diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 0a681c202ac..df2c8aad964 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -707,6 +707,7 @@ from being added to events by default. {pull}18159[18159] - Add SSL option to checkpoint module {pull}19560[19560] - Add max_number_of_messages config into s3 input. {pull}21993[21993] - Update Okta documentation for new stateful restarts. {pull}22091[22091] +- Rename awscloudwatch input to aws-cloudwatch. {pull}22228[22228] - Rename google-pubsub input to gcp-pubsub. {pull}22213[22213] - Copy tag names from MISP data into events. {pull}21664[21664] - Added DNS response IP addresses to `related.ip` in Suricata module. {pull}22291[22291] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index b1ee49fed5c..70be39bc1a9 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -16,7 +16,7 @@ grouped in the following categories: * <> * <> * <> -* <> +* <> * <> * <> * <> @@ -2292,21 +2292,21 @@ type: keyword -- -[[exported-fields-awscloudwatch]] -== awscloudwatch fields +[[exported-fields-aws-cloudwatch]] +== aws-cloudwatch fields Fields from AWS CloudWatch logs. [float] -=== awscloudwatch +=== aws-cloudwatch Fields from AWS CloudWatch logs. -*`awscloudwatch.log_group`*:: +*`aws-cloudwatch.log_group`*:: + -- The name of the log group to which this event belongs. @@ -2315,7 +2315,7 @@ type: keyword -- -*`awscloudwatch.log_stream`*:: +*`aws-cloudwatch.log_stream`*:: + -- The name of the log stream to which this event belongs. @@ -2324,7 +2324,7 @@ type: keyword -- -*`awscloudwatch.ingestion_time`*:: +*`aws-cloudwatch.ingestion_time`*:: + -- The time the event was ingested in AWS CloudWatch. diff --git a/filebeat/docs/filebeat-options.asciidoc b/filebeat/docs/filebeat-options.asciidoc index edafda17bb4..b8e230bfd0e 100644 --- a/filebeat/docs/filebeat-options.asciidoc +++ b/filebeat/docs/filebeat-options.asciidoc @@ -62,6 +62,7 @@ subdirectories of a directory. You can configure {beatname_uc} to use the following inputs: +* <<{beatname_lc}-input-aws-cloudwatch>> * <<{beatname_lc}-input-azure-eventhub>> * <<{beatname_lc}-input-cloudfoundry>> * <<{beatname_lc}-input-container>> @@ -84,7 +85,7 @@ You can configure {beatname_uc} to use the following inputs: include::multiline.asciidoc[] -include::../../x-pack/filebeat/docs/inputs/input-awscloudwatch.asciidoc[] +include::../../x-pack/filebeat/docs/inputs/input-aws-cloudwatch.asciidoc[] include::../../x-pack/filebeat/docs/inputs/input-azure-eventhub.asciidoc[] diff --git a/x-pack/filebeat/docs/inputs/input-awscloudwatch.asciidoc b/x-pack/filebeat/docs/inputs/input-aws-cloudwatch.asciidoc similarity index 92% rename from x-pack/filebeat/docs/inputs/input-awscloudwatch.asciidoc rename to x-pack/filebeat/docs/inputs/input-aws-cloudwatch.asciidoc index 3553947fb87..b66d76281c9 100644 --- a/x-pack/filebeat/docs/inputs/input-awscloudwatch.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-aws-cloudwatch.asciidoc @@ -2,7 +2,7 @@ :libbeat-xpack-dir: ../../../../x-pack/libbeat -:type: awscloudwatch +:type: aws-cloudwatch [id="{beatname_lc}-input-{type}"] === AWS CloudWatch input @@ -13,7 +13,7 @@ beta[] -`awscloudwatch` input can be used to retrieve all logs from all log streams in a +`aws-cloudwatch` input can be used to retrieve all logs from all log streams in a specific log group. `filterLogEvents` AWS API is used to list log events from the specified log group. Amazon CloudWatch Logs can be used to store log files from Amazon Elastic Compute Cloud(EC2), AWS CloudTrail, Route53, and other sources. @@ -29,14 +29,14 @@ separate source of logs in CloudWatch Logs makes up a separate log stream. ["source","yaml",subs="attributes"] ---- {beatname_lc}.inputs: -- type: awscloudwatch +- type: aws-cloudwatch log_group_arn: arn:aws:logs:us-east-1:428152502467:log-group:test:* scan_frequency: 1m credential_profile_name: elastic-beats start_position: beginning ---- -The `awscloudwatch` input supports the following configuration options plus the +The `aws-cloudwatch` input supports the following configuration options plus the <<{beatname_lc}-input-{type}-common-options>> described later. [float] @@ -100,12 +100,12 @@ collecting logs from the same region and AWS account. [float] ==== `aws credentials` -In order to make AWS API calls, `awscloudwatch` input requires AWS credentials. +In order to make AWS API calls, `aws-cloudwatch` input requires AWS credentials. Please see <> for more details. [float] === AWS Permissions -Specific AWS permissions are required for IAM user to access awscloudwatch: +Specific AWS permissions are required for IAM user to access aws-cloudwatch: ---- logs:FilterLogEvents ---- diff --git a/x-pack/filebeat/input/awscloudwatch/_meta/fields.yml b/x-pack/filebeat/input/awscloudwatch/_meta/fields.yml index ea5fdd55874..e9365b920ba 100644 --- a/x-pack/filebeat/input/awscloudwatch/_meta/fields.yml +++ b/x-pack/filebeat/input/awscloudwatch/_meta/fields.yml @@ -1,9 +1,9 @@ -- key: awscloudwatch - title: "awscloudwatch" +- key: aws-cloudwatch + title: "aws-cloudwatch" description: > Fields from AWS CloudWatch logs. fields: - - name: awscloudwatch + - name: aws-cloudwatch type: group default_field: false description: > diff --git a/x-pack/filebeat/input/awscloudwatch/config.go b/x-pack/filebeat/input/awscloudwatch/config.go index d916ea065da..7f1e4ca3ccd 100644 --- a/x-pack/filebeat/input/awscloudwatch/config.go +++ b/x-pack/filebeat/input/awscloudwatch/config.go @@ -29,7 +29,7 @@ type config struct { func defaultConfig() config { return config{ ForwarderConfig: harvester.ForwarderConfig{ - Type: "awscloudwatch", + Type: "aws-cloudwatch", }, StartPosition: "beginning", ScanFrequency: 10 * time.Second, diff --git a/x-pack/filebeat/input/awscloudwatch/fields.go b/x-pack/filebeat/input/awscloudwatch/fields.go index 61fa1b5d745..fd5749b8c03 100644 --- a/x-pack/filebeat/input/awscloudwatch/fields.go +++ b/x-pack/filebeat/input/awscloudwatch/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAwscloudwatch returns asset data. // This is the base64 encoded gzipped contents of input/awscloudwatch. func AssetAwscloudwatch() string { - return "eJys0cFqwzAMBuB7nuKn9/YBfBiMwV5ggx6DFyuxqWMFW5nJ2w87ZU3WyzaqoyL9+oKPuNCioHPqPM8ma+lsA4gTTwqHXf/QAIZSF90kjoPCUwMAr468Segjj3g+v+GlLJzLAjwP6dQAfR1RdfyIoEe6P1lKlokUhsjzdO0Y6vXspa0JCr32ib4/3VF+ySm1JW1Znod2C7ixLrRkjmbT3wneLdUIcA+xVILWP4EwsnWdhViXQJ8UBB/kOdw0+/tJIunxEYA16W8CFwZKJbIVN9J/FGWvEtZLWadrKBm48ONVTs1XAAAA//8tpMbE" + return "eJyskUtq7DAQRedexaXn7gVo8OARyAYS6KFRrLIlWlYZqRzh3QfJTdpOMkhCalifc49QiyutCjqntve8mKyltw0gTjwpnI6DUwMYSn10szgOCv8aAHh05E3CEHnC/8sTHsrBpRzA85jODTDUFVXXWwQ90RehpWSdSWGMvMy3jqFBL166ilAYtE/0Pvrk8k2fUnunvZfnsdsL3LWutGaOZtc/GDxbqgjwALFUQNtLIIxsXW8h1iXQKwXBC3kOd5tjfpJIevoLgY30MwMXRkoF2Ymb6DcW5a4qbElZpxuUDFz48Cvn5i0AAP//m93HSw==" } diff --git a/x-pack/filebeat/input/awscloudwatch/input.go b/x-pack/filebeat/input/awscloudwatch/input.go index 8c19ca4a24f..2f3563a369e 100644 --- a/x-pack/filebeat/input/awscloudwatch/input.go +++ b/x-pack/filebeat/input/awscloudwatch/input.go @@ -26,13 +26,21 @@ import ( awscommon "github.com/elastic/beats/v7/x-pack/libbeat/common/aws" ) -const inputName = "awscloudwatch" +const ( + inputName = "aws-cloudwatch" + oldInputName = "awscloudwatch" +) func init() { err := input.Register(inputName, NewInput) if err != nil { panic(errors.Wrapf(err, "failed to register %v input", inputName)) } + + err = input.Register(oldInputName, NewInput) + if err != nil { + panic(errors.Wrapf(err, "failed to register %v input", oldInputName)) + } } // awsCloudWatchInput is a input for AWS CloudWatch logs @@ -41,11 +49,11 @@ type awsCloudWatchInput struct { awsConfig awssdk.Config logger *logp.Logger - outlet channel.Outleter // Output of received awscloudwatch logs. + outlet channel.Outleter // Output of received aws-cloudwatch logs. inputCtx *channelContext workerOnce sync.Once // Guarantees that the worker goroutine is only started once. - workerWg sync.WaitGroup // Waits on awscloudwatch worker goroutine. + workerWg sync.WaitGroup // Waits on aws-cloudwatch worker goroutine. stopOnce sync.Once close chan struct{} @@ -69,9 +77,9 @@ func (c *channelContext) Err() error { } func (c *channelContext) Value(key interface{}) interface{} { return nil } -// NewInput creates a new awscloudwatch input +// NewInput creates a new aws-cloudwatch input func NewInput(cfg *common.Config, connector channel.Connector, context input.Context) (input.Input, error) { - cfgwarn.Beta("awsclouwatch input type is used") + cfgwarn.Beta("aws-clouwatch input type is used") logger := logp.NewLogger(inputName) // Extract and validate the input's configuration. @@ -79,7 +87,11 @@ func NewInput(cfg *common.Config, connector channel.Connector, context input.Con if err := cfg.Unpack(&config); err != nil { return nil, errors.Wrap(err, "failed unpacking config") } - logger.Debug("awscloudwatch input config = ", config) + logger.Debug("aws-cloudwatch input config = ", config) + + if config.Type == oldInputName { + logger.Warnf("%s input name is deprecated, please use %s instead", oldInputName, inputName) + } if config.LogGroupARN != "" { logGroupName, regionName, err := parseARN(config.LogGroupARN) @@ -122,8 +134,8 @@ func (in *awsCloudWatchInput) Run() { in.workerOnce.Do(func() { in.workerWg.Add(1) go func() { - in.logger.Infof("awscloudwatch input worker for log group: '%v' has started", in.config.LogGroupName) - defer in.logger.Infof("awscloudwatch input worker for log group '%v' has stopped.", in.config.LogGroupName) + in.logger.Infof("aws-cloudwatch input worker for log group: '%v' has started", in.config.LogGroupName) + defer in.logger.Infof("aws-cloudwatch input worker for log group '%v' has stopped.", in.config.LogGroupName) defer in.workerWg.Done() in.run() }() @@ -300,12 +312,12 @@ func (in *awsCloudWatchInput) forwardEvent(event beat.Event) error { return nil } -// Stop stops the awscloudwatch input +// Stop stops the aws-cloudwatch input func (in *awsCloudWatchInput) Stop() { in.stopOnce.Do(func() { defer in.outlet.Close() close(in.close) - in.logger.Info("Stopping awscloudwatch input") + in.logger.Info("Stopping aws-cloudwatch input") }) }