[elastic_agent]: Set event.module for all datasets in this integration
#13897
Labels
Integration:elastic_agent
Elastic Agent
needs:triage
Team:Elastic-Agent
Platform - Ingest - Agent [elastic/elastic-agent]
Comments
andrewkroh
added
the
Team:Elastic-Agent
|
Pinging @elastic/elastic-agent (Team:Elastic-Agent) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Integration Name
Elastic Agent [elastic_agent]
Dataset Name
All
Integration Version
Latest
Agent Version
Latest
OS Version and Architecture
N/A
User Goal
Many other integrations set the
event.modulefield to indicate the integration name, especially when there are multiple datasets within an integration. User has alert rules setup based on the agent & module combination, though since this field is not populated, the alerts don't work the as as for other integrations. Ideal situation would be forevent.moduleto be set toelastic_agentfor all datasets within this integration.Existing Features
It possible to setup custom component templates, though as this integration has many data streams, it's a bit cumbersome to apply, and the current behavior is different from many other integrations that set a value out of the box.
What did you see?
n/a
Anything else?
This issue was raised by support on behalf of a customer.
The text was updated successfully, but these errors were encountered: