Cherry-pick #18159 to 7.x: Add a disable_host option to Filebeat inputs

[andrewkroh]

Cherry-pick of PR #18159 to 7.x branch. Original message:

What does this PR do?

This adds a configuration option publisher_pipeline.disable_host to disable the addition
of host.name in events. By default Filebeat adds host.name to all events and we want
to be able to disable this for data sources that do not originate on the host (like cloud logs).

Relates #13920

Why is it important?

ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. For some data sources Filebeat does not know that actual host and it should not use its own host name in these events. This gives a way to turn this off.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

Run Filebeat and verify that the output does not have host.name.

---
filebeat.inputs:
- paths: test.log
  publisher_pipeline.disable_host: true
output.console.pretty: true

Use cases

This will be used by several modules:

• aws
• azure
• googlecloud
• misp
• o365
• okta
• panw
• suricata (depends on whether it monitors a network tap or local host traffic)
• zeek (depends on whether it monitors a network tap or local host traffic)

[elasticmachine]

💔 Build Failed

Expand to view the summary

Build stats

• Build Cause: [Pull request Cherry-pick #18159 to 7.x: Add a disable_host option to Filebeat inputs #18188 updated]

• Start Time: 2020-05-04T17:36:03.731+0000

• Duration: 122 min 13 sec (7333284)

