Merged
Conversation
botelastic
bot
added
the
needs_team
Contributor
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
botelastic
bot
removed
the
needs_team
Contributor
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
Contributor
|
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
faec
added
the
backport-active-all
faec
commented
Aug 4, 2025
mauri870
approved these changes
Aug 4, 2025
Member
mauri870
left a comment
mauri870
left a comment
There was a problem hiding this comment.
Thanks for fixing this! I don't see anything wrong with the code, but I'm not experienced enough with Winlogbeat to give detailed feedback. Appreciate you adding a test.
…running standalone winlogbeat
nfritts
approved these changes
Aug 4, 2025
faec
commented
Aug 4, 2025
leehinman
reviewed
Aug 4, 2025
leehinman
approved these changes
Aug 4, 2025
Contributor
|
@Mergifyio backport 8.17 8.18 8.19 9.0 9.1 |
Contributor
✅ Backports have been createdDetails
|
mergify bot
pushed a commit
that referenced
this pull request
Aug 4, 2025
Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) # Conflicts: # libbeat/monitoring/inputmon/httphandler.go # libbeat/monitoring/inputmon/input_test.go # winlogbeat/beater/eventlogger.go # winlogbeat/eventlog/metrics.go # winlogbeat/eventlog/wineventlog.go
mergify bot
pushed a commit
that referenced
this pull request
Aug 4, 2025
Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) # Conflicts: # filebeat/input/winlog/input.go # libbeat/monitoring/inputmon/httphandler.go # libbeat/monitoring/inputmon/input_test.go # winlogbeat/beater/eventlogger.go # winlogbeat/eventlog/metrics.go # winlogbeat/eventlog/runner.go # winlogbeat/eventlog/wineventlog.go
6 tasks
mergify bot
pushed a commit
that referenced
this pull request
Aug 4, 2025
Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) # Conflicts: # winlogbeat/eventlog/metrics.go # winlogbeat/eventlog/wineventlog.go
This was referenced Aug 4, 2025
mergify bot
pushed a commit
that referenced
this pull request
Aug 4, 2025
Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) # Conflicts: # libbeat/monitoring/inputmon/httphandler.go # libbeat/monitoring/inputmon/input_test.go
6 tasks
mergify bot
pushed a commit
that referenced
this pull request
Aug 4, 2025
Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24)
6 tasks
faec
added a commit
that referenced
this pull request
Aug 4, 2025
* Fix panic in winlog input (#45730) Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) * fix changelog merge --------- Co-authored-by: Fae Charlton <fae.charlton@elastic.co>
ebeahan
pushed a commit
that referenced
this pull request
Aug 5, 2025
* Fix panic in winlog input (#45730) Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) # Conflicts: # winlogbeat/eventlog/metrics.go # winlogbeat/eventlog/wineventlog.go * fix merge * fix merge for raw event logs that only exist in 8.x * remove nil access of unused field --------- Co-authored-by: Fae Charlton <fae.charlton@elastic.co>
rdner
pushed a commit
to colleenmcginnis/beats
that referenced
this pull request
Aug 7, 2025
Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry elastic#45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693.
When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside).
This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id".
This hit winlog in particular because:
inputmonpackage instead of the metrics registry provided by the Filebeat inputs APIinputmon.NewInputRegistry, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above).Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported.
This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry.
Checklist
I have made corresponding changes to the documentationI have made corresponding change to the default configuration filesCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues