From 33ca59f6d76703af90c22c9adf50f616465ad5e6 Mon Sep 17 00:00:00 2001 From: Denis Rechkunov Date: Thu, 28 Sep 2023 10:28:07 +0200 Subject: [PATCH 1/3] Make file system metadata values strings To better align with ECS and better store the values in Elasticsearch. --- libbeat/reader/readfile/fs_metafields_other.go | 5 +++-- libbeat/reader/readfile/fs_metafields_windows.go | 6 +++--- libbeat/reader/readfile/metafields_other_test.go | 4 ++-- libbeat/reader/readfile/metafields_windows_test.go | 6 +++--- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/libbeat/reader/readfile/fs_metafields_other.go b/libbeat/reader/readfile/fs_metafields_other.go index 425b7435fe82..cc764c4bbcc7 100644 --- a/libbeat/reader/readfile/fs_metafields_other.go +++ b/libbeat/reader/readfile/fs_metafields_other.go @@ -22,6 +22,7 @@ package readfile import ( "fmt" "os" + "strconv" "github.com/elastic/beats/v7/libbeat/common/file" "github.com/elastic/elastic-agent-libs/mapstr" @@ -34,11 +35,11 @@ const ( func setFileSystemMetadata(fi os.FileInfo, fields mapstr.M) error { osstate := file.GetOSState(fi) - _, err := fields.Put(deviceIDKey, osstate.Device) + _, err := fields.Put(deviceIDKey, strconv.FormatUint(osstate.Device, 10)) if err != nil { return fmt.Errorf("failed to set %q: %w", deviceIDKey, err) } - _, err = fields.Put(inodeKey, osstate.Inode) + _, err = fields.Put(inodeKey, osstate.InodeString()) if err != nil { return fmt.Errorf("failed to set %q: %w", inodeKey, err) } diff --git a/libbeat/reader/readfile/fs_metafields_windows.go b/libbeat/reader/readfile/fs_metafields_windows.go index 113a74cf829c..972e77dfc538 100644 --- a/libbeat/reader/readfile/fs_metafields_windows.go +++ b/libbeat/reader/readfile/fs_metafields_windows.go @@ -33,15 +33,15 @@ const ( func setFileSystemMetadata(fi os.FileInfo, fields mapstr.M) error { osstate := file.GetOSState(fi) - _, err := fields.Put(idxhiKey, osstate.IdxHi) + _, err := fields.Put(idxhiKey, strconv.FormatUint(osstate.IdxHi, 10)) if err != nil { return fmt.Errorf("failed to set %q: %w", idxhiKey, err) } - _, err = fields.Put(idxloKey, osstate.IdxLo) + _, err = fields.Put(idxloKey, strconv.FormatUint(osstate.IdxLo, 10)) if err != nil { return fmt.Errorf("failed to set %q: %w", idxloKey, err) } - _, err = fields.Put(volKey, osstate.Vol) + _, err = fields.Put(volKey, strconv.FormatUint(osstate.Vol, 10)) if err != nil { return fmt.Errorf("failed to set %q: %w", volKey, err) } diff --git a/libbeat/reader/readfile/metafields_other_test.go b/libbeat/reader/readfile/metafields_other_test.go index 7874d24d4ae0..b9d25b854204 100644 --- a/libbeat/reader/readfile/metafields_other_test.go +++ b/libbeat/reader/readfile/metafields_other_test.go @@ -44,13 +44,13 @@ func checkFields(t *testing.T, expected, actual mapstr.M) { dev, err := actual.GetValue(deviceIDKey) require.NoError(t, err) - require.Equal(t, uint64(17), dev) + require.Equal(t, "17", dev) err = actual.Delete(deviceIDKey) require.NoError(t, err) inode, err := actual.GetValue(inodeKey) require.NoError(t, err) - require.Equal(t, uint64(999), inode) + require.Equal(t, "999", inode) err = actual.Delete(inodeKey) require.NoError(t, err) diff --git a/libbeat/reader/readfile/metafields_windows_test.go b/libbeat/reader/readfile/metafields_windows_test.go index 37ff5cb4bda7..dce0b8d2161a 100644 --- a/libbeat/reader/readfile/metafields_windows_test.go +++ b/libbeat/reader/readfile/metafields_windows_test.go @@ -52,19 +52,19 @@ func checkFields(t *testing.T, expected, actual mapstr.M) { idxhi, err := actual.GetValue(idxhiKey) require.NoError(t, err) - require.Equal(t, uint64(100), idxhi) + require.Equal(t, "100", idxhi) err = actual.Delete(idxhiKey) require.NoError(t, err) idxlo, err := actual.GetValue(idxloKey) require.NoError(t, err) - require.Equal(t, uint64(200), idxlo) + require.Equal(t, "200", idxlo) err = actual.Delete(idxloKey) require.NoError(t, err) vol, err := actual.GetValue(volKey) require.NoError(t, err) - require.Equal(t, uint64(300), vol) + require.Equal(t, "300", vol) err = actual.Delete(volKey) require.NoError(t, err) From 6faa84733b52c7eab8d555f7b3cce72085f04e25 Mon Sep 17 00:00:00 2001 From: Denis Rechkunov Date: Thu, 28 Sep 2023 10:35:24 +0200 Subject: [PATCH 2/3] Add changelog entry --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a8ed9f032c5f..b9e69c0fcbd1 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -15,6 +15,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] *Filebeat* +- Switch types of `log.file.device`, `log.file.inode`, `log.file.idxhi`, `log.file.idxlo` and `log.file.vol` fields to strings to better align with ECS and integrations. {pull}36697[36697] *Heartbeat* From 7d21dc9926e8ce2853c296115fed7a679f0346cd Mon Sep 17 00:00:00 2001 From: Denis Rechkunov Date: Thu, 28 Sep 2023 10:52:13 +0200 Subject: [PATCH 3/3] Fix missing import --- libbeat/reader/readfile/fs_metafields_windows.go | 1 + 1 file changed, 1 insertion(+) diff --git a/libbeat/reader/readfile/fs_metafields_windows.go b/libbeat/reader/readfile/fs_metafields_windows.go index 972e77dfc538..97bfd5c72de1 100644 --- a/libbeat/reader/readfile/fs_metafields_windows.go +++ b/libbeat/reader/readfile/fs_metafields_windows.go @@ -20,6 +20,7 @@ package readfile import ( "fmt" "os" + "strconv" "github.com/elastic/beats/v7/libbeat/common/file" "github.com/elastic/elastic-agent-libs/mapstr"