linux capabilities: normalization and auditbeat process support

[haesbaert]

Proposed commit message

Add process capabilities to auditbeat/system and normalize the existing capabilities uses in beats.

The main goal is to add process.thread.capabilities.{permitted, effective} only, but since there are a couple of other uses of capabilities in beats already, it makes sense to standarize them into a common way to generate the required ECS fields.

I noticed that on root processes, where all capabilities are set, we end up generating a ton of output, so I proposed to condense them into CAP_ALL here.
This change implements said CAP_ALL and also makes sure the other beats end up outputting CAP_ALL as well by using libbeat/common/capabilities/capabilities_*. CAP_ALL removed from this PR, to be discussed in the future.

The original idea was to rely on go-sysinfo that parses /proc, and while that works fine, we need more interfaces: like being able to get capabilities from an uint64 that comes from a kprobe for example, so instead I'm using the already imported cap module that is shipped with libcap(3) that retrieves process capabilities via capget(2), it's also maintained by libcap people so hopefully we don't have to care about maintaining our own capability table in the future. Additionally it also handles old kernels that have a slightly different ABI.

cap does runtime discovery of the maximum capability set of the host (cap.MaxBits()) and that is the criteria to issuing a CAP_ALL, note that if the capability being converted contains more bits (say we're using an old cap module in a newer kernel), the capability will still be exported but as "CAP_42, 43...", and CAP_ALL will be suppressed, I believe this is way less confusing than CAP_ALL+CAP_42. CAP_ALL removed from this PR, to be discussed in the future.

Beats seem to be tracking ECS 8.0.0-dev, these new fields appeared in 8.10 so I've added them to the auditbeat fields in order to pass the integration tests, otherwise it complains about undocumented fields.

I've added capget(2) to all beats syscomp policy, this is because cap.GetProc() is written with the assumption that you can never get EPERM for the current process.

I've also raised the point that there is a canonical text representation for capabilities https://linux.die.net/man/3/cap_to_text

$ ./a.out "cap_chown=p cap_chown+e"
caps_to_text() returned "= cap_chown+ep"

And I wonder if it's too late and/or makes any sense to adopt something like that in ECS.

Checklist

• [] My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

I've added tests and converted the journald ones to use the same backing, and verified it still works. I've also tested teh journald output on an elastic deployment to be sure.

There is an obvious TOCTOU in fetching the capabilities since when we attempt to retrieve them the process might be gone (ESRCH), in this case we set process.Error if not already set, I wonder if it makes sense to not error out in this case and just mark CAP_UNKNOWN or whatever, I'm not familiar enough with beats to judge this.

How to test this PR locally

auditbeat configuration:

auditbeat.modules:

- module: system
  datasets:
    - process
#    - socket
  period: 1m # The frequency at which the datasets check for changes


  # How often datasets send state updates with the
  # current state of the system (e.g. all currently
  # running processes, all open sockets).
  state.period: 5m

output.console:
  pretty: true

$ sudo auditbeat -c /tmp/auditbeat.yml | grep -C100 CAP_
{
  "@timestamp": "2023-12-05T19:34:54.425Z",
  "@metadata": {
    "beat": "auditbeat",
    "type": "_doc",
    "version": "8.12.0"
  },
  "process": {
    "thread": {
      "capabilities": {
        "effective": [
          "CAP_DAC_READ_SEARCH",
          "CAP_SYS_RESOURCE"
        ],
        "permitted": [
          "CAP_DAC_READ_SEARCH",
          "CAP_SYS_RESOURCE"
        ]
      }
    },
    "entity_id": "DADEDQU03GoDNhc1",
    "pid": 2841325,
    "start": "2023-12-05T19:32:53.180Z",
    "args": [
      "systemd-userwork: waiting..."
    ],
....

Related issues

• Relates [Auditbeat] system.process - report Linux capabilities #36404
• Relates https://github.com/elastic/security-team/issues/4375

Screenshots

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @haesbaert? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-18T11:16:52.606+0000

• Duration: 71 min 44 sec

Test stats 🧪

Test	Results
Failed	12
Passed	27956
Skipped	1621
Total	29589

Test errors

Expand to view the tests failures

> Show only the first 10 test failures

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/cap_chown_short – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_short
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_short (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/cap_chown_long – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_long
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("0000000000000001")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_long (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/all – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_ALL"]}}}`,
          }
--- FAIL: TestExpandCapabilities/all (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/all_and_new – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all_and_new
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("7ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_`...,
          }
--- FAIL: TestExpandCapabilities/all_and_new (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/sparse – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/sparse
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("deadbeef")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_OWNER","C`...,
          }
--- FAIL: TestExpandCapabilities/sparse (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities
--- FAIL: TestExpandCapabilities (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/cap_chown_short – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_short
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_short (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/cap_chown_long – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_long
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("0000000000000001")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_long (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/all – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_ALL"]}}}`,
          }
--- FAIL: TestExpandCapabilities/all (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/all_and_new – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all_and_new
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("7ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_`...,
          }
--- FAIL: TestExpandCapabilities/all_and_new (0.00s)
 

Steps errors

Expand to view the steps failures

filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 3 min 24 sec . View more details here
• Description: mage build unitTest

filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 1 min 39 sec . View more details here
• Description: mage build unitTest

filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 1 min 39 sec . View more details here
• Description: mage build unitTest

filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 3 min 15 sec . View more details here
• Description: mage build unitTest

filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 1 min 38 sec . View more details here
• Description: mage build unitTest

filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 1 min 37 sec . View more details here
• Description: mage build unitTest

download tool

• Took 0 min 1 sec . View more details here
• Description: wget -q -O terraform.zip https://releases.hashicorp.com/terraform/1.0.2/terraform_1.0.2_linux_amd64.zip

Error signal

• Took 0 min 0 sec . View more details here
• Description: Error 'hudson.AbortException: script returned exit code 1'

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-18T12:19:52.832+0000

• Duration: 60 min 39 sec

Test stats 🧪

Test	Results
Failed	30
Passed	18204
Skipped	1409
Total	19643

Test errors

Expand to view the tests failures

> Show only the first 10 test failures

Build&Test / x-pack/auditbeat-rhel-9-rhel-9 / test_export_index_pattern – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001c02b68 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001c02b68 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / x-pack/auditbeat-rhel-9-rhel-9 / test_export_index_pattern_migration – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0016c9698 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0016c9698 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / x-pack/auditbeat-build / test_export_index_pattern – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001bea4a8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001bea4a8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / x-pack/auditbeat-build / test_export_index_pattern_migration – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0017ab0d8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0017ab0d8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-rhel-9-rhel-9 / test_export_index_pattern – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000b98938 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000b98938 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-rhel-9-rhel-9 / test_export_index_pattern_migration – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0006d49f8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0006d49f8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-unitTest / test_export_index_pattern – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0009a6638 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0009a6638 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-unitTest / test_export_index_pattern_migration – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0010cbaf8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0010cbaf8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-windows-2016-windows-2016 / test_export_index_pattern – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000a688e8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

..\libbeat\tests\system\beat\common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <test_base.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000a688e8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

..\libbeat\tests\system\beat\common_tests.py:38: Exception 

Build&Test / auditbeat-windows-2016-windows-2016 / test_export_index_pattern_migration – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000884798 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

..\libbeat\tests\system\beat\common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <test_base.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000884798 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

..\libbeat\tests\system\beat\common_tests.py:38: Exception 

Steps errors

Expand to view the steps failures

Show only the first 10 steps failures

x-pack/auditbeat-windows-2022-windows-2022 - mage build unitTest

• Took 5 min 1 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2022-windows-2022 - mage build unitTest

• Took 1 min 46 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2022-windows-2022 - mage build unitTest

• Took 1 min 47 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 7 min 21 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 3 min 6 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 3 min 6 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 10 min 32 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 3 min 38 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 4 min 38 sec . View more details here
• Description: mage build unitTest

Error signal

• Took 0 min 0 sec . View more details here
• Description: Error 'hudson.AbortException: script returned exit code 1'

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-18T12:40:54.749+0000

• Duration: 39 min 4 sec

Test stats 🧪

Test	Results
Failed	38
Passed	24089
Skipped	1404
Total	25531

Test errors

Expand to view the tests failures

> Show only the first 10 test failures

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/cap_chown_short – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_short
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_short (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/cap_chown_long – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_long
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("0000000000000001")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_long (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/all – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_ALL"]}}}`,
          }
--- FAIL: TestExpandCapabilities/all (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/all_and_new – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all_and_new
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("7ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_`...,
          }
--- FAIL: TestExpandCapabilities/all_and_new (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities/sparse – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/sparse
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("deadbeef")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_OWNER","C`...,
          }
--- FAIL: TestExpandCapabilities/sparse (0.00s)
 

Build&Test / filebeat-windows-2022-windows-2022 / TestExpandCapabilities – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities
--- FAIL: TestExpandCapabilities (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/cap_chown_short – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_short
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_short (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/cap_chown_long – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_long
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("0000000000000001")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_long (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/all – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_ALL"]}}}`,
          }
--- FAIL: TestExpandCapabilities/all (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/all_and_new – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all_and_new
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("7ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_`...,
          }
--- FAIL: TestExpandCapabilities/all_and_new (0.00s)
 

Steps errors

Expand to view the steps failures

Show only the first 10 steps failures

x-pack/auditbeat-rhel-9-rhel-9 - mage build unitTest

• Took 1 min 37 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2022-windows-2022 - mage build unitTest

• Took 5 min 59 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2022-windows-2022 - mage build unitTest

• Took 1 min 44 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2022-windows-2022 - mage build unitTest

• Took 1 min 44 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2016-windows-2016 - mage build unitTest

• Took 5 min 45 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2016-windows-2016 - mage build unitTest

• Took 1 min 45 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2016-windows-2016 - mage build unitTest

• Took 1 min 44 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 8 min 33 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 3 min 7 sec . View more details here
• Description: mage build unitTest

Error signal

• Took 0 min 0 sec . View more details here
• Description: Error 'hudson.AbortException: script returned exit code 1'

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[haesbaert]

/test

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-18T13:12:31.448+0000

• Duration: 79 min 27 sec

Test stats 🧪

Test	Results
Failed	24
Passed	20378
Skipped	1298
Total	21700

Test errors

Expand to view the tests failures

> Show only the first 10 test failures

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/cap_chown_short – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_short
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_short (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/cap_chown_long – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/cap_chown_long
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("0000000000000001")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN"]}}}`,
          }
--- FAIL: TestExpandCapabilities/cap_chown_long (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/all – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("1ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_ALL"]}}}`,
          }
--- FAIL: TestExpandCapabilities/all (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/all_and_new – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/all_and_new
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("7ffffffffff")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_`...,
          }
--- FAIL: TestExpandCapabilities/all_and_new (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities/sparse – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities/sparse
    conv_expand_test.go:257: unexpected result
        --- want
        +++ got
          mapstr.M{
          	"journald": mapstr.M{"process": mapstr.M{"capabilities": string("deadbeef")}},
        - 	"process":  s`{"thread":{"capabilities":{"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_OWNER","C`...,
          }
--- FAIL: TestExpandCapabilities/sparse (0.00s)
 

Build&Test / filebeat-windows-2016-windows-2016 / TestExpandCapabilities – github.com/elastic/beats/v7/filebeat/input/journald/pkg/journalfield

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestExpandCapabilities
--- FAIL: TestExpandCapabilities (0.00s)
 

Build&Test / x-pack/auditbeat-rhel-9-rhel-9 / test_export_index_pattern – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001312e28 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001312e28 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / x-pack/auditbeat-rhel-9-rhel-9 / test_export_index_pattern_migration – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001bb9de8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001bb9de8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-rhel-9-rhel-9 / test_export_index_pattern – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000d0a168 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000d0a168 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-rhel-9-rhel-9 / test_export_index_pattern_migration – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000d9baa8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000d9baa8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Steps errors

Expand to view the steps failures

Show only the first 10 steps failures

x-pack/auditbeat-windows-2016-windows-2016 - mage build unitTest

• Took 5 min 40 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2016-windows-2016 - mage build unitTest

• Took 1 min 44 sec . View more details here
• Description: mage build unitTest

x-pack/auditbeat-windows-2016-windows-2016 - mage build unitTest

• Took 1 min 43 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 7 min 24 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 3 min 5 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 3 min 8 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 10 min 36 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 4 min 38 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 4 min 37 sec . View more details here
• Description: mage build unitTest

Error signal

• Took 0 min 0 sec . View more details here
• Description: Error 'hudson.AbortException: script returned exit code 1'

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-18T13:28:27.251+0000

• Duration: 65 min 8 sec

Test stats 🧪

Test	Results
Failed	34
Passed	27708
Skipped	1985
Total	29727

Test errors

Expand to view the tests failures

> Show only the first 10 test failures

Build&Test / metricbeat-pythonIntegTest / test_info – metricbeat.module.redis.test_redis.Test_0

Expand to view the error details

 Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:18.890Z', 'agent': {'version': '8.13.0', 'ephemeral_id': '1a412876-b7f8-449a-a734-b39eb38872d2', 'id': '795f53be-5af2-416f-bb64-69d1389200a6', 'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162', 'type': 'metricbeat'}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'event': {'dataset': 'redis.info', 'module': 'redis', 'duration': 1309983}, 'ecs': {'version': '8.0.0'}, 'metricset': {'name': 'info', 'period': 5000}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'redis': {'info': {'cpu': {'used': {'sys_children': 0, 'user_children': 0, 'sys': 0.01, 'user': 0.02}}, 'replication': {'master': {'sync': {}, 'offset': 0}, 'slave': {}, 'role': 'master', 'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}}, 'server': {'arch_bits': '64', 'run_id': '1f37f96072ca58460ffb8dee23d4785ee798945a', 'git_sha1': '00000000', 'lru_clock': 8410522, 'gcc_version': '6.4.0', 'hz': 10, 'tcp_port': 6379, 'mode': 'standalone', 'uptime': 2, 'build_id': 'b9a4cd86ce8027d3', 'multiplexing_api': 'epoll', 'git_dirty': '0', 'config_file': ''}, 'slowlog': {'count': 0}, 'clients': {'connected': 1, 'max_output_buffer': 0, 'max_input_buffer': 0, 'blocked': 0}, 'stats': {'keys': {'evicted': 0, 'expired': 0}, 'latest_fork_usec': 0, 'instantaneous': {'ops_per_sec': 0, 'input_kbps': 0, 'output_kbps': 0}, 'keyspace': {'hits': 0, 'misses': 0}, 'active_defrag': {}, 'commands_processed': 0, 'migrate_cached_sockets': 0, 'sync': {'partial': {'ok': 0, 'err': 0}, 'full': 0}, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}, 'pubsub': {'channels': 0, 'patterns': 0}, 'connections': {'received': 3, 'rejected': 0}}, 'commandstats': {}, 'cluster': {'enabled': False}, 'memory': {'max': {'value': 0, 'policy': 'noeviction'}, 'fragmentation': {'ratio': 3.03}, 'active_defrag': {}, 'allocator': 'jemalloc-4.0.3', 'allocator_stats': {'fragmentation': {}, 'rss': {}}, 'used': {'value': 822448, 'rss': 2490368, 'peak': 822448, 'lua': 37888}}, 'persistence': {'rdb': {'bgsave': {'last_status': 'ok', 'in_progress': False, 'last_time': {'sec': -1}, 'current_time': {'sec': -1}}, 'copy_on_write': {}, 'last_save': {'time': 1702909336, 'changes_since': 0}}, 'aof': {'copy_on_write': {}, 'buffer': {}, 'size': {}, 'fsync': {}, 'enabled': False, 'rewrite': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}}, 'loading': False}}}, 'service': {'version': '3.2.12', 'address': 'redis://192.168.144.2:6379', 'type': 'redis'}, 'process': {'pid': 1}}) is not documented! 

Expand to view the stacktrace

 self = <test_redis.Test_0 testMethod=test_info>

    @unittest.skipUnless(metricbeat.INTEGRATION_TESTS, "integration test")
    @pytest.mark.tag('integration')
    def test_info(self):
        """
        Test redis info metricset
        """
    
        self.render_config_template(modules=[{
            "name": "redis",
            "metricsets": ["info"],
            "hosts": self.get_hosts(),
            "period": "5s"
        }])
        proc = self.start_beat()
        self.wait_until(lambda: self.output_lines() > 0)
        proc.check_kill_and_wait()
        self.assert_no_logged_warnings()
    
        output = self.read_output_json()
        self.assertEqual(len(output), 1)
        evt = output[0]
    
        fields = REDIS_FIELDS + ["process", "os"]
        self.assertCountEqual(self.de_dot(fields), evt.keys())
        redis_info = evt["redis"]["info"]
        self.assertCountEqual(self.de_dot(REDIS_INFO_FIELDS), redis_info.keys())
        self.assertCountEqual(self.de_dot(CLIENTS_FIELDS), redis_info["clients"].keys())
        self.assertCountEqual(self.de_dot(CPU_FIELDS), redis_info["cpu"].keys())
>       self.assert_fields_are_documented(evt)

module/redis/test_redis.py:56: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_redis.Test_0 testMethod=test_info>
evt = {'@timestamp': '2023-12-18T14:22:18.890Z', 'agent': {'ephemeral_id': '1a412876-b7f8-449a-a734-b39eb38872d2', 'id': '79...t', ...}, 'ecs': {'version': '8.0.0'}, 'event': {'dataset': 'redis.info', 'duration': 1309983, 'module': 'redis'}, ...}

    def assert_fields_are_documented(self, evt):
        """
        Assert that all keys present in evt are documented in fields.yml.
        This reads from the global fields.yml, means `mage fields` has to be run before the check.
        """
        expected_fields, dict_fields, aliases = self.load_fields()
        flat = self.flatten_object(evt, dict_fields)
    
        def field_pattern_match(pattern, key):
            pattern_fields = pattern.split(".")
            key_fields = key.split(".")
            if len(pattern_fields) != len(key_fields):
                return False
            for i in range(len(pattern_fields)):
                if pattern_fields[i] == "*":
                    continue
                if pattern_fields[i] != key_fields[i]:
                    return False
            return True
    
        def is_documented(key, docs):
            if key in docs:
                return True
            for pattern in (f for f in docs if "*" in f):
                if field_pattern_match(pattern, key):
                    return True
            return False
    
        for key in flat.keys():
            meta_key = key.startswith('@metadata.')
            # Range keys as used in 'date_range' etc will not have docs of course
            is_range_key = key.split('.')[-1] in ['gte', 'gt', 'lte', 'lt']
            if not(is_documented(key, expected_fields) or meta_key or is_range_key):
>               raise Exception(
                    f"Key '{key}' found in event ({str(evt)}) is not documented!")
E               Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:18.890Z', 'agent': {'version': '8.13.0', 'ephemeral_id': '1a412876-b7f8-449a-a734-b39eb38872d2', 'id': '795f53be-5af2-416f-bb64-69d1389200a6', 'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162', 'type': 'metricbeat'}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'event': {'dataset': 'redis.info', 'module': 'redis', 'duration': 1309983}, 'ecs': {'version': '8.0.0'}, 'metricset': {'name': 'info', 'period': 5000}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'redis': {'info': {'cpu': {'used': {'sys_children': 0, 'user_children': 0, 'sys': 0.01, 'user': 0.02}}, 'replication': {'master': {'sync': {}, 'offset': 0}, 'slave': {}, 'role': 'master', 'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}}, 'server': {'arch_bits': '64', 'run_id': '1f37f96072ca58460ffb8dee23d4785ee798945a', 'git_sha1': '00000000', 'lru_clock': 8410522, 'gcc_version': '6.4.0', 'hz': 10, 'tcp_port': 6379, 'mode': 'standalone', 'uptime': 2, 'build_id': 'b9a4cd86ce8027d3', 'multiplexing_api': 'epoll', 'git_dirty': '0', 'config_file': ''}, 'slowlog': {'count': 0}, 'clients': {'connected': 1, 'max_output_buffer': 0, 'max_input_buffer': 0, 'blocked': 0}, 'stats': {'keys': {'evicted': 0, 'expired': 0}, 'latest_fork_usec': 0, 'instantaneous': {'ops_per_sec': 0, 'input_kbps': 0, 'output_kbps': 0}, 'keyspace': {'hits': 0, 'misses': 0}, 'active_defrag': {}, 'commands_processed': 0, 'migrate_cached_sockets': 0, 'sync': {'partial': {'ok': 0, 'err': 0}, 'full': 0}, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}, 'pubsub': {'channels': 0, 'patterns': 0}, 'connections': {'received': 3, 'rejected': 0}}, 'commandstats': {}, 'cluster': {'enabled': False}, 'memory': {'max': {'value': 0, 'policy': 'noeviction'}, 'fragmentation': {'ratio': 3.03}, 'active_defrag': {}, 'allocator': 'jemalloc-4.0.3', 'allocator_stats': {'fragmentation': {}, 'rss': {}}, 'used': {'value': 822448, 'rss': 2490368, 'peak': 822448, 'lua': 37888}}, 'persistence': {'rdb': {'bgsave': {'last_status': 'ok', 'in_progress': False, 'last_time': {'sec': -1}, 'current_time': {'sec': -1}}, 'copy_on_write': {}, 'last_save': {'time': 1702909336, 'changes_since': 0}}, 'aof': {'copy_on_write': {}, 'buffer': {}, 'size': {}, 'fsync': {}, 'enabled': False, 'rewrite': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}}, 'loading': False}}}, 'service': {'version': '3.2.12', 'address': 'redis://192.168.144.2:6379', 'type': 'redis'}, 'process': {'pid': 1}}) is not documented!

