Open aleksmaus opened 3 years ago
Pinging @elastic/agent (Team:Agent)
@michalpristas @blakerouse @urso I assume this building of the tree somewhere happens between Elastic Agent when the config is shipped down to the process. Maybe go-ucfg is applying some magic here? Is there a reason we "dedot" configs?
go-ucfg
looks like default options use ucfg.PathSep(".")
which will split the key
I wonder if we should disable this in general. Maybe worth trying to remove it and see what happens? Otherwise we could just disabled it for osquerybeat?
I don't think we can just remove it. It would break parsing other parts of the elastic-agent.yml
.
{
"foo.bar": {
"value": 45
}
"foo": {
"bar": {
"value": 23
}
}
}
so with the JSON like this for example we will loose some values after converting to YAML? the last one wins? I understand the compatibility issues with existing yaml configuration. but does it have to be yaml a year from now for example? maybe a config format can be a part of the spec? this possibly would allow to skip yaml conversion for the beats/apps that can consume JSON configuration as is. just thinking out loud.
@aleksmaus Did we ever make progress on this issue? How did you solve it?
@aleksmaus Did we ever make progress on this issue? How did you solve it?
as far as I understood from the replies that this can't be easily fixing without breaking backwards compatibility. we just adopted what we get in osquerybeat in this particular case, and flattened the tree in osquerybeat code.
I wonder if I've hit a variant of this issue - my case is different in that I'm just starting with a Beats metricbeat
module prometheus
configuration, as module configuration in YAML only, so no JSON. I guess the config file is still processed by ucfg
with ucfg.PathSep(".")
, and this is preventing me from expressing config keys which contain a .
:
- module: prometheus
period: 60s
hosts: ["https://endpoint.with.https:443"]
metricsets: ["query"]
queries:
- name: export
path: /path/to/export
params:
foo.bar: baz
username: "someuser"
password: "somesecretpassword"
... results in a bad interpretation of key foo.bar
resulting in a query https://endpoint.with.https:443/path/to/export?foo=map%5Bbar%3Abaz%5D
or decoded, foo=map[bar:baz]
.
Are there any known escaping or quoting workarounds for this?
Also posted to https://discuss.elastic.co/t/how-can-i-represent-a-config-key-containing-a-dot-period-full-stop/301907
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)
Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
.
Thank you for your contribution!
My memories are vague about this issue, it's been awhile. I think for osquerybeat we "worked around" this limitation. Could potentially be closed.
I think the problem that how the configs are treated is not always the same still persists. @joshdover Reminds me of the standalone elastic agent experience where dots sometimes work and sometimes don't.
This issuer might be related to escaping URLs in query argument https://github.com/elastic/elastic-agent/issues/3421
Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
.
Thank you for your contribution!
It looks like the "dotted" keys are not supported in the configuration as of July 27th, 2021.
Trying to introduce the ecs_mapping for osquery_manager integration.
The data stream template (stream.yml.hbs) looks like this:
Submitting the integration configuration payload with
ecs_mapping
that looks like the following:Kibana renders the stream configuration with ecs_mapping like the following
The agent receives the ecs_mapping blob correctly as JSON
The beats configuration YAML update is "broken", the beat received the configuration where the keys with dots are unwrapped into the nested YAML tree:
Expecting the keys with dots to be preserved as is and the original structure of the document to be unchanged (flat mapping document with the dotted keys".