[Fleet] Exclude events log from EA diagnostic collection in modal #190469

lucabelluccini · 2024-08-13T22:52:44Z

Summary

In 8.15 we've reintroduced the logging of raw events when in debug log via elastic/beats#38767.

Given the Elastic Agent is able to read the flag from the action (https://github.com/elastic/elastic-agent/blob/44528c49507c18e71a4cfd2a6ba4f0904bd32009/internal/pkg/fleetapi/action.go#L483), I'm attempting to draft a PR.

Checklist

Delete any items that are not applicable to this PR.

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Documentation was added for features that require explanation or tutorials
Unit or functional tests were updated or added to match the most common scenarios
Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
This was checked for cross-browser compatibility

Risk Matrix

Is it safe to send the new parameter to Elastic Agents which do not support the exclude_event_logs?
Do we need to handle the saved objects types of the Diagnostic Request?

For maintainers

This was checked for breaking API changes and was labeled appropriately

x-pack/plugins/fleet/common/openapi/bundled.json

x-pack/plugins/fleet/common/openapi/bundled.yaml

x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml

x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml

...blic/applications/fleet/sections/agents/components/agent_request_diagnostics_modal/index.tsx

lucabelluccini · 2024-08-22T18:06:59Z

Tested locally with 8.15 and 8.11 to ensure the flag is not preventing the diagnostic collection on older Elastic Agent versions.

We might need to put this on hold until Elastic Agent considers this flag in the protocol and repeat the tests as afaik this requires a protocol change.

…diagnostics.yaml

…quest_diagnostics.yaml

…/components/agent_request_diagnostics_modal/index.tsx

lucabelluccini · 2024-08-22T18:08:07Z

x-pack/plugins/fleet/server/services/agents/request_diagnostics.ts

@@ -23,7 +23,8 @@ import {
 export async function requestDiagnostics(
  esClient: ElasticsearchClient,
  agentId: string,
-  additionalMetrics?: RequestDiagnosticsAdditionalMetrics[]
+  additionalMetrics?: RequestDiagnosticsAdditionalMetrics[],
+  excludeEventsLog?: boolean,


Not 100% sure

lucabelluccini · 2024-08-22T18:08:26Z

x-pack/plugins/fleet/server/routes/agent/request_diagnostics_handler.test.ts

@@ -36,7 +36,7 @@ describe('request diagnostics handler', () => {
  let mockRequest: KibanaRequest<
    { agentId: string },
    undefined,
-    { additional_metrics: RequestDiagnosticsAdditionalMetrics[] },
+    { additional_metrics: RequestDiagnosticsAdditionalMetrics[]; exclude_events_log?: boolean },


Not 100% sure

…-fix'

elasticmachine · 2024-08-22T19:00:33Z

Pinging @elastic/fleet (Team:Fleet)

nchaulet · 2024-08-26T13:29:44Z

Got the following error when trying the API

You will have to update the request schema for the POST request diagnostic and bulk operation too here

nchaulet · 2024-08-26T13:30:42Z

...blic/applications/fleet/sections/agents/components/agent_request_diagnostics_modal/index.tsx

+      <EuiCheckbox
+        id="includeEventsLogCheckbox"
+        data-test-subj="includeEventsLogCheckbox"
+        label="Include Events Logs (might contain sensible information)"


It will be nice to have translated value with i18n.translate for the label

cla-checker-service · 2024-08-26T22:03:44Z

💚 CLA has been signed

lucabelluccini · 2024-08-26T22:05:46Z

Weird to get the warning - I do not get the popup. I've already updated the request schema.

I've updated the code to use the i18n and the render is still good.

The derived Fleet actions SO are:

     {
        "_index": ".fleet-actions-7",
        "_id": "6d9e72e1-504c-4b3f-bad4-3b7791282597",
        "_score": null,
        "_source": {
          "@timestamp": "2024-08-26T21:52:59.529Z",
          "expiration": "2024-08-27T00:52:59.529Z",
          "agents": [
            "a04e9ed5-eccb-43ea-a26b-8d0ee7010ba7"
          ],
          "action_id": "817f60c0-2af5-4b60-8ccf-be58c4601ed4",
          "data": {
            "additional_metrics": [],
            "exclude_events_log": false
          },
          "type": "REQUEST_DIAGNOSTICS",
          "traceparent": "00-cb510e4d60758d79731b1678971bce38-25ae78c9627e0a56-01"
        },
        "sort": [
          1724709179529
        ]
      },
      {
        "_index": ".fleet-actions-7",
        "_id": "fdc86319-ad15-4d2e-8f19-0e719bd46f66",
        "_score": null,
        "_source": {
          "@timestamp": "2024-08-26T21:52:50.542Z",
          "expiration": "2024-08-27T00:52:50.542Z",
          "agents": [
            "a04e9ed5-eccb-43ea-a26b-8d0ee7010ba7"
          ],
          "action_id": "22c2a9f4-71ae-4d43-a3d0-8641fb7ffef0",
          "data": {
            "additional_metrics": [],
            "exclude_events_log": true
          },
          "type": "REQUEST_DIAGNOSTICS",
          "traceparent": "00-6a1b2c5a804f01dc2a2bd30c314a8033-66ccb911e742654b-01"
        },
        "sort": [
          1724709170542
        ]
      }

I still think we need some work on EA side in order to merge IIUC.

kibana-ci · 2024-08-26T23:32:09Z

💔 Build Failed

Failed CI Steps

Test Failures

[job] [logs] FTR Configs #41 / apis ESQL sync error messages Using string field type: text and number field type: integer Checking error messages
[job] [logs] FTR Configs #41 / apis ESQL sync error messages Using string field type: text and number field type: integer Checking error messages

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`fleet`	1.8MB	1.8MB	+487.0B