Hello, I've recently looked into the wmibeat implementation and found several issues in it. The commits in this pull request are to be considered separately.
Fix wmibeat unexpected failures and resource leak
There was a crucial resource leak because Golang's defer mechanism won't work unless surrounding function quits (originally the defers where made inside endless loop). I had to extract all the logic into a separate function (RunOnce) to make sure the resources are cleaned up.
Additionally, it appears that sometimes Go runtime switches the processing threads, so from COM perspective it is required to call CoInitializeEx(0, 0) instead of CoInitialize(0) to ensure multithreading (the issue is easily reproducible with period=1s).
Update wmibeat to save WMI result object as separate docs
Originally the wmibeat was saving a single Elasticsearch documents with results, which made it always impossible to display in Kibana (e.g. when you query any class with multiple instances like Win32_PerfFormattedData_PerfProc_Process you won't be able to draw a chart with per-process memory usage - any aggregation will be impossible to do). That's why the output format is changed in favour of separate elasticsearch documents for each instance in the queried WMI classes. This change also allowed to remove lots of code including "ObjectTitleColumn" processing.
Compile WMI queries only once during beat setup
This is another performance improvement but rather small one - instead of compiling queries every time they are built only once in the Config step.
Update wmibeat to latest libbeat API
It was not possible to build wmibeat with latest Beats API because of their breaking changes.
Could you please perform the code review? - I'd really like to hear your comments.
Hello, I've recently looked into the wmibeat implementation and found several issues in it. The commits in this pull request are to be considered separately.
Could you please perform the code review? - I'd really like to hear your comments.
Best regards, Artsiom