(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_modules.Test testMethod=test_fileset_file_105_mysql>
module = 'mysql', fileset = 'slowlog'
test_file = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-darwin-brew-5.7.10.log'
cfgfile = '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_105_mysql151/filebeat.yml'

    def run_on_file(self, module, fileset, test_file, cfgfile):
        print("Testing {}/{} on {}".format(module, fileset, test_file))
    
        self.assert_explicit_ecs_version_set(module, fileset)
    
        try:
            self.es.indices.delete_data_stream(self.index_name)
        except BaseException:
            pass
        self.wait_until(lambda: not self.es.indices.exists(self.index_name))
    
        cmd = [
            self.filebeat, "-systemTest",
            "-e", "-d", "*", "-once",
            "-c", cfgfile,
            "-E", "setup.ilm.enabled=false",
            "-modules={}".format(module),
            "-M", "{module}.*.enabled=false".format(module=module),
            "-M", "{module}.{fileset}.enabled=true".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.input=file".format(
                module=module, fileset=fileset),
            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
                module=module, fileset=fileset, test_file=test_file),
            "-M", "*.*.input.close_eof=true",
        ]
        # allow connecting older versions of Elasticsearch
        if os.getenv("TESTING_FILEBEAT_ALLOW_OLDER"):
            cmd.extend(["-E", "output.elasticsearch.allow_older_versions=true"])
    
        # Based on the convention that if a name contains -json the json format is needed. Currently used for LS.
        if "-json" in test_file:
            cmd.append("-M")
            cmd.append("{module}.{fileset}.var.format=json".format(
                module=module, fileset=fileset))
    
        output_path = os.path.join(self.working_dir)
        # Runs inside a with block to ensure file is closed afterwards
        with open(os.path.join(output_path, "output.log"), "ab") as output:
            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
    
            # Use a fixed timezone so results don't vary depending on the environment
            # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,
            # this can happen because UTC uses to be the default timezone in date parsers when no other
            # timezone is specified.
            local_env = os.environ.copy()
            local_env["TZ"] = 'Etc/GMT+2'
    
            subprocess.Popen(cmd,
                             env=local_env,
                             stdin=None,
                             stdout=output,
                             stderr=subprocess.STDOUT,
                             bufsize=0).wait()
    
        # List of errors to check in filebeat output logs
        errors = ["error loading pipeline for fileset"]
        # Checks if the output of filebeat includes errors
        contains_error, error_line = file_contains(
            os.path.join(output_path, "output.log"), errors)
        assert contains_error is False, "Error found in log:{}".format(
            error_line)
    
        # Make sure index exists
        self.wait_until(lambda: self.es.indices.exists(self.index_name),
                        name="indices present for {}".format(test_file))
    
        self.es.indices.refresh(index=self.index_name)
        # Loads the first 100 events to be checked
        res = self.es.search(index=self.index_name,
                             body={"query": {"match_all": {}}, "size": 100, "sort": {"log.offset": {"order": "asc"}}})
        objects = [o["_source"] for o in res["hits"]["hits"]]
        assert len(objects) > 0
        for obj in objects:
            assert obj["event"]["module"] == module, "expected event.module={} but got {}".format(
                module, obj["event"]["module"])
    
            # All modules must include a set processor that adds the time that
            # the event was ingested to Elasticsearch
            assert "ingested" in obj["event"], "missing event.ingested timestamp"
    
>           assert "error" not in obj, "not error expected but got: {}.\n The related error message is: {}".format(
                obj, obj["error"].get("message"))
E           AssertionError: not error expected but got: {'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481', 'id': 'f8c80a47-dd86-485c-94ef-5f7426d0b9cf', 'type': 'filebeat', 'ephemeral_id': '2a5d7a58-ce84-44bc-a3f9-3653845b0426', 'version': '8.9.0'}, 'temp': {'duration': 11.004467}, 'log': {'file': {'path': '/var/lib/jenkins/workspace/PR-35276-2-b2a05fee-211c-4a96-8afb-f2b0cd9edc42/src/github.com/elastic/beats/filebeat/module/mysql/slowlog/test/mysql-darwin-brew-5.7.10.log'}, 'offset': 210, 'flags': ['multiline']}, 'source': {'domain': 'localhost'}, 'message': '# User@Host: root[root] @ localhost []  Id:     2\n# Query_time: 11.004467  Lock_time: 0.000000 Rows_sent: 1  Rows_examined: 0\nSET timestamp=1481543656;\nselect sleep(11);', 'fileset': {'name': 'slowlog'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, 'input': {'type': 'log'}, '@timestamp': '2023-05-02T10:24:51.850257044Z', 'ecs': {'version': '1.12.0'}, 'service': {'type': 'mysql'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1683020186163603481'}, 'mysql': {'thread_id': 2, 'slowlog': {'lock_time': {'sec': 0.0}, 'rows_sent': 1, 'rows_examined': 0, 'query': 'select sleep(11);', 'current_user': 'root', 'timestamp': 1481543656}}, 'event': {'ingested': '2023-05-02T10:24:52.868791840Z', 'module': 'mysql', 'dataset': 'mysql.slowlog'}, 'user': {'name': 'root'}}.
E              The related error message is: cannot access method/field [schema_1] from a null def reference
E           assert 'error' not in {'@timestamp': '2023-05-02T10:24:51.850257044Z', 'agent': {'ephemeral_id': '2a5d7a58-ce84-44bc-a3f9-3653845b0426', 'id...': {'version': '1.12.0'}, 'error': {'message': 'cannot access method/field [schema_1] from a null def reference'}, ...}

tests/system/test_modules.py:237: AssertionError 

Steps errors

Expand to view the steps failures

filebeat-pythonIntegTest - mage pythonIntegTest

• Took 16 min 42 sec . View more details here
• Description: mage pythonIntegTest

filebeat-pythonIntegTest - mage pythonIntegTest

• Took 13 min 57 sec . View more details here
• Description: mage pythonIntegTest

filebeat-pythonIntegTest - mage pythonIntegTest

• Took 13 min 5 sec . View more details here
• Description: mage pythonIntegTest

Error signal

• Took 0 min 0 sec . View more details here
• Description: Error 'hudson.AbortException: script returned exit code 1'

🐛 Flaky test report

❕ There are test failures but not known flaky tests.

Expand to view the summary

Genuine test errors

💔 There are test failures but not known flaky tests, most likely a genuine test failure.

• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_096_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_097_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_098_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_099_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_100_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_101_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_102_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_103_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_104_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_105_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_106_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_107_mysql – filebeat.tests.system.test_modules.Test
• Name: Build&Test / filebeat-pythonIntegTest / test_fileset_file_108_mysql – filebeat.tests.system.test_modules.Test

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b palcantar-grok-fix upstream/palcantar-grok-fix
git merge upstream/main
git push upstream palcantar-grok-fix