Add support in e2e-testing repo for Logstash and add test for Logstash output in the Elastic Agent (Standalone and/or Fleet mode). #364
Comments
|
@ph quick question, is logstash output supposed to work at this point in Elastic Agent? While it's possible to set it in the agent's configuration, it seems agent periodically does a healtcheck HTTP request to the configured output, that logstash beats input doesn't support (not a lumberjack protocol message). |
|
This is strange, I don't think we do any special code that would do that. do you have logs? |
71 and 69 are the
|
|
Payload is empty? I am surprised that you see that, we don't have healthcheck logic on the output, you dont have that behavior with filebeat directly? @blakerouse @michalpristas @ruflin any idea? |
|
this is likely from metricbeat doing healthchecks, perhaps uptime checks? |
|
do you have monitoring enabled? monitoring works only with ES. (maybe we could change that in this release ph). but it might end up with type elasticsearch and configuration body from what you provided. |
|
@michalpristas that's it! I disabled monitoring (on by default) and logstash doesn't get http calls anymore. Metrics themselves seem to be processed correctly in Logstash with or without monitoring. +1 on having distinct logic depending on the output type. btw it's fine that this wont be a priority since ES is the only documented output for now |
|
@michalpristas Can you create an issue for that for 7.11? |
|
created elastic/beats#22051 targetted for next release. |
|
cc @andsel |
|
I've added the wrong link above elastic/beats#22051 |
adam-stokes
added
area:test
|
@roaksoax @andsel wanted to follow up, did we ever end up with an e2e-test for Logstash output from Elastic Agent in a different repo / ci, or are we still intending to use this ticket and this e2e-testing repo for it? The Fleet Support is scheduled for a future release, it would be great to have a test for that or stand-alone Agent mode if the team can budget it in. |
EricDavisX
changed the title
|
I'm updating the expectations / short description of the ticket to allow (not require) us to support this from the Fleet mode testing, if we should choose. Development will soon complete a POC for Fleet mode and if we automate against that it is a more inclusive test, while still covering Agent / Logstash side. FYI: The effort to support multiple outputs (including Logstash) in Fleet is coming in a future release tracked here: The remaining Beats repo (Agent) issue is here: While @adam-stokes is assigned, and can help with the framework side, we likely need a Logstash member to help support the test design. I'll ping folks in slack. |
|
I wanted to update (funny timing) I just hear from the Fleet team that this support is going to take longer than I may have made it sounds above. We can talk off-line if we want to do anything more than the standalone mode work, we should probably prioritize that to ensure some coverage on Agent side. |
The Logstash team is currently working on a new output that will write to data_stream and will use the fields defined in the received events to define which data_stream it needs to write to.
The current test architecture in stand-alone assumes the following.
Elastic Agent -> Elasticsearch -> assert indices.
Using the Logstash output in the Elastic-Agent should produce the following architecture.
Elastic Agent -> Logstash -> Elasticsearch -> assert indices.
Using the Logstash output should produce the same results at the end, since by default without any filter it should just act as a proxy.
Tasks:
@mdelapenya I would expect the work to be done by the Logstash team if possible, but it would be good to know what we need to do on our side to support that feature and how we want to support it.
cc @jsvd @colinsurprenant
The text was updated successfully, but these errors were encountered: