produced an unexpected new value: .input[1].streams_json: inconsistent values for sensitive │ attribute. #889
Description
Hi im having some issues determining what inconsistent sensitive values it is referring to.
I was only hoping to update processors. I have (i tihnk) replicated the values of the others vars into terraform
resource "elasticstack_fleet_integration_policy" "kubernetes_policy_integration_policy" {
name = "kubernetes-1"
namespace = "default"
description = "kubernetes-1"
agent_policy_id = elasticstack_fleet_agent_policy.eck_agent_policy.policy_id
integration_name = elasticstack_fleet_integration.kubernetes_integration.name
integration_version = elasticstack_fleet_integration.kubernetes_integration.version
input {
enabled = false
input_id = "audit-logs-filestream"
}
input {
enabled = true
input_id = "container-logs-filestream"
streams_json = jsonencode({
"kubernetes.container_logs" : {
"vars" : {
"paths" : ["/var/log/containers/*$${kubernetes.container.id}.log"],
"symlinks" : true,
"containerParserStream" : "all",
"containerParserFormat" : "auto",
"data_stream.dataset" : "kubernetes.container_logs",
"additionalParsersConfig" : "#",
"custom" : "",
"processors" : <<YAML
- if:
equals.kubernetes.labels.log-json-decode: "true"
then:
- decode_json_fields:
fields: ["message"]
process_array: false
max_depth: 5
target: "custom_json"
overwrite_keys: true
add_error_key: true
YAML
}
}
})
}
input {
enabled = true
input_id = "events-kubernetes/metrics"
}
input {
enabled = true
input_id = "kube-apiserver-kubernetes/metrics"
}
input {
enabled = false
input_id = "kube-controller-manager-kubernetes/metrics"
}
input {
enabled = true
input_id = "kube-proxy-kubernetes/metrics"
}
input {
enabled = false
input_id = "kube-scheduler-kubernetes/metrics"
}
input {
enabled = true
input_id = "kube-state-metrics-kubernetes/metrics"
}
input {
enabled = true
input_id = "kubelet-kubernetes/metrics"
}
}
agent policy
"type": "filestream",
"policy_template": "container-logs",
"enabled": true,
"streams": [
{
"enabled": true,
"data_stream": {
"type": "logs",
"dataset": "kubernetes.container_logs",
"elasticsearch": {
"dynamic_dataset": true,
"dynamic_namespace": true
}
},
"vars": {
"paths": {
"value": [
"/var/log/containers/*${kubernetes.container.id}.log"
],
"type": "text"
},
"symlinks": {
"value": true,
"type": "bool"
},
"data_stream.dataset": {
"value": "kubernetes.container_logs",
"type": "text"
},
"containerParserStream": {
"value": "all",
"type": "text"
},
"containerParserFormat": {
"value": "auto",
"type": "text"
},
"condition": {
"type": "text"
},
"additionalParsersConfig": {
"value": "#",
"type": "yaml"
},
"processors": {
"value": """- if:
equals.kubernetes.labels.log-json-decode: "true"
then:
- decode_json_fields:
fields: ["message"]
process_array: false
max_depth: 5
target: "custom_json"
overwrite_keys: true
add_error_key: true
""",
"type": "yaml"
},
"custom": {
"value": "",
"type": "yaml"
}
},
"id": "filestream-kubernetes.container_logs-80ac6a45-8049-4aac-a77b-e6ba648bb27f",
"compiled_stream": {
"id": "kubernetes-container-logs-${kubernetes.pod.name}-${kubernetes.container.id}",
"paths": [
"/var/log/containers/*${kubernetes.container.id}.log"
],
"data_stream": {
"dataset": "kubernetes.container_logs"
},
"prospector": {
"scanner": {
"fingerprint.enabled": true,
"symlinks": true
}
},
"file_identity.fingerprint": null,
"parsers": [
{
"container": {
"stream": "all",
"format": "auto"
}
}
],
"processors": [
{
"add_fields": {
"target": "kubernetes",
"fields": {
"annotations.elastic_co/dataset": """${kubernetes.annotations.elastic.co/dataset|""}""",
"annotations.elastic_co/namespace": """${kubernetes.annotations.elastic.co/namespace|""}""",
"annotations.elastic_co/preserve_original_event": """${kubernetes.annotations.elastic.co/preserve_original_event|""}"""
}
}
},
{
"drop_fields": {
"fields": [
"kubernetes.annotations.elastic_co/dataset"
],
"when": {
"equals": {
"kubernetes.annotations.elastic_co/dataset": ""
}
},
"ignore_missing": true
}
},
{
"drop_fields": {
"fields": [
"kubernetes.annotations.elastic_co/namespace"
],
"when": {
"equals": {
"kubernetes.annotations.elastic_co/namespace": ""
}
},
"ignore_missing": true
}
},
{
"drop_fields": {
"fields": [
"kubernetes.annotations.elastic_co/preserve_original_event"
],
"when": {
"equals": {
"kubernetes.annotations.elastic_co/preserve_original_event": ""
}
},
"ignore_missing": true
}
},
{
"add_tags": {
"tags": [
"preserve_original_event"
],
"when": {
"and": [
{
"has_fields": [
"kubernetes.annotations.elastic_co/preserve_original_event"
]
},
{
"regexp": {
"kubernetes.annotations.elastic_co/preserve_original_event": "^(?i)true$"
}
}
]
}
}
},
{
"if": {
"equals.kubernetes.labels.log-json-decode": "true"
},
"then": [
{
"decode_json_fields": {
"fields": [
"message"
],
"process_array": false,
"max_depth": 5,
"target": "custom_json",
"overwrite_keys": true,
"add_error_key": true
}
}
]
}
]
}
}
]
},
{
"type": "filestream",
"policy_template": "audit-logs",
"enabled": false,
"streams": [
{
"enabled": false,
"data_stream": {
"type": "logs",
"dataset": "kubernetes.audit_logs"
},
"vars": {
"paths": {
"value": [
"/var/log/kubernetes/kube-apiserver-audit.log"
],
"type": "text"
},
"processors": {
"type": "yaml"
},
"condition": {
"type": "text"
}
},
"id": "filestream-kubernetes.audit_logs-80ac6a45-8049-4aac-a77b-e6ba648bb27f"
}
]
}
],
"revision": 15,
"created_at": "2024-10-24T09:27:10.192Z",
"created_by": "system",
"updated_at": "2024-10-31T15:02:18.203Z",
"updated_by": "elastic",
"vars": {}
}