Open kaykhan opened 4 weeks ago
Hi im having some issues determining what inconsistent sensitive values it is referring to.
I was only hoping to update processors. I have (i tihnk) replicated the values of the others vars into terraform
processors
vars
resource "elasticstack_fleet_integration_policy" "kubernetes_policy_integration_policy" { name = "kubernetes-1" namespace = "default" description = "kubernetes-1" agent_policy_id = elasticstack_fleet_agent_policy.eck_agent_policy.policy_id integration_name = elasticstack_fleet_integration.kubernetes_integration.name integration_version = elasticstack_fleet_integration.kubernetes_integration.version input { enabled = false input_id = "audit-logs-filestream" } input { enabled = true input_id = "container-logs-filestream" streams_json = jsonencode({ "kubernetes.container_logs" : { "vars" : { "paths" : ["/var/log/containers/*$${kubernetes.container.id}.log"], "symlinks" : true, "containerParserStream" : "all", "containerParserFormat" : "auto", "data_stream.dataset" : "kubernetes.container_logs", "additionalParsersConfig" : "#", "custom" : "", "processors" : <<YAML - if: equals.kubernetes.labels.log-json-decode: "true" then: - decode_json_fields: fields: ["message"] process_array: false max_depth: 5 target: "custom_json" overwrite_keys: true add_error_key: true YAML } } }) } input { enabled = true input_id = "events-kubernetes/metrics" } input { enabled = true input_id = "kube-apiserver-kubernetes/metrics" } input { enabled = false input_id = "kube-controller-manager-kubernetes/metrics" } input { enabled = true input_id = "kube-proxy-kubernetes/metrics" } input { enabled = false input_id = "kube-scheduler-kubernetes/metrics" } input { enabled = true input_id = "kube-state-metrics-kubernetes/metrics" } input { enabled = true input_id = "kubelet-kubernetes/metrics" } }
agent policy
"type": "filestream", "policy_template": "container-logs", "enabled": true, "streams": [ { "enabled": true, "data_stream": { "type": "logs", "dataset": "kubernetes.container_logs", "elasticsearch": { "dynamic_dataset": true, "dynamic_namespace": true } }, "vars": { "paths": { "value": [ "/var/log/containers/*${kubernetes.container.id}.log" ], "type": "text" }, "symlinks": { "value": true, "type": "bool" }, "data_stream.dataset": { "value": "kubernetes.container_logs", "type": "text" }, "containerParserStream": { "value": "all", "type": "text" }, "containerParserFormat": { "value": "auto", "type": "text" }, "condition": { "type": "text" }, "additionalParsersConfig": { "value": "#", "type": "yaml" }, "processors": { "value": """- if: equals.kubernetes.labels.log-json-decode: "true" then: - decode_json_fields: fields: ["message"] process_array: false max_depth: 5 target: "custom_json" overwrite_keys: true add_error_key: true """, "type": "yaml" }, "custom": { "value": "", "type": "yaml" } }, "id": "filestream-kubernetes.container_logs-80ac6a45-8049-4aac-a77b-e6ba648bb27f", "compiled_stream": { "id": "kubernetes-container-logs-${kubernetes.pod.name}-${kubernetes.container.id}", "paths": [ "/var/log/containers/*${kubernetes.container.id}.log" ], "data_stream": { "dataset": "kubernetes.container_logs" }, "prospector": { "scanner": { "fingerprint.enabled": true, "symlinks": true } }, "file_identity.fingerprint": null, "parsers": [ { "container": { "stream": "all", "format": "auto" } } ], "processors": [ { "add_fields": { "target": "kubernetes", "fields": { "annotations.elastic_co/dataset": """${kubernetes.annotations.elastic.co/dataset|""}""", "annotations.elastic_co/namespace": """${kubernetes.annotations.elastic.co/namespace|""}""", "annotations.elastic_co/preserve_original_event": """${kubernetes.annotations.elastic.co/preserve_original_event|""}""" } } }, { "drop_fields": { "fields": [ "kubernetes.annotations.elastic_co/dataset" ], "when": { "equals": { "kubernetes.annotations.elastic_co/dataset": "" } }, "ignore_missing": true } }, { "drop_fields": { "fields": [ "kubernetes.annotations.elastic_co/namespace" ], "when": { "equals": { "kubernetes.annotations.elastic_co/namespace": "" } }, "ignore_missing": true } }, { "drop_fields": { "fields": [ "kubernetes.annotations.elastic_co/preserve_original_event" ], "when": { "equals": { "kubernetes.annotations.elastic_co/preserve_original_event": "" } }, "ignore_missing": true } }, { "add_tags": { "tags": [ "preserve_original_event" ], "when": { "and": [ { "has_fields": [ "kubernetes.annotations.elastic_co/preserve_original_event" ] }, { "regexp": { "kubernetes.annotations.elastic_co/preserve_original_event": "^(?i)true$" } } ] } } }, { "if": { "equals.kubernetes.labels.log-json-decode": "true" }, "then": [ { "decode_json_fields": { "fields": [ "message" ], "process_array": false, "max_depth": 5, "target": "custom_json", "overwrite_keys": true, "add_error_key": true } } ] } ] } } ] }, { "type": "filestream", "policy_template": "audit-logs", "enabled": false, "streams": [ { "enabled": false, "data_stream": { "type": "logs", "dataset": "kubernetes.audit_logs" }, "vars": { "paths": { "value": [ "/var/log/kubernetes/kube-apiserver-audit.log" ], "type": "text" }, "processors": { "type": "yaml" }, "condition": { "type": "text" } }, "id": "filestream-kubernetes.audit_logs-80ac6a45-8049-4aac-a77b-e6ba648bb27f" } ] } ], "revision": 15, "created_at": "2024-10-24T09:27:10.192Z", "created_by": "system", "updated_at": "2024-10-31T15:02:18.203Z", "updated_by": "elastic", "vars": {} }
Hi im having some issues determining what inconsistent sensitive values it is referring to.
I was only hoping to update
processors. I have (i tihnk) replicated the values of the othersvarsinto terraformagent policy