Migrate to ECS Filebeat modules populating http size and duration metrics #10188
Conversation
webmat
added
in progress
|
@ruflin I'd like your opinion on the two questions outlined in the PR body. For both questions, you can look at the code, because I went ahead and did what I'm suggesting. Open to discussion, however. This is pretty much ready to go, except for the changelog. |
webmat
added
review
and removed
in progress
webmat
changed the title
webmat
force-pushed
the
ecs-http-size-metrics-fb
branch
from
cb7f693
to
ee3d0b6
Compare
|
Unrelated test failure (heartbeat) |
webmat
force-pushed
the
ecs-http-size-metrics-fb
branch
from
ee3d0b6
to
285b0dd
Compare
|
@ruflin Ok ready for another review, including for both caveats. Now that my painless is working, the caveats will make more sense :-) |
|
From the @elastic/stack-monitoring perspective this LGTM but let's see if @ycombinator can come by and just verify that as well. |
| @@ -8,8 +8,7 @@ | |||
| "fileset.name": "log", | |||
| "http.request.method": "get", | |||
| "http.request.referrer": "http://localhost:5601/app/kibana", | |||
| "http.response.content_length": 9, | |||
| "http.response.elapsed_time": 26, | |||
There was a problem hiding this comment.
We should mention the removal of this field these two fields in the breaking changes section of the CHANGELOG.
There was a problem hiding this comment.
Yes, agreed. I've often glossed over the details, for the module-specific fields (e.g. "migrate apache.access.*").
But these two deserve a special mention indeed, since they could have been mistaken for ECS fields.
|
Changelog too chatty? Rest of the PR is approved and hasn't been touched. |
I'm also reusing the same pattern of using a temp field, prior to computing `event.duration`. This will reduce compilations, as both the `script` and `if` arguments are exactly the same code, from one module to the other. Only the `scale` param needs to be adjusted, depending if one has millis, micros, etc.
Not nested under the special `_ingest`
Based on my suggestion over on Andrew's PR: elastic#10193 (comment)
webmat
force-pushed
the
ecs-http-size-metrics-fb
branch
from
fc18add
to
a39361f
Compare
|
Rebased over master. I'm starting another PR on top of this one, to finish the |
|
@ruflin Yeah we should definitely have a generated page that explains "the ECS migration" in plain terms, and is followed by the exhaustive list of fields migrated (aliases, durations that moved to event.duration with a different scale, etc). Then the changelogs related to ECS could be simplified, and all link to that "ECS migration" documentation page. I'll rewrite the changelog a bit, then we should be good. |
|
Ok, pushed one changelog entry per field (duration and body.bytes). Merging right away. Hit me up for a follow-up PR, if these are still problematic. |
This PR finishes the migration of http size and time metrics for all relevant Filebeat modules. This had already started happening in the more recent module transitions. This PR finishes up the work all at once.
Questions
event.durationshould be the single place to record the overall duration. I would remove them, and mark then in ecs-migration.yml as migrated, withalias: false. Any disagreements?Modules/filesets affected
List of aliased field migrations
response size
request size
Event duration
No aliases, as scale is different. Original fields removed.
TODO