Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Logs onboarding] Determine if logs are being shipped to elastic #159387

Closed
yngrdyn opened this issue Jun 9, 2023 · 5 comments · Fixed by #170124
Closed

[Logs onboarding] Determine if logs are being shipped to elastic #159387

yngrdyn opened this issue Jun 9, 2023 · 5 comments · Fixed by #170124
Assignees
Labels
Feature:Logs Onboarding Logs Onboarding feature Team:obs-ux-logs Observability Logs User Experience Team

Comments

@yngrdyn
Copy link
Contributor

yngrdyn commented Jun 9, 2023

At the moment we are determining whether logs are being shipped or not to elastic by performing the following search

const { hits } = await esClient.search({
    index: `logs-${dataset}-${namespace}`,
    terminate_after: 1,
});

This search could give users false positives in regards to the data, What if this index already exists when users are onboarding their logs?

@grabowskit, @ruflin, @gbamparop
Will this be a common scenario for us? Could we assume this scenario to be an edge case and proceed with the current check?
Is there a more robust way to check this? For example, in addition to the index, check for file paths (the ones the user configured in the previous step) as part of determining logs arrival?

@yngrdyn yngrdyn added discuss Team:APM All issues that need APM UI Team support apm:logs-onboarding labels Jun 9, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/apm-ui (Team:APM)

@gbamparop
Copy link
Contributor

gbamparop commented Jun 9, 2023

I think it's a good idea to have some filters such as path, @timestamp etc.

@ruflin
Copy link
Member

ruflin commented Jun 15, 2023

Would it be possible to report the host.name from the machine where the script is running? If yes, this could be used to query only for data from this host.

I initially wanted to comment that we should always only query for the last 15min. But this might not provide the expected result. In case someone starts to tail a file with logs from the past few days and we extract the timestamp, only older data will be shipped first.

@gbamparop
Copy link
Contributor

Fleet uses the agent id to query data for the last 5 minutes here. Is this issue related to all shippers?

@gbamparop
Copy link
Contributor

Fleet uses the agent id to query data for the last 5 minutes here. Is this issue related to all shippers?

We've decided in today's meeting to go with this proposal for now, adding it to the Ready column.

@gbamparop gbamparop removed the discuss label Aug 2, 2023
@yngrdyn yngrdyn self-assigned this Aug 17, 2023
@yngrdyn yngrdyn added Team:LogsUX and removed Team:APM All issues that need APM UI Team support labels Oct 5, 2023
@botelastic botelastic bot added the needs-team Issues missing a team label label Oct 10, 2023
@gbamparop gbamparop added Team:obs-ux-logs Observability Logs User Experience Team Feature:Logs Onboarding Logs Onboarding feature and removed apm:logs-onboarding labels Oct 10, 2023
@botelastic botelastic bot removed the needs-team Issues missing a team label label Oct 10, 2023
@yngrdyn yngrdyn added Feature:Logs UI Logs UI feature and removed Feature:Logs UI Logs UI feature labels Oct 30, 2023
yngrdyn added a commit that referenced this issue Nov 2, 2023
…g agent Id (#170124)

Closes #159387.

### Changes
- `POST /internal/observability_onboarding/flow/{id}/step/{name}`
endpoint now accept conditionally a `payload` param that contains an
`agentId`.
- `standalone_agent_setup.sh` is now getting the `agentId` of the
`elastic-agent` installed in the host.
- `get_has_logs.ts` now uses `agentId` to match documents coming from
the installed elastic_agent instance in the host.
delanni pushed a commit to delanni/kibana that referenced this issue Nov 6, 2023
…g agent Id (elastic#170124)

Closes elastic#159387.

### Changes
- `POST /internal/observability_onboarding/flow/{id}/step/{name}`
endpoint now accept conditionally a `payload` param that contains an
`agentId`.
- `standalone_agent_setup.sh` is now getting the `agentId` of the
`elastic-agent` installed in the host.
- `get_has_logs.ts` now uses `agentId` to match documents coming from
the installed elastic_agent instance in the host.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment