[EEM] Add built in definitions for hosts and containers #193157
Conversation
miltonhultgren
added
release_note:skip
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
|
@roshan-elastic @smith @cauemarcondes Here is the PR to add the two new definitions. One question I have though, do you still want to include the metrics in version 1.0.0 if you don't plan to use them yet or should I drop them and you can add them later when you are ready to consume that data? |
|
Thanks @miltonhultgren
@smith - I don't mind them being in the indices as long as it doesn't add a burden to our team that we don't want? We won't be showing them in Inventory but I'm happy for them to be there (we get feedback from users if they click through to Discover). WDYT? |
|
Do consider that adding metrics does increase the compute and storage cost of the definition (which long term I imagine we'll need to justify, of course, but perhaps it is wise to defer it until later). |
I'll defer to @chrisdistasio on this aspect. If he's OK with it, I am (from a PM perspective).
We don't know really. Sometimes putting something in the hands of users and seeing what they do is the best way to find out! It's basically cheap discovery. |
There was a problem hiding this comment.
I have some suggestions here but in general this looks ok to merge.
As long as we're assuming Elastic-specific ECS data these match the data models of existing Elastic apps.
Are we planning on having additional entity definitions later on for otel-native schemas of these entity types (Host for example?)
| type: 'container', | ||
| indexPatterns: ['filebeat-*', 'logs-*', 'metrics-*', 'metricbeat-*'], | ||
| identityFields: ['container.id'], | ||
| displayNameTemplate: '{{container.id}}', |
There was a problem hiding this comment.
This should be container.name.
There was a problem hiding this comment.
x-pack/plugins/entity_manager/server/lib/entities/built_in/containers.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/entity_manager/server/lib/entities/built_in/containers.ts
Outdated
Show resolved
Hide resolved
I don't know, I would defer to @chrisdistasio to speak to the plans for the EEM team. To share my 2 cents though: I don't believe it is productive for the EEM team to create and maintain specific definitions. |
|
@roshan-elastic @chrisdistasio FYI I think it's okay to leave them in for now (similar for the service built in definition), we need to decide on if we will descope the current metrics features and will treat that as a follow up once we decide on where we want to go. |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
| { | ||
| name: 'A', | ||
| aggregation: 'doc_count', | ||
| filter: 'log.level: * OR error.log.level: *', |
There was a problem hiding this comment.
should we align with the services filter ? https://github.com/elastic/kibana/blob/main/x-pack/plugins/entity_manager/server/lib/entities/built_in/services.ts#L124
| indexPatterns: ['filebeat-*', 'logs-*', 'metrics-*', 'metricbeat-*'], | ||
| identityFields: ['host.name'], | ||
| displayNameTemplate: '{{host.name}}', | ||
| history: { |
There was a problem hiding this comment.
should we also align these settings with the services builtin https://github.com/elastic/kibana/blob/main/x-pack/plugins/entity_manager/server/lib/entities/built_in/services.ts#L36-L44
kibanamachine
added
the
backport missing
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
2 similar comments
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
klacabane
removed
the
backport:prev-minor
kibanamachine
removed
the
backport missing
klacabane
added
backport:prev-minor
|
Starting backport for target branches: 8.x |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…c#193157) This PR adds built in definitions for `hosts` and `containers` based on ECS data. 1. Check out this branch of Kibana 2. Start ES and Kibana, verify that start up works and that the two definitions are installed (by calling `GET /internal/entities/definition` or checking that the transforms are installed). 3. Ingest some data for each definition to work with, verify that you get data in `entities-host-*` and `entities-container-*` and that the data matches the expected shape (metadata and metrics[1]) [[1]](elastic#193157 (comment))
… (#194921) # Backport This will backport the following commits from `main` to `8.x`: - [[EEM] Add built in definitions for hosts and containers (#193157)](#193157) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Milton Hultgren","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-18T14:03:17Z","message":"[EEM] Add built in definitions for hosts and containers (#193157)\n\n### Summary\r\n\r\nThis PR adds built in definitions for `hosts` and `containers` based on\r\nECS data.\r\n\r\n### How to test\r\n\r\n1. Check out this branch of Kibana\r\n2. Start ES and Kibana, verify that start up works and that the two\r\ndefinitions are installed (by calling `GET\r\n/internal/entities/definition` or checking that the transforms are\r\ninstalled).\r\n3. Ingest some data for each definition to work with, verify that you\r\nget data in `entities-host-*` and `entities-container-*` and that the\r\ndata matches the expected shape (metadata and metrics[1])\r\n\r\n\r\n[[1]](https://github.com/elastic/kibana/pull/193157#issuecomment-2355609821)","sha":"26a50f71562ad713903e8543b7793f482f717935","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","Feature:EEM"],"title":"[EEM] Add built in definitions for hosts and containers","number":193157,"url":"https://github.com/elastic/kibana/pull/193157","mergeCommit":{"message":"[EEM] Add built in definitions for hosts and containers (#193157)\n\n### Summary\r\n\r\nThis PR adds built in definitions for `hosts` and `containers` based on\r\nECS data.\r\n\r\n### How to test\r\n\r\n1. Check out this branch of Kibana\r\n2. Start ES and Kibana, verify that start up works and that the two\r\ndefinitions are installed (by calling `GET\r\n/internal/entities/definition` or checking that the transforms are\r\ninstalled).\r\n3. Ingest some data for each definition to work with, verify that you\r\nget data in `entities-host-*` and `entities-container-*` and that the\r\ndata matches the expected shape (metadata and metrics[1])\r\n\r\n\r\n[[1]](https://github.com/elastic/kibana/pull/193157#issuecomment-2355609821)","sha":"26a50f71562ad713903e8543b7793f482f717935"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193157","number":193157,"mergeCommit":{"message":"[EEM] Add built in definitions for hosts and containers (#193157)\n\n### Summary\r\n\r\nThis PR adds built in definitions for `hosts` and `containers` based on\r\nECS data.\r\n\r\n### How to test\r\n\r\n1. Check out this branch of Kibana\r\n2. Start ES and Kibana, verify that start up works and that the two\r\ndefinitions are installed (by calling `GET\r\n/internal/entities/definition` or checking that the transforms are\r\ninstalled).\r\n3. Ingest some data for each definition to work with, verify that you\r\nget data in `entities-host-*` and `entities-container-*` and that the\r\ndata matches the expected shape (metadata and metrics[1])\r\n\r\n\r\n[[1]](https://github.com/elastic/kibana/pull/193157#issuecomment-2355609821)","sha":"26a50f71562ad713903e8543b7793f482f717935"}}]}] BACKPORT--> Co-authored-by: Milton Hultgren <[email protected]>
Summary
This PR adds built in definitions for
hostsandcontainersbased on ECS data.How to test
GET /internal/entities/definitionor checking that the transforms are installed).entities-host-*andentities-container-*and that the data matches the expected shape (metadata and metrics[1])[1]