Figure out how to run Filebeat in debug mode using GoLand

zmoog / public-notes

Apache License 2.0

0 stars 1 forks source link

Figure out how to run Filebeat in debug mode using GoLand #28

Closed zmoog closed 1 year ago

zmoog commented 1 year ago

Suppose you want to run Filebeat in debug mode to explore in detail how Filebeat executes some portion of the code.

zmoog commented 1 year ago

Open the main.go file at x-pack/filebeat/main.go and "Modify Run Configuration":

CleanShot 2023-03-31 at 15 53 26@2x

In Program Argument, set the following content:

-e
-v
-d
*
--strict.perms=false
--path.home
/Users/zmoog/code/projects/elastic/beats/x-pack/filebeat
-E
cloud.id=REDACTED
-E
cloud.auth=REDACTED
-E
gc_percent=100
-E
setup.ilm.enabled=false
-E
setup.template.enabled=false
-E
output.elasticsearch.allow_older_versions=true

Set cloud.id and cloud.auth with your actual values to access your Elasticsearch cluster.

zmoog commented 1 year ago

Enable one module; we have something to prove this is working.

# open a terminal at the project root and cd into filebeat
$ cd x-pack/filebeat/ 

# enable the azure module
$ cp modules.d/azure.yml.disabled modules.d/azure.yml

Edit modules.d/azure.yml and enable at least one input.

For example, for this test I am enabling the sign in logs:

  signinlogs:
    enabled: true
    var:
      eventhub: REDACTED
      consumer_group: "$Default"
      connection_string: REDACTED
      storage_account: REDACTED
      storage_account_key: REDACTED

zmoog commented 1 year ago

The sign-in logs input uses the azure-eventhub input, so I want to place a breakpoint at:

https://github.com/elastic/beats/blob/62a27007e67c337b3d9e6fd78acffad1799a7c2e/x-pack/filebeat/input/azureeventhub/input.go#L108

Here is how it goes:

https://user-images.githubusercontent.com/25941/229150589-0606266c-bc33-4264-adb1-4b94a1c0d6e7.mp4