../libbeat/tests/system/beat/beat.py:822: Exception 

Build&Test / metricbeat-pythonIntegTest / test_info – metricbeat.module.redis.test_redis.Test_1

Expand to view the error details

 Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:26.464Z', 'service': {'version': '4.0.11', 'address': 'redis://192.168.160.2:6379', 'type': 'redis'}, 'process': {'pid': 1}, 'redis': {'info': {'clients': {'blocked': 0, 'connected': 1, 'max_output_buffer': 0, 'max_input_buffer': 0}, 'persistence': {'loading': False, 'rdb': {'last_save': {'changes_since': 0, 'time': 1702909344}, 'bgsave': {'current_time': {'sec': -1}, 'last_status': 'ok', 'in_progress': False, 'last_time': {'sec': -1}}, 'copy_on_write': {'last_size': 0}}, 'aof': {'fsync': {}, 'enabled': False, 'rewrite': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}, 'copy_on_write': {'last_size': 0}, 'buffer': {}, 'size': {}}}, 'commandstats': {}, 'server': {'multiplexing_api': 'epoll', 'gcc_version': '6.4.0', 'run_id': 'da02e9b0d05d06e665701a1e8079617236081549', 'hz': 10, 'config_file': '', 'git_sha1': '00000000', 'build_id': 'f7b13aa754d83881', 'tcp_port': 6379, 'uptime': 2, 'mode': 'standalone', 'lru_clock': 8410530, 'git_dirty': '0', 'arch_bits': '64'}, 'memory': {'fragmentation': {'ratio': 2.93}, 'active_defrag': {'is_running': False}, 'allocator': 'jemalloc-4.0.3', 'allocator_stats': {'fragmentation': {}, 'rss': {}}, 'used': {'dataset': 13138, 'value': 849224, 'rss': 2490368, 'peak': 849224, 'lua': 37888}, 'max': {'value': 0, 'policy': 'noeviction'}}, 'cluster': {'enabled': False}, 'stats': {'keys': {'evicted': 0, 'expired': 0}, 'keyspace': {'hits': 0, 'misses': 0}, 'latest_fork_usec': 0, 'connections': {'received': 3, 'rejected': 0}, 'commands_processed': 0, 'pubsub': {'channels': 0, 'patterns': 0}, 'sync': {'partial': {'ok': 0, 'err': 0}, 'full': 0}, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}, 'instantaneous': {'ops_per_sec': 0, 'input_kbps': 0, 'output_kbps': 0}, 'active_defrag': {'key_hits': 0, 'key_misses': 0, 'hits': 0, 'misses': 0}, 'migrate_cached_sockets': 0, 'slave_expires_tracked_keys': 0}, 'slowlog': {'count': 0}, 'cpu': {'used': {'sys': 0.01, 'user': 0.01, 'sys_children': 0, 'user_children': 0}}, 'replication': {'role': 'master', 'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}, 'master': {'offset': 0, 'second_offset': -1, 'sync': {}}, 'slave': {}}}}, 'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162', 'type': 'metricbeat', 'version': '8.13.0', 'ephemeral_id': 'a9e3fc0e-b476-4890-b1da-fc30cc9c2b2c', 'id': 'a823b8b9-2e0b-441b-9f69-a18b5389fed7'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'event': {'dataset': 'redis.info', 'module': 'redis', 'duration': 1581153}, 'metricset': {'name': 'info', 'period': 5000}, 'ecs': {'version': '8.0.0'}}) is not documented! 

Expand to view the stacktrace

 self = <test_redis.Test_1 testMethod=test_info>

    @unittest.skipUnless(metricbeat.INTEGRATION_TESTS, "integration test")
    @pytest.mark.tag('integration')
    def test_info(self):
        """
        Test redis info metricset
        """
    
        self.render_config_template(modules=[{
            "name": "redis",
            "metricsets": ["info"],
            "hosts": self.get_hosts(),
            "period": "5s"
        }])
        proc = self.start_beat()
        self.wait_until(lambda: self.output_lines() > 0)
        proc.check_kill_and_wait()
        self.assert_no_logged_warnings()
    
        output = self.read_output_json()
        self.assertEqual(len(output), 1)
        evt = output[0]
    
        fields = REDIS_FIELDS + ["process", "os"]
        self.assertCountEqual(self.de_dot(fields), evt.keys())
        redis_info = evt["redis"]["info"]
        self.assertCountEqual(self.de_dot(REDIS_INFO_FIELDS), redis_info.keys())
        self.assertCountEqual(self.de_dot(CLIENTS_FIELDS), redis_info["clients"].keys())
        self.assertCountEqual(self.de_dot(CPU_FIELDS), redis_info["cpu"].keys())
>       self.assert_fields_are_documented(evt)

module/redis/test_redis.py:56: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_redis.Test_1 testMethod=test_info>
evt = {'@timestamp': '2023-12-18T14:22:26.464Z', 'agent': {'ephemeral_id': 'a9e3fc0e-b476-4890-b1da-fc30cc9c2b2c', 'id': 'a8...t', ...}, 'ecs': {'version': '8.0.0'}, 'event': {'dataset': 'redis.info', 'duration': 1581153, 'module': 'redis'}, ...}

    def assert_fields_are_documented(self, evt):
        """
        Assert that all keys present in evt are documented in fields.yml.
        This reads from the global fields.yml, means `mage fields` has to be run before the check.
        """
        expected_fields, dict_fields, aliases = self.load_fields()
        flat = self.flatten_object(evt, dict_fields)
    
        def field_pattern_match(pattern, key):
            pattern_fields = pattern.split(".")
            key_fields = key.split(".")
            if len(pattern_fields) != len(key_fields):
                return False
            for i in range(len(pattern_fields)):
                if pattern_fields[i] == "*":
                    continue
                if pattern_fields[i] != key_fields[i]:
                    return False
            return True
    
        def is_documented(key, docs):
            if key in docs:
                return True
            for pattern in (f for f in docs if "*" in f):
                if field_pattern_match(pattern, key):
                    return True
            return False
    
