16 November 2015

Brewing in Beats: Last changes before RC2

By Monica Sarbu

Weekly Beats! With this series, we're keeping you up to date with all that's new in Beats, from the details of work in progress pull requests to releases and learning resources.

During the past week we continued fixing the issues that were reported from the community and we took our last opportunity to simplify and clarify some field names and configuration options before the 1.0.0 GA release. All these changes, some breaking compatibility since RC1, were based on the feedback from the community.

Winlogbeat for shipping Windows Event Logs

Andrew published Winlogbeat to Github this week. It ships Windows Event Logs to Elasticsearch directly or via Logstash. It installs as a Windows service on all versions since Windows XP.

Note that the Winlogbeat is for now a proof of concept project and is not yet released. See this ticket for the current status.

Export beat.name instead of shipper

With this pull request each Beat is now exporting beat.name instead of shipper, which is more clear, and also adds beat.hostname which is often needed/useful. Before, we used the shipper field to both indicate the Beat name and the OS hostname depending on configuration, so separating the two is meant to simplify the configuration and usage.

Fix memory leak in Topbeat

A memory leak in Topbeat caused problems on Windows. This pull request is fixing it. It also instructs the go tooling to use the built in race detector when running our tests. This should catch a few bugs in the future.

Rename -test with -configtest

The -test option, that is passed to the command line of any Beat, is replaced by -configtest option to make it clear that this is for testing the configuration file and not for the Beat itself.

Remove enabled as a configuration option for outputs

This pull request simplifies the configuration file options around the enabled/disabled outputs. The enabled/disabled configuration options for outputs and TLS options are removed and instead you can just comment out or uncomment in the configuration file to disable or enable a certain output or TLS.

Remove line from the Filebeat exported fields

Filebeat doesn’t export the line field anymore. The line number was not correctly set in case of Filebeat restarts, and making it correct would have affected the performance. We always recommend using the offset field instead as it gives you the correct value in all cases.

Update all Beats repositories automatically

Currently each Beat has its own repository in GitHub and they share a few common files defined in the libbeat repository. The pull request defines a script to automatically copy the common files of all Beats in libbeat to each Beat by executing make update in the Beat repository. Check update.sh for more details on what files are copied from libbeat.

Add system tests to Topbeat

System tests are added to Topbeat, using the model used by Packetbeat and Filebeat. They are executed by Jenkins and Travis on Linux and OS X and by AppVeyor on Windows.