Skip to content

Commit

Permalink
Remove failing processors from the query for errors
Browse files Browse the repository at this point in the history
The `add_cloud_metadata` and some other `add_*_metadata` processors
are expected to log some errors if they cannot fetch the necessary
information. It is normal to find their error logs in pretty much any
deployment, some examples:
 - When Docker is not installed/running `add_docker_metadata` will log
 some errors
 - When the Elastic-Agent is deployed in a non-cloud VM
 `add_cloud_metadata` will log some errors.

This commit removes all those processors from the queries for log
errors, as they're expected.
  • Loading branch information
belimawr committed Nov 28, 2023
1 parent d0b8138 commit 9faef34
Showing 1 changed file with 37 additions and 32 deletions.
69 changes: 37 additions & 32 deletions pkg/testing/tools/estools/elasticsearch.go
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,43 @@ func CheckForErrorsInLogs(client elastictransport.Interface, namespace string, e
// CheckForErrorsInLogsWithContext checks to see if any error-level lines exist
// excludeStrings can be used to remove any particular error strings from logs
func CheckForErrorsInLogsWithContext(ctx context.Context, client elastictransport.Interface, namespace string, excludeStrings []string) (Documents, error) {
excludeStatements := []map[string]interface{}{}

// Some if not all of those processors are likely to always log some error
// just because they cannot fetch the information, like if docker is not running
// or the Beat is not running on Kubernetes, so we already exclude all errors from them.
processors := []string{
"add_host_metadata",
"add_cloud_metadata",
"add_docker_metadata",
"add_kubernetes_metadata",
}
for _, p := range processors {
excludeStatements = append(excludeStatements, map[string]interface{}{
"match": map[string]interface{}{
"log.logger": p,
},
})
}

if len(excludeStrings) > 0 {
for _, ex := range excludeStrings {
excludeStatements = append(excludeStatements, map[string]interface{}{
"match_phrase": map[string]interface{}{
"message": ex,
},
})
}
}
queryRaw := map[string]interface{}{
// We need runtime mappings until we have all log.* fields mapped.
// https://github.com/elastic/integrations/issues/6545
"runtime_mappings": map[string]interface{}{
"log.logger": map[string]interface{}{
"type": "keyword",
},
},

"query": map[string]interface{}{
"bool": map[string]interface{}{
"must": []map[string]interface{}{
Expand All @@ -392,42 +428,11 @@ func CheckForErrorsInLogsWithContext(ctx context.Context, client elastictranspor
},
},
},
"must_not": excludeStatements,
},
},
}

if len(excludeStrings) > 0 {
excludeStatements := []map[string]interface{}{}
for _, ex := range excludeStrings {
excludeStatements = append(excludeStatements, map[string]interface{}{
"match_phrase": map[string]interface{}{
"message": ex,
},
})
}
queryRaw = map[string]interface{}{
"query": map[string]interface{}{
"bool": map[string]interface{}{
"must": []map[string]interface{}{
{
"match": map[string]interface{}{
"log.level": "error",
},
},
{
"term": map[string]interface{}{
"data_stream.namespace": map[string]interface{}{
"value": namespace,
},
},
},
},
"must_not": excludeStatements,
},
},
}
}

var buf bytes.Buffer
err := json.NewEncoder(&buf).Encode(queryRaw)
if err != nil {
Expand Down

0 comments on commit 9faef34

Please sign in to comment.