• Commit: 7abf29c

Test stats 🧪

Test	Results
Failed	0
Passed	5688
Skipped	854
Total	6542

Steps errors

Expand to view the steps failures

• Name: Make -C generator/_templates/metricbeat test

  • Description: make -C generator/_templates/metricbeat test

  • Result: FAILURE

  • Duration: 2 min 41 sec<

  • Start Time: 2020-05-04T18:35:28.693+0000

Log output

Expand to view the last 100 lines of log output

[2020-05-04T19:37:42.570Z] 	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
[2020-05-04T19:37:42.570Z] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[2020-05-04T19:37:42.570Z] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[2020-05-04T19:37:42.570Z] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[2020-05-04T19:37:42.570Z] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[2020-05-04T19:37:42.570Z] 	at java.lang.Thread.run(Thread.java:748)
[2020-05-04T19:37:42.570Z] No artifacts found that match the file pattern "**/build/TEST*.out". Configuration error?
[2020-05-04T19:37:42.963Z] + curl -sSLo codecov https://codecov.io/bash
[2020-05-04T19:37:43.226Z] + FILE=auditbeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f auditbeat/build/coverage/full.cov ]
[2020-05-04T19:37:43.226Z] + FILE=filebeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f filebeat/build/coverage/full.cov ]
[2020-05-04T19:37:43.226Z] + FILE=heartbeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f heartbeat/build/coverage/full.cov ]
[2020-05-04T19:37:43.226Z] + FILE=libbeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-05-04T19:37:43.226Z] + FILE=metricbeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-05-04T19:37:43.226Z] + FILE=packetbeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-05-04T19:37:43.226Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-05-04T19:37:43.226Z] + FILE=journalbeat/build/coverage/full.cov
[2020-05-04T19:37:43.226Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-05-04T19:37:44.942Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats
[2020-05-04T19:37:45.287Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-05-04T19:37:45.569Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Lint
[2020-05-04T19:37:45.754Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-05-04T19:37:45.872Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Heartbeat-oss
[2020-05-04T19:37:45.980Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-05-04T19:37:46.157Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Winlogbeat-oss
[2020-05-04T19:37:46.276Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-05-04T19:37:46.462Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-05-04T19:37:46.632Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Auditbeat-Linux
[2020-05-04T19:37:46.746Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Dockerlogbeat
[2020-05-04T19:37:46.942Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Journalbeat-oss
[2020-05-04T19:37:47.118Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Libbeat-x-pack
[2020-05-04T19:37:47.271Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-05-04T19:37:47.468Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-05-04T19:37:47.638Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-05-04T19:37:47.772Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Filebeat-x-pack
[2020-05-04T19:37:47.940Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-05-04T19:37:48.115Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-05-04T19:37:48.249Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Filebeat-Windows
[2020-05-04T19:37:48.402Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Packetbeat-oss
[2020-05-04T19:37:48.587Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Filebeat-oss
[2020-05-04T19:37:48.815Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-Windows
[2020-05-04T19:37:49.037Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Libbeat-oss
[2020-05-04T19:37:49.368Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-Python-integration-tests
[2020-05-04T19:37:49.675Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Heartbeat-Windows
[2020-05-04T19:37:49.912Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-05-04T19:37:50.170Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests
[2020-05-04T19:37:50.386Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-05-04T19:37:50.588Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Auditbeat-Windows
[2020-05-04T19:37:50.794Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Functionbeat-Windows
[2020-05-04T19:37:50.957Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Libbeat-crosscompile
[2020-05-04T19:37:51.186Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Libbeat-stress-tests
[2020-05-04T19:37:51.717Z] + cat
[2020-05-04T19:37:51.717Z] + /usr/local/bin/runbld ./runbld-script
[2020-05-04T19:37:51.717Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-05-04T19:37:58.399Z] runbld>>> runbld started
[2020-05-04T19:37:58.399Z] runbld>>> 1.6.11/a66728ff8f4356963772e6e6d2069392fa06acbe
[2020-05-04T19:38:00.365Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-18188' in order of occurrence in the config (last value wins).
[2020-05-04T19:38:01.406Z] runbld>>> Debug logging enabled.
[2020-05-04T19:38:01.406Z] runbld>>> Storing result
[2020-05-04T19:38:01.679Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-05-04T19:38:01.679Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200504193801-99635765
[2020-05-04T19:38:01.679Z] runbld>>> Adding system facts.
[2020-05-04T19:38:02.659Z] runbld>>> Adding vcs info for the latest commit:  f7588d9359183b4c3f7eb807e0c865c5a9daa748
[2020-05-04T19:38:02.946Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-05-04T19:38:02.946Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-05-04T19:38:02.946Z] + echo 'Processing JUnit reports with runbld...'
[2020-05-04T19:38:02.946Z] Processing JUnit reports with runbld...
[2020-05-04T19:38:03.219Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-05-04T19:38:03.219Z] runbld>>> DURATION: 21ms
[2020-05-04T19:38:03.219Z] runbld>>> STDOUT: 40 bytes
[2020-05-04T19:38:03.219Z] runbld>>> STDERR: 49 bytes
[2020-05-04T19:38:03.219Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-05-04T19:38:03.219Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats
[2020-05-04T19:38:04.675Z] runbld>>> Storing build metadata: 
[2020-05-04T19:38:04.675Z] runbld>>> Adding test report.
[2020-05-04T19:38:04.675Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats
[2020-05-04T19:38:05.647Z] runbld>>> Found 78 test output files
[2020-05-04T19:38:06.235Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-05-04T19:38:06.235Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-05-04T19:38:06.235Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-05-04T19:38:07.200Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 6392 Skipped: 701
[2020-05-04T19:38:07.474Z] runbld>>> Storing result
[2020-05-04T19:38:07.474Z] runbld>>> FAILURES: 0
[2020-05-04T19:38:07.760Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-05-04T19:38:07.760Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200504193801-99635765
[2020-05-04T19:38:07.760Z] runbld>>> Email notification disabled by environment variable.
[2020-05-04T19:38:07.760Z] runbld>>> Slack notification disabled by environment variable.
[2020-05-04T19:38:15.277Z] Running on worker-395930 in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18188
[2020-05-04T19:38:15.581Z] [INFO] getVaultSecret: Getting secrets
[2020-05-04T19:38:15.794Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-05-04T19:38:18.463Z] + chmod 755 generate-build-data.sh
[2020-05-04T19:38:18.463Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18188/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18188/runs/2 FAILURE 7333284
[2020-05-04T19:38:18.463Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18188/runs/2/steps/?limit=10000 -o steps-info.json
[2020-05-04T19:38:20.034Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18188/runs/2/tests/?status=FAILED -o tests-errors.json

[ycombinator]

Backport LGTM.

[ycombinator]

Looks like the PR needs rebase due to CHANGELOG conflict, though.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)