Fix logs compliance with ESC (errors and hash fields)

elastic / fleet-server

The Fleet server allows managing a fleet of Elastic Agents.

Other

12 stars 81 forks source link

Fix logs compliance with ESC (errors and hash fields) #358

Closed juliocamarero closed 3 years ago

juliocamarero commented 3 years ago

In 7.13 the logs claim to be ECS compliant but these two fields are not following ECS:

"ecs": {
   "version": "1.8.0"
},
"error": "context canceled",
"hash": "81b3d070dddec145fafcbdfb6f22888495a12edc31881f6b0511fa10de66daa7",

The error according to ECE 1.8.0 should be an object, not a string (docs). The field hash should also be an object (docs).

cc @scunningham

ph commented 3 years ago

@juliocamarero Can you give us the complete document? I want to make sure we have the correct source.

juliocamarero commented 3 years ago

Sure @ph, here are the logs logs.tar.gz

You can also see this other issue in those: https://github.com/elastic/fleet-server/issues/305

EricDavisX commented 3 years ago

how do we check for log compliance at dev time / automated tests? we may have tools i'm unaware of, would like to know more.

UPDATE: I'll ask the Engineering Productivity group to see what we collectively may know.

EricDavisX commented 3 years ago

fat fingered my keystrokes - didn't mean to close this. re-opening, sorry.

EricDavisX commented 3 years ago

Actually - I'm reviewing and we have a fix backported to 7.13... it will be in the build by tonight, so testable as a snapshot in cloud-staging or on cloud-qa (I think?) tomorrow, 5/18 - let's close it out to reduce the blocker's list for clarity's sake