Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[azure logs] use one input + routing for all data streams (WIP) #11432

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

[azure logs] use one input + routing for all data streams (WIP) #11432

wants to merge 6 commits into from

Conversation

zmoog
Copy link
Contributor

@zmoog zmoog commented Oct 16, 2024
edited
Loading

Proposed commit message

Switch the integration package from the one-input-per-data-stream model to the one-input model.

One input per data stream model:

image

One input model:

image

In the one-input model, there is only one azure-eventhub input running and sending events to the events data stream. In the events data stream, the ingest pipeline performs these tasks:

  • discover and set the event.dataset field using the category field in the event.
  • use the event.dataset field to reroute the event to the target data stream.

The discover process uses the following logic:

  • if the event doesn't have a category, it sets event.dataset to azure.eventhub (the generic integration)
  • if the event does have a category, it sets event.dataset to azure.platformlogs (it's probably an Azure log)
  • if the event category is supported, it sets event.dataset to specific one like azure.activitylogs or azure.signinlogs.

After the discovery step, the routing rules use the event.dataset value to forward the events to the best available target data stream.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@zmoog
Remove extra input definitions from data streams
bb380b1 
We no longer have one input per data stream, so we must remove all the
input related settings.
@zmoog
Bump package version to 2.0.0
f39f0f2
@zmoog
Add events data stream to handle routing
75677ca
@zmoog zmoog self-assigned this Oct 16, 2024
@zmoog zmoog added Team:obs-ds-hosted-services Label for the Observability Hosted Services team [elastic/obs-ds-hosted-services] enhancement New feature or request Integration:azure Azure Logs labels Oct 16, 2024
@zmoog zmoog changed the title [azure logs] use one input for all data streams + routing (WIP) [azure logs] use one input + routing for all data streams (WIP) Oct 16, 2024
@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

Package azure 👍(5) 💚(5) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
provisioning 3558.72 2288.33 -1270.39 (-35.7%) 💔
platformlogs 5917.16 4524.89 -1392.27 (-23.53%) 💔

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @zmoog

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
26.1% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@zmoog
Copy link
Contributor Author

zmoog commented Nov 7, 2024

Here's the latest iteration for the integration settings to evidence the recommended single data stream (v2) vs. the legacy multiple data stream (v1) solutions:

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@zmoog zmoog

Labels
enhancement New feature or request Integration:azure Azure Logs Team:obs-ds-hosted-services Label for the Observability Hosted Services team [elastic/obs-ds-hosted-services]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Azure Logs: use one input per agent policy
2 participants
@zmoog @elasticmachine