search

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
https://www.elastic.co/products/beats
Other
12.18k stars 4.92k forks source link

Find a way for the `system-log` input to report the correct `input.type` when it delegates to other inputs #41258

Open belimawr opened 1 week ago

belimawr commented 1 week ago

The system-logs input is a "proxy input" that decides whether journald or log should be used as input for Filebeat's system module. At the moment of writing it is intended to be used only by the system integraiton.

One problem with the current implementation is that the input.type set in the event is system-logs instead of the actual name of the input running/collecting the data.

As a quick fix, we're overwriting input.type using ES ingest pipelines, however this is not ideal. This issue is about finding a way to get this fixed within Filebeat and have input.type correctly set.

elasticmachine commented 1 week ago

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)