Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #20994 to 7.x: [Elastic Agent] Add support for EQL based conditions #21039

Merged
merged 3 commits into from
Sep 9, 2020
Merged

Cherry-pick #20994 to 7.x: [Elastic Agent] Add support for EQL based conditions #21039

merged 3 commits into from
Sep 9, 2020

Conversation

blakerouse
Copy link
Contributor

Cherry-pick of PR #20994 to 7.x branch. Original message:

What does this PR do?

This adds the ability for a condition to be defined any where in the inputs configuration to make that dictionary conditional on the resulting EQL evaluation. If the evaluation is false the dictionary is removed from the parent type and if its true the dictionary remains.

This implements EQL with the same variable syntax used in input variable substitution ${ .. }. The following is implemented for EQL.

  • Full PEMDAS math support for + - * / %.
  • Compares < <= >= > == !=
  • Booleans true false
  • and and or
  • Array functions arrayContains
  • Dict functions hasKey (not in EQL)
  • Length functions length
  • Math functions add, subtract, multiply, divide, modulo.
  • String functions concat, endsWith, indexOf, match, number, startsWith, string, stringContains.

Why is it important?

To support condition enablement on inputs or even any part of the input configuration. The same conditions can be applied to processors or streams or anything inside of the inputs configuration.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

Add a condition to your inputs and see that they are not rendered when the condition fails.

Condition on input

inputs:
  - type: logfile
    streams:
      - paths:
         - /var/log/syslog
    condition: ${host.platform} == 'linux'

Condition on stream

inputs:
  - type: system/metrics
    streams:
      - metricset: load
        data_stream.dataset: system.cpu
        condition: ${host.platform} != 'windows'

Condition on processor

inputs:
  - type: system/metrics
    streams:
      - metricset: load
        data_stream.dataset: system.cpu
        condition: ${host.platform} != 'windows'
    processors:
      - add_fields:
          fields:
            platform: ${host.platform}
          to: host
        condition: ${host.platform} != 'windows'

Related issues

@blakerouse
[Elastic Agent] Add support for EQL based conditions (elastic#20994)
21463fd 
* Refactor Boolexp to Eql.

* Connect new Eql to specs and input emitter.

* Fix compare with null.

* Fix notice and go.mod.

(cherry picked from commit af91b5e)
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Sep 9, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Sep 9, 2020
@blakerouse blakerouse self-assigned this Sep 9, 2020
ph
ph approved these changes Sep 9, 2020
View reviewed changes
Copy link
Contributor

@ph ph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

backport lgmt, waiting for green.

Looking at this PR, we should have a changelog entry.

@blakerouse
Copy link
Contributor Author

@ph Added changelog.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 9, 2020
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21039 updated]

  • Start Time: 2020-09-09T15:10:04.323+0000

  • Duration: 78 min 49 sec

Test stats 🧪

Test Results
Failed 0
Passed 20142
Skipped 1863
Total 22005

ph
ph approved these changes Sep 9, 2020
View reviewed changes
Copy link
Contributor

@ph ph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Waiting on green.

@blakerouse blakerouse merged commit a15ddaa into elastic:7.x Sep 9, 2020
@blakerouse blakerouse deleted the backport_20994_7.x branch September 9, 2020 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ph ph ph approved these changes

Assignees

@blakerouse blakerouse

Labels
backport [zube]: In Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blakerouse @elasticmachine @ph