09 octobre 2016

Brewing in Beats: New community Beat for network devices

Par Monica Sarbu

New community beat: Openconfigbeat

Giuseppe Valente from Arista Networks created Openconfigbeat to get statistics from network devices over the OpenConfig interface. OpenConfig is a collaborative effort by network operators to develop a common interface for managing network devices.

Libbeat: Make future upgrades easier

In order to make it easier to upgrade between minor versions when new fields of type float are exported, we make sure that float fields are always sent as float values even if the current value happens to be an integer. For example 5 will be sent as 5.00000, so Elasticsearch defines it as a float in the absence of a mapping.

You should set all strings to be keywords by default, so if new string fields are added, you can build aggregations on them even if no template is defined yet.

Libbeat: Export beat version in each event

Each Beat adds its version in each event under the beat.version field, so you can identify the events generated by a certain release version. Even if it adds an overhead to the exported traffic, this information is valuable during upgrades.

Winlogbeat: Limit the number of windows event logs

Add a new configuration option to allow users to control the number of event log records that are read from the Windows API in a single batch. By default batch_read_size is set to 100, and it’s available only on Windows Vista or newer versions.

Metricbeat: Report system-wide information from Docker module

Enhance the Docker module in Metricbeat by exporting the info metricset to include system-wide information like the number of total containers or the number of running/stopped/paused containers.

Libbeat: Fix drop_fields processor when the first field is unknown

Fix the drop_fields processor as it was not dropping any field when the first field from the list was unknown and had a nested format like foo.bar.

Metricbeat: Remove dots in field names from the Redis module

Some dots found their way in the fields of our Metricbeat Redis module, and we removed them to maintain compatibility with the 2.X Elasticsearch versions.

Libbeat: Deprecate port setting for Redis and Logstash output

A list of Redis/Logstash servers can be configured under the hosts settings, and you can specify a port for each server. If no port is configured, you could configure a default under the port option. We deprecated this in 5.0 in order to avoid the confusion of having two ways of configuring the port.