        for key in flat.keys():
            meta_key = key.startswith('@metadata.')
            # Range keys as used in 'date_range' etc will not have docs of course
            is_range_key = key.split('.')[-1] in ['gte', 'gt', 'lte', 'lt']
            if not(is_documented(key, expected_fields) or meta_key or is_range_key):
>               raise Exception(
                    f"Key '{key}' found in event ({str(evt)}) is not documented!")
E               Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:26.464Z', 'service': {'version': '4.0.11', 'address': 'redis://192.168.160.2:6379', 'type': 'redis'}, 'process': {'pid': 1}, 'redis': {'info': {'clients': {'blocked': 0, 'connected': 1, 'max_output_buffer': 0, 'max_input_buffer': 0}, 'persistence': {'loading': False, 'rdb': {'last_save': {'changes_since': 0, 'time': 1702909344}, 'bgsave': {'current_time': {'sec': -1}, 'last_status': 'ok', 'in_progress': False, 'last_time': {'sec': -1}}, 'copy_on_write': {'last_size': 0}}, 'aof': {'fsync': {}, 'enabled': False, 'rewrite': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}, 'copy_on_write': {'last_size': 0}, 'buffer': {}, 'size': {}}}, 'commandstats': {}, 'server': {'multiplexing_api': 'epoll', 'gcc_version': '6.4.0', 'run_id': 'da02e9b0d05d06e665701a1e8079617236081549', 'hz': 10, 'config_file': '', 'git_sha1': '00000000', 'build_id': 'f7b13aa754d83881', 'tcp_port': 6379, 'uptime': 2, 'mode': 'standalone', 'lru_clock': 8410530, 'git_dirty': '0', 'arch_bits': '64'}, 'memory': {'fragmentation': {'ratio': 2.93}, 'active_defrag': {'is_running': False}, 'allocator': 'jemalloc-4.0.3', 'allocator_stats': {'fragmentation': {}, 'rss': {}}, 'used': {'dataset': 13138, 'value': 849224, 'rss': 2490368, 'peak': 849224, 'lua': 37888}, 'max': {'value': 0, 'policy': 'noeviction'}}, 'cluster': {'enabled': False}, 'stats': {'keys': {'evicted': 0, 'expired': 0}, 'keyspace': {'hits': 0, 'misses': 0}, 'latest_fork_usec': 0, 'connections': {'received': 3, 'rejected': 0}, 'commands_processed': 0, 'pubsub': {'channels': 0, 'patterns': 0}, 'sync': {'partial': {'ok': 0, 'err': 0}, 'full': 0}, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}, 'instantaneous': {'ops_per_sec': 0, 'input_kbps': 0, 'output_kbps': 0}, 'active_defrag': {'key_hits': 0, 'key_misses': 0, 'hits': 0, 'misses': 0}, 'migrate_cached_sockets': 0, 'slave_expires_tracked_keys': 0}, 'slowlog': {'count': 0}, 'cpu': {'used': {'sys': 0.01, 'user': 0.01, 'sys_children': 0, 'user_children': 0}}, 'replication': {'role': 'master', 'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}, 'master': {'offset': 0, 'second_offset': -1, 'sync': {}}, 'slave': {}}}}, 'agent': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162', 'type': 'metricbeat', 'version': '8.13.0', 'ephemeral_id': 'a9e3fc0e-b476-4890-b1da-fc30cc9c2b2c', 'id': 'a823b8b9-2e0b-441b-9f69-a18b5389fed7'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'event': {'dataset': 'redis.info', 'module': 'redis', 'duration': 1581153}, 'metricset': {'name': 'info', 'period': 5000}, 'ecs': {'version': '8.0.0'}}) is not documented!

../libbeat/tests/system/beat/beat.py:822: Exception 

Build&Test / metricbeat-pythonIntegTest / test_info – metricbeat.module.redis.test_redis.Test_2

Expand to view the error details

 Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:34.244Z', 'ecs': {'version': '8.0.0'}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'event': {'dataset': 'redis.info', 'module': 'redis', 'duration': 1314232}, 'metricset': {'name': 'info', 'period': 5000}, 'service': {'version': '5.0.5', 'address': 'redis://192.168.176.2:6379', 'type': 'redis'}, 'process': {'pid': 1}, 'redis': {'info': {'persistence': {'loading': False, 'rdb': {'copy_on_write': {'last_size': 0}, 'last_save': {'time': 1702909352, 'changes_since': 0}, 'bgsave': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'last_status': 'ok', 'in_progress': False}}, 'aof': {'enabled': False, 'rewrite': {'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False, 'last_time': {'sec': -1}}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}, 'copy_on_write': {'last_size': 0}, 'buffer': {}, 'size': {}, 'fsync': {}}}, 'slowlog': {'count': 0}, 'cpu': {'used': {'sys_children': 0.000988, 'user_children': 0.00191, 'sys': 0.014069, 'user': 0.013469}}, 'memory': {'fragmentation': {'ratio': 3.81, 'bytes': 2223400}, 'active_defrag': {'is_running': False}, 'allocator': 'jemalloc-5.1.0', 'allocator_stats': {'active': 1126400, 'resident': 3985408, 'fragmentation': {'bytes': 159304, 'ratio': 1.16}, 'rss': {'ratio': 3.54, 'bytes': 2859008}, 'allocated': 967096}, 'used': {'rss': 3014656, 'peak': 854168, 'lua': 37888, 'dataset': 13234, 'value': 854168}, 'max': {'value': 0, 'policy': 'noeviction'}}, 'replication': {'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}, 'master': {'sync': {}, 'offset': 0, 'second_offset': -1}, 'slave': {}, 'role': 'master'}, 'commandstats': {}, 'server': {'tcp_port': 6379, 'git_sha1': '00000000', 'arch_bits': '64', 'gcc_version': '8.3.0', 'run_id': '4721894cb5b7c7888912d7767c7eefbc081e8287', 'lru_clock': 8410538, 'hz': 10, 'git_dirty': '0', 'build_id': '4d072dc1c62d5672', 'multiplexing_api': 'epoll', 'config_file': '', 'mode': 'standalone', 'uptime': 2}, 'cluster': {'enabled': False}, 'stats': {'slave_expires_tracked_keys': 0, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}, 'pubsub': {'channels': 0, 'patterns': 0}, 'migrate_cached_sockets': 0, 'keyspace': {'misses': 0, 'hits': 0}, 'latest_fork_usec': 0, 'connections': {'received': 3, 'rejected': 0}, 'active_defrag': {'key_hits': 0, 'key_misses': 0, 'hits': 0, 'misses': 0}, 'commands_processed': 0, 'sync': {'full': 0, 'partial': {'err': 0, 'ok': 0}}, 'keys': {'evicted': 0, 'expired': 0}, 'instantaneous': {'output_kbps': 0, 'ops_per_sec': 0, 'input_kbps': 0}}, 'clients': {'max_input_buffer': 0, 'blocked': 0, 'connected': 1, 'max_output_buffer': 0}}}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'agent': {'ephemeral_id': 'f3baa729-d105-4a82-8749-2724e0809055', 'id': '8186dec2-d653-4d72-b210-cce29d663956', 'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162', 'type': 'metricbeat', 'version': '8.13.0'}}) is not documented! 

Expand to view the stacktrace

 self = <test_redis.Test_2 testMethod=test_info>

    @unittest.skipUnless(metricbeat.INTEGRATION_TESTS, "integration test")
    @pytest.mark.tag('integration')
    def test_info(self):
        """
        Test redis info metricset
        """
    
        self.render_config_template(modules=[{
            "name": "redis",
            "metricsets": ["info"],
            "hosts": self.get_hosts(),
            "period": "5s"
        }])
        proc = self.start_beat()
        self.wait_until(lambda: self.output_lines() > 0)
        proc.check_kill_and_wait()
        self.assert_no_logged_warnings()
    
        output = self.read_output_json()
        self.assertEqual(len(output), 1)
        evt = output[0]
    
        fields = REDIS_FIELDS + ["process", "os"]
        self.assertCountEqual(self.de_dot(fields), evt.keys())
        redis_info = evt["redis"]["info"]
        self.assertCountEqual(self.de_dot(REDIS_INFO_FIELDS), redis_info.keys())
        self.assertCountEqual(self.de_dot(CLIENTS_FIELDS), redis_info["clients"].keys())
        self.assertCountEqual(self.de_dot(CPU_FIELDS), redis_info["cpu"].keys())
>       self.assert_fields_are_documented(evt)

module/redis/test_redis.py:56: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_redis.Test_2 testMethod=test_info>
evt = {'@timestamp': '2023-12-18T14:22:34.244Z', 'agent': {'ephemeral_id': 'f3baa729-d105-4a82-8749-2724e0809055', 'id': '81...t', ...}, 'ecs': {'version': '8.0.0'}, 'event': {'dataset': 'redis.info', 'duration': 1314232, 'module': 'redis'}, ...}

    def assert_fields_are_documented(self, evt):
        """
        Assert that all keys present in evt are documented in fields.yml.
        This reads from the global fields.yml, means `mage fields` has to be run before the check.
        """
        expected_fields, dict_fields, aliases = self.load_fields()
        flat = self.flatten_object(evt, dict_fields)
    
        def field_pattern_match(pattern, key):
            pattern_fields = pattern.split(".")
            key_fields = key.split(".")
            if len(pattern_fields) != len(key_fields):
                return False
            for i in range(len(pattern_fields)):
                if pattern_fields[i] == "*":
                    continue
                if pattern_fields[i] != key_fields[i]:
                    return False
            return True
    
        def is_documented(key, docs):
            if key in docs:
                return True
            for pattern in (f for f in docs if "*" in f):
                if field_pattern_match(pattern, key):
                    return True
            return False
    
        for key in flat.keys():
            meta_key = key.startswith('@metadata.')
            # Range keys as used in 'date_range' etc will not have docs of course
            is_range_key = key.split('.')[-1] in ['gte', 'gt', 'lte', 'lt']
            if not(is_documented(key, expected_fields) or meta_key or is_range_key):
>               raise Exception(
                    f"Key '{key}' found in event ({str(evt)}) is not documented!")
E               Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:34.244Z', 'ecs': {'version': '8.0.0'}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'event': {'dataset': 'redis.info', 'module': 'redis', 'duration': 1314232}, 'metricset': {'name': 'info', 'period': 5000}, 'service': {'version': '5.0.5', 'address': 'redis://192.168.176.2:6379', 'type': 'redis'}, 'process': {'pid': 1}, 'redis': {'info': {'persistence': {'loading': False, 'rdb': {'copy_on_write': {'last_size': 0}, 'last_save': {'time': 1702909352, 'changes_since': 0}, 'bgsave': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'last_status': 'ok', 'in_progress': False}}, 'aof': {'enabled': False, 'rewrite': {'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False, 'last_time': {'sec': -1}}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}, 'copy_on_write': {'last_size': 0}, 'buffer': {}, 'size': {}, 'fsync': {}}}, 'slowlog': {'count': 0}, 'cpu': {'used': {'sys_children': 0.000988, 'user_children': 0.00191, 'sys': 0.014069, 'user': 0.013469}}, 'memory': {'fragmentation': {'ratio': 3.81, 'bytes': 2223400}, 'active_defrag': {'is_running': False}, 'allocator': 'jemalloc-5.1.0', 'allocator_stats': {'active': 1126400, 'resident': 3985408, 'fragmentation': {'bytes': 159304, 'ratio': 1.16}, 'rss': {'ratio': 3.54, 'bytes': 2859008}, 'allocated': 967096}, 'used': {'rss': 3014656, 'peak': 854168, 'lua': 37888, 'dataset': 13234, 'value': 854168}, 'max': {'value': 0, 'policy': 'noeviction'}}, 'replication': {'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}, 'master': {'sync': {}, 'offset': 0, 'second_offset': -1}, 'slave': {}, 'role': 'master'}, 'commandstats': {}, 'server': {'tcp_port': 6379, 'git_sha1': '00000000', 'arch_bits': '64', 'gcc_version': '8.3.0', 'run_id': '4721894cb5b7c7888912d7767c7eefbc081e8287', 'lru_clock': 8410538, 'hz': 10, 'git_dirty': '0', 'build_id': '4d072dc1c62d5672', 'multiplexing_api': 'epoll', 'config_file': '', 'mode': 'standalone', 'uptime': 2}, 'cluster': {'enabled': False}, 'stats': {'slave_expires_tracked_keys': 0, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}, 'pubsub': {'channels': 0, 'patterns': 0}, 'migrate_cached_sockets': 0, 'keyspace': {'misses': 0, 'hits': 0}, 'latest_fork_usec': 0, 'connections': {'received': 3, 'rejected': 0}, 'active_defrag': {'key_hits': 0, 'key_misses': 0, 'hits': 0, 'misses': 0}, 'commands_processed': 0, 'sync': {'full': 0, 'partial': {'err': 0, 'ok': 0}}, 'keys': {'evicted': 0, 'expired': 0}, 'instantaneous': {'output_kbps': 0, 'ops_per_sec': 0, 'input_kbps': 0}}, 'clients': {'max_input_buffer': 0, 'blocked': 0, 'connected': 1, 'max_output_buffer': 0}}}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'agent': {'ephemeral_id': 'f3baa729-d105-4a82-8749-2724e0809055', 'id': '8186dec2-d653-4d72-b210-cce29d663956', 'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162', 'type': 'metricbeat', 'version': '8.13.0'}}) is not documented!

../libbeat/tests/system/beat/beat.py:822: Exception 

Build&Test / metricbeat-pythonIntegTest / test_info – metricbeat.module.redis.test_redis.Test_3

Expand to view the error details

 Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:41.879Z', 'redis': {'info': {'server': {'tcp_port': 6379, 'arch_bits': '64', 'mode': 'standalone', 'uptime': 2, 'git_dirty': '0', 'run_id': '8761ba375cac79b29e40a8f44b5f517309e224e8', 'config_file': '', 'lru_clock': 8410545, 'gcc_version': '10.3.1', 'multiplexing_api': 'epoll', 'git_sha1': '00000000', 'build_id': '63421500bb103677', 'hz': 10}, 'clients': {'connected': 1, 'max_output_buffer': 0, 'max_input_buffer': 0, 'blocked': 0}, 'replication': {'master': {'offset': 0, 'second_offset': -1, 'sync': {}}, 'slave': {}, 'role': 'master', 'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}}, 'memory': {'allocator': 'jemalloc-5.1.0', 'allocator_stats': {'resident': 4091904, 'fragmentation': {'ratio': 1.16, 'bytes': 173736}, 'rss': {'ratio': 3.32, 'bytes': 2859008}, 'allocated': 1059160, 'active': 1232896}, 'used': {'dataset': 63760, 'value': 873640, 'rss': 6160384, 'peak': 873640, 'lua': 37888}, 'max': {'value': 0, 'policy': 'noeviction'}, 'fragmentation': {'ratio': 7.61, 'bytes': 5350488}, 'active_defrag': {'is_running': False}}, 'commandstats': {}, 'cluster': {'enabled': False}, 'slowlog': {'count': 0}, 'cpu': {'used': {'sys': 0.012715, 'user': 0.019826, 'sys_children': 0, 'user_children': 0.003131}}, 'persistence': {'rdb': {'bgsave': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'last_status': 'ok', 'in_progress': False}, 'copy_on_write': {'last_size': 0}, 'last_save': {'time': 1702909359, 'changes_since': 0}}, 'aof': {'rewrite': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}, 'copy_on_write': {'last_size': 0}, 'buffer': {}, 'size': {}, 'fsync': {}, 'enabled': False}, 'loading': False}, 'stats': {'slave_expires_tracked_keys': 0, 'sync': {'partial': {'ok': 0, 'err': 0}, 'full': 0}, 'keys': {'expired': 0, 'evicted': 0}, 'keyspace': {'misses': 0, 'hits': 0}, 'pubsub': {'patterns': 0, 'channels': 0}, 'latest_fork_usec': 0, 'active_defrag': {'hits': 0, 'misses': 0, 'key_hits': 0, 'key_misses': 0}, 'connections': {'received': 3, 'rejected': 0}, 'commands_processed': 0, 'migrate_cached_sockets': 0, 'instantaneous': {'output_kbps': 0, 'ops_per_sec': 0, 'input_kbps': 0}, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}}}}, 'service': {'version': '6.2.6', 'address': 'redis://192.168.192.2:6379', 'type': 'redis'}, 'process': {'pid': 1}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'event': {'module': 'redis', 'duration': 1639051, 'dataset': 'redis.info'}, 'metricset': {'name': 'info', 'period': 5000}, 'ecs': {'version': '8.0.0'}, 'agent': {'type': 'metricbeat', 'version': '8.13.0', 'ephemeral_id': 'ec8c6fcb-f236-4b4f-aa6f-ff0f950ef9d8', 'id': 'e8f3e1d0-df8a-4bb4-8895-1516d9c9b5d2', 'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}}) is not documented! 

Expand to view the stacktrace

 self = <test_redis.Test_3 testMethod=test_info>

    @unittest.skipUnless(metricbeat.INTEGRATION_TESTS, "integration test")
    @pytest.mark.tag('integration')
    def test_info(self):
        """
        Test redis info metricset
        """
    
        self.render_config_template(modules=[{
            "name": "redis",
            "metricsets": ["info"],
            "hosts": self.get_hosts(),
            "period": "5s"
        }])
        proc = self.start_beat()
        self.wait_until(lambda: self.output_lines() > 0)
        proc.check_kill_and_wait()
        self.assert_no_logged_warnings()
    
        output = self.read_output_json()
        self.assertEqual(len(output), 1)
        evt = output[0]
    
        fields = REDIS_FIELDS + ["process", "os"]
        self.assertCountEqual(self.de_dot(fields), evt.keys())
        redis_info = evt["redis"]["info"]
        self.assertCountEqual(self.de_dot(REDIS_INFO_FIELDS), redis_info.keys())
        self.assertCountEqual(self.de_dot(CLIENTS_FIELDS), redis_info["clients"].keys())
        self.assertCountEqual(self.de_dot(CPU_FIELDS), redis_info["cpu"].keys())
>       self.assert_fields_are_documented(evt)

module/redis/test_redis.py:56: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_redis.Test_3 testMethod=test_info>
evt = {'@timestamp': '2023-12-18T14:22:41.879Z', 'agent': {'ephemeral_id': 'ec8c6fcb-f236-4b4f-aa6f-ff0f950ef9d8', 'id': 'e8...t', ...}, 'ecs': {'version': '8.0.0'}, 'event': {'dataset': 'redis.info', 'duration': 1639051, 'module': 'redis'}, ...}

    def assert_fields_are_documented(self, evt):
        """
        Assert that all keys present in evt are documented in fields.yml.
        This reads from the global fields.yml, means `mage fields` has to be run before the check.
        """
        expected_fields, dict_fields, aliases = self.load_fields()
        flat = self.flatten_object(evt, dict_fields)
    
        def field_pattern_match(pattern, key):
            pattern_fields = pattern.split(".")
            key_fields = key.split(".")
            if len(pattern_fields) != len(key_fields):
                return False
            for i in range(len(pattern_fields)):
                if pattern_fields[i] == "*":
                    continue
                if pattern_fields[i] != key_fields[i]:
                    return False
            return True
    
        def is_documented(key, docs):
            if key in docs:
                return True
            for pattern in (f for f in docs if "*" in f):
                if field_pattern_match(pattern, key):
                    return True
            return False
    
        for key in flat.keys():
            meta_key = key.startswith('@metadata.')
            # Range keys as used in 'date_range' etc will not have docs of course
            is_range_key = key.split('.')[-1] in ['gte', 'gt', 'lte', 'lt']
            if not(is_documented(key, expected_fields) or meta_key or is_range_key):
>               raise Exception(
                    f"Key '{key}' found in event ({str(evt)}) is not documented!")
E               Exception: Key 'os.full' found in event ({'@timestamp': '2023-12-18T14:22:41.879Z', 'redis': {'info': {'server': {'tcp_port': 6379, 'arch_bits': '64', 'mode': 'standalone', 'uptime': 2, 'git_dirty': '0', 'run_id': '8761ba375cac79b29e40a8f44b5f517309e224e8', 'config_file': '', 'lru_clock': 8410545, 'gcc_version': '10.3.1', 'multiplexing_api': 'epoll', 'git_sha1': '00000000', 'build_id': '63421500bb103677', 'hz': 10}, 'clients': {'connected': 1, 'max_output_buffer': 0, 'max_input_buffer': 0, 'blocked': 0}, 'replication': {'master': {'offset': 0, 'second_offset': -1, 'sync': {}}, 'slave': {}, 'role': 'master', 'connected_slaves': 0, 'backlog': {'active': 0, 'size': 1048576, 'first_byte_offset': 0, 'histlen': 0}}, 'memory': {'allocator': 'jemalloc-5.1.0', 'allocator_stats': {'resident': 4091904, 'fragmentation': {'ratio': 1.16, 'bytes': 173736}, 'rss': {'ratio': 3.32, 'bytes': 2859008}, 'allocated': 1059160, 'active': 1232896}, 'used': {'dataset': 63760, 'value': 873640, 'rss': 6160384, 'peak': 873640, 'lua': 37888}, 'max': {'value': 0, 'policy': 'noeviction'}, 'fragmentation': {'ratio': 7.61, 'bytes': 5350488}, 'active_defrag': {'is_running': False}}, 'commandstats': {}, 'cluster': {'enabled': False}, 'slowlog': {'count': 0}, 'cpu': {'used': {'sys': 0.012715, 'user': 0.019826, 'sys_children': 0, 'user_children': 0.003131}}, 'persistence': {'rdb': {'bgsave': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'last_status': 'ok', 'in_progress': False}, 'copy_on_write': {'last_size': 0}, 'last_save': {'time': 1702909359, 'changes_since': 0}}, 'aof': {'rewrite': {'last_time': {'sec': -1}, 'current_time': {'sec': -1}, 'buffer': {}, 'in_progress': False, 'scheduled': False}, 'bgrewrite': {'last_status': 'ok'}, 'write': {'last_status': 'ok'}, 'copy_on_write': {'last_size': 0}, 'buffer': {}, 'size': {}, 'fsync': {}, 'enabled': False}, 'loading': False}, 'stats': {'slave_expires_tracked_keys': 0, 'sync': {'partial': {'ok': 0, 'err': 0}, 'full': 0}, 'keys': {'expired': 0, 'evicted': 0}, 'keyspace': {'misses': 0, 'hits': 0}, 'pubsub': {'patterns': 0, 'channels': 0}, 'latest_fork_usec': 0, 'active_defrag': {'hits': 0, 'misses': 0, 'key_hits': 0, 'key_misses': 0}, 'connections': {'received': 3, 'rejected': 0}, 'commands_processed': 0, 'migrate_cached_sockets': 0, 'instantaneous': {'output_kbps': 0, 'ops_per_sec': 0, 'input_kbps': 0}, 'net': {'input': {'bytes': 23}, 'output': {'bytes': 0}}}}}, 'service': {'version': '6.2.6', 'address': 'redis://192.168.192.2:6379', 'type': 'redis'}, 'process': {'pid': 1}, 'os': {'full': 'Linux 6.2.0-1019-gcp x86_64'}, 'host': {'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}, 'event': {'module': 'redis', 'duration': 1639051, 'dataset': 'redis.info'}, 'metricset': {'name': 'info', 'period': 5000}, 'ecs': {'version': '8.0.0'}, 'agent': {'type': 'metricbeat', 'version': '8.13.0', 'ephemeral_id': 'ec8c6fcb-f236-4b4f-aa6f-ff0f950ef9d8', 'id': 'e8f3e1d0-df8a-4bb4-8895-1516d9c9b5d2', 'name': 'beats-ci-immutable-ubuntu-2204-1702906757982157162'}}) is not documented!

../libbeat/tests/system/beat/beat.py:822: Exception 

Build&Test / x-pack/auditbeat-rhel-9-rhel-9 / test_export_index_pattern – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001347bb8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc001347bb8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / x-pack/auditbeat-rhel-9-rhel-9 / test_export_index_pattern_migration – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0013b9078 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0013b9078 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / x-pack/auditbeat-build / test_export_index_pattern – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0014e22f8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0014e22f8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / x-pack/auditbeat-build / test_export_index_pattern_migration – x-pack.auditbeat.tests.system.test_exports.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0018114c8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_exports.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_exports.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0018114c8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-rhel-9-rhel-9 / test_export_index_pattern – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0002331a8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern>

    def test_export_index_pattern(self):
        """
        Test that the index-pattern can be exported with `export index-pattern`
        """
>       output = self.run_export_cmd("index-pattern")

../libbeat/tests/system/beat/common_tests.py:72: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern>
cmd = 'index-pattern', extra = []

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc0002331a8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Build&Test / auditbeat-rhel-9-rhel-9 / test_export_index_pattern_migration – auditbeat.tests.system.test_base.Test

Expand to view the error details

 Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000fa81e8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
warning: GOCOVERDIR not set, no coverage data emitted 

Expand to view the stacktrace

 self = <test_base.Test testMethod=test_export_index_pattern_migration>

    def test_export_index_pattern_migration(self):
        """
        Test that the index-pattern can be exported with `export index-pattern` (migration enabled)
        """
>       output = self.run_export_cmd("index-pattern", extra=['-E', 'migration.6_to_7.enabled=true'])

../libbeat/tests/system/beat/common_tests.py:85: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_base.Test testMethod=test_export_index_pattern_migration>
cmd = 'index-pattern', extra = ['-E', 'migration.6_to_7.enabled=true']

    def run_export_cmd(self, cmd, extra=[]):
        """
        Runs the given export command and returns the output as a string.
        Raises an exception if the command fails.
        :param cmd: the export command
        :param extra: Extra arguments (optional)
        :return: The output as a string.
        """
        self.render_config_template()
    
        args = ["export", cmd]
        if len(extra) != 0:
            args += extra
        exit_code = self.run_beat(extra_args=args, logging_args=[])
        output = self.get_log()
        if exit_code != 0:
>           raise Exception("export command returned with an error: {}".format(output))
E           Exception: export command returned with an error: Error generating Index Pattern: field <file.elf.go_imports> is duplicated, remove it or set 'overwrite: true', {Name:go_imports Type:flattened Description:List of imported Go language element names and types. Format: Fields:[] MultiFields:[] Enabled:<nil> Analyzer:{Name: Definition:<nil>} SearchAnalyzer:{Name: Definition:<nil>} Norms:false Dynamic:{Value:<nil>} Index:<nil> DocValues:<nil> CopyTo: IgnoreAbove:1024 AliasPath: MigrationAlias:false Dimension:<nil> DynamicTemplate:false Unit: MetricType: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed:<nil> Count:0 Searchable:<nil> Aggregatable:<nil> Script: Pattern: InputFormat: OutputFormat: OutputPrecision:<nil> LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab:<nil> Overwrite:false DefaultField:0xc000fa81e8 Path:file.elf.go_imports}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"file.elf.go_imports","scripted":false,"searchable":true}.
E           warning: GOCOVERDIR not set, no coverage data emitted

../libbeat/tests/system/beat/common_tests.py:38: Exception 

Steps errors

Expand to view the steps failures

Show only the first 10 steps failures

x-pack/filebeat-unitTest - mage build unitTest

• Took 3 min 16 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-unitTest - mage build unitTest

• Took 3 min 11 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 10 min 53 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 4 min 41 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2022-windows-2022 - mage build unitTest

• Took 4 min 38 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 10 min 50 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 4 min 43 sec . View more details here
• Description: mage build unitTest

x-pack/filebeat-windows-2016-windows-2016 - mage build unitTest

• Took 4 min 47 sec . View more details here
• Description: mage build unitTest

x-pack/metricbeat-goIntegTest - mage goIntegTest

• Took 15 min 24 sec . View more details here
• Description: mage goIntegTest

Error signal

• Took 0 min 0 sec . View more details here
• Description: Error 'hudson.AbortException: script returned exit code 1'

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

Either there was a build timeout or someone aborted the build.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 202 min 6 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 147 min 14 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-19T09:17:37.828+0000

• Duration: 151 min 27 sec

Test stats 🧪

Test	Results
Failed	0
Passed	28724
Skipped	2015
Total	30739

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

Either there was a build timeout or someone aborted the build.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 59 min 3 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

Either there was a build timeout or someone aborted the build.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 50 min 26 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-20T09:05:49.264+0000

• Duration: 148 min 59 sec

Test stats 🧪

Test	Results
Failed	0
Passed	28724
Skipped	2015
Total	30739

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[leehinman]

I don't think it must be true that euid != 0 has no capabilities. If that were to be not true in CI, that could lead to an interesting debugging scenario. Can this be reworked or mock out the os.Geteuid() call?

[haesbaert]

Indeed, you can still have capabilities as a non-root user, I've added the comment to reflect that, I guess it's just rare enough that we could live with it.
I can't think of a good way to mock it, one way would be to drop all capabilities that are "Effective & Permitted", then test Effective for empty and restore the old set, but this is too impure and doesn't sound very appealing to me.
I'd either leave it and improve the comment or just remove it all together, let me know what you think.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2024-01-09T12:24:54.296+0000

• Duration: 149 min 11 sec

Test stats 🧪

Test	Results
Failed	0
Passed	28752
Skipped	2015
Total	30767

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 150 min 57 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b newcaps upstream/newcaps
git merge upstream/main
git push upstream newcaps

[pierrehilbert]

@haesbaert is it ready for another review?

[haesbaert]

@haesbaert is it ready for another review?

Yes, nothing considerable changed, I've pinged @andrewkroh to get his input on the CAP_ALL semantics. I've also spoken to Dan about just removing CAP_ALL in order to make this PR go forward and then bring it in a subsequent PR.
I've also got the bits for the process processor ready once this is in.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 148 min 32 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[haesbaert]

I have removed the CAP_ALL optimization the interesting of expediting this PR, I think it makes more sense to get this in on an easy to review PR and then discuss CAP_ALL later, as I also have the process processor implementation to get in after this.
Also minor improvements:

• beats is in Go 1.21 so we can use the generic errors.ErrNotSupported instead of rolling our own
• stop trying to get capabilities for kernel process as we're just about to discard them from the set

[Tacklebox]

Looks 👍

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 147 min 6 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @haesbaert